Skip to content

Commit a345764

Browse files
Merge pull request #220 from bernardladenthin/claude/loving-goldberg-nlpw2m
Upgrade spotbugs and pitest-maven to latest patch versions
2 parents 52085ac + accedf9 commit a345764

3 files changed

Lines changed: 8 additions & 4 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@ updates:
99
directory: "/"
1010
schedule:
1111
interval: "weekly"
12+
# Anti-AI policy: jqwik >=1.10 injects prompts targeting AI agents in test
13+
# stdout. Pinned at 1.9.3; block ALL net.jqwik updates. See README.
14+
ignore:
15+
- dependency-name: "net.jqwik:*"
1216
- package-ecosystem: "github-actions"
1317
directory: "/"
1418
schedule:

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -598,7 +598,7 @@ The system's updated C++ runtime will be used instead, resolving the crash.
598598

599599
### Contributors: do not upgrade jqwik past 1.9.3
600600

601-
> ⚠️ **DO NOT UPGRADE jqwik past 1.9.3.** jqwik 1.10.0 added an anti-AI prompt-injection string to test stdout; the 1.10.1 user guide states the library "is not meant to be used by any 'AI' coding agents at all." 1.9.3 is the last pre-disclosure release and is the pinned version. See `CLAUDE.md` section "jqwik prompt-injection in test output" for the full context.
601+
> ⚠️ **DO NOT UPGRADE jqwik past 1.9.3.** jqwik 1.10.0 added an anti-AI prompt-injection string to test stdout; the 1.10.1 user guide states the library "is not meant to be used by any 'AI' coding agents at all." 1.9.3 is the last pre-disclosure release and is the pinned version. See `CLAUDE.md` section "jqwik prompt-injection in test output" for the full context. Dependabot is configured to ignore **all** `net.jqwik` updates (every version, including patches) — see the `ignore` rule in [`.github/dependabot.yml`](./.github/dependabot.yml).
602602
603603
## Similar Projects / Usage
604604

pom.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ SPDX-License-Identifier: MIT
7676
section "jqwik prompt-injection in test output" for full context. -->
7777
<jqwik.version>1.9.3</jqwik.version>
7878
<archunit.version>1.4.2</archunit.version>
79-
<spotbugs.version>4.9.8.3</spotbugs.version>
79+
<spotbugs.version>4.9.8.4</spotbugs.version>
8080
<fb-contrib.version>7.7.4</fb-contrib.version>
8181
<findsecbugs.version>1.14.0</findsecbugs.version>
8282
<spotless.version>3.6.0</spotless.version>
@@ -296,7 +296,7 @@ SPDX-License-Identifier: MIT
296296
<plugin>
297297
<groupId>org.pitest</groupId>
298298
<artifactId>pitest-maven</artifactId>
299-
<version>1.25.3</version>
299+
<version>1.25.4</version>
300300
</plugin>
301301
<plugin>
302302
<groupId>org.sonatype.central</groupId>
@@ -643,7 +643,7 @@ SPDX-License-Identifier: MIT
643643
mutation parity, gated at a 100% threshold on every CI build. Expand
644644
the targetClasses globs as further packages reach parity (see README
645645
TODO). The value/ and exception/ trees are at 100% (verified with
646-
pitest-maven 1.25.3); their unit tests are pure-Java (no native
646+
pitest-maven 1.25.4); their unit tests are pure-Java (no native
647647
libjllama / model file needed).
648648
-->
649649
<groupId>org.pitest</groupId>

0 commit comments

Comments
 (0)