Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• chore(deps): update actions/cache digest to 0057852
• chore(deps): update actions/checkout digest to 93cb6ef
• chore(deps): update actions/setup-java digest to ad2b381
• chore(deps): update googleapis/release-please-action digest to 5c625bf
• chore(deps): update providers/flagd/schemas digest to eeac7c7
• chore(deps): update providers/flagd/spec digest to 203c25f
• chore(deps): update tools/flagd-core/schemas digest to eeac7c7
• chore(deps): update dependency com.configcat:configcat-java-client to v9.4.4
• chore(deps): update dependency com.vmlens:vmlens-maven-plugin to v1.2.28
• chore(deps): update dependency io.github.gzsombor:json-logic-java to v1.1.6
• chore(deps): update dependency io.reactivex.rxjava3:rxjava to v3.1.12
• chore(deps): update dependency maven to v3.9.16
• chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.5.6
• chore(deps): update dependency org.codehaus.mojo:flatten-maven-plugin to v1.7.3
• chore(deps): update dependency org.projectlombok:lombok to v1.18.46
• chore(deps): update junit-framework monorepo to v5.14.4 (org.junit.jupiter:junit-jupiter, org.junit:junit-bom)
• chore(deps): update slf4j monorepo to v2.0.18 (org.slf4j:slf4j-simple, org.slf4j:slf4j-api)
• chore(deps): update testcontainers-java monorepo to v2.0.5 (org.testcontainers:testcontainers-junit-jupiter, org.testcontainers:testcontainers)
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3.7.0
• chore(deps): update dependency com.github.spotbugs:spotbugs to v4.10.2
• chore(deps): update dependency com.github.spotbugs:spotbugs-annotations to v4.10.2
• chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.10.2.0
• chore(deps): update dependency com.google.cloud:libraries-bom to v26.84.0
• chore(deps): update dependency com.google.code.gson:gson to v2.14.0
• chore(deps): update dependency com.optimizely.ab:core-api to v4.4.2
• chore(deps): update dependency com.optimizely.ab:core-httpclient-impl to v4.4.2
• chore(deps): update dependency com.squareup.okio:okio-jvm to v3.17.0
• chore(deps): update dependency com.statsig:serversdk to v1.36.5
• chore(deps): update dependency commons-codec:commons-codec to v1.22.0
• chore(deps): update dependency commons-io:commons-io to v2.22.0
• chore(deps): update dependency dev.openfeature:sdk to v1.20.2
• chore(deps): update dependency dev.openfeature.contrib.providers:flagd to v0.14.0
• chore(deps): update dependency io.flipt:flipt-java to v1.4.0
• chore(deps): update dependency io.getunleash:unleash-client-java to v11.2.1
• chore(deps): update dependency org.codehaus.mojo:exec-maven-plugin to v3.6.3
• chore(deps): update dependency org.sonatype.central:central-publishing-maven-plugin to v0.11.0
• chore(deps): update guava monorepo to v33.6.0-jre
• chore(deps): update log4j2 monorepo to v2.26.0
• chore(deps): update actions/cache action to v5
• chore(deps): update actions/checkout action to v6
• chore(deps): update dependency com.configcat:configcat-java-client to v10
• chore(deps): update dependency com.flagsmith:flagsmith-java-client to v8
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13
• chore(deps): update dependency com.statsig:serversdk to v3
• chore(deps): update dependency io.getunleash:unleash-client-java to v12
• chore(deps): update googleapis/release-please-action action to v5
• chore(deps): update okhttp monorepo to v5 (com.squareup.okhttp3:okhttp, com.squareup.okhttp3:mockwebserver)
• 🔐 Create all pending approval PRs at once 🔐

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update junit-framework monorepo to v6 (org.junit.jupiter:junit-jupiter, org.junit:junit-bom)

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update dependency com.networknt:json-schema-validator to v3
• chore(deps): update dependency org.semver4j:semver4j to v6

Detected Dependencies

git-submodules (1)

.gitmodules (6)

• providers/flagd/schemas 1daf5ff56b48d582187d59e35d48c6e191c23839 → [Updates: undefined]
• providers/flagd/test-harness 7575a1dc45f176e57e809748a712a555e9aa5d11
• providers/flagd/spec eefdf439c5a5b69ccde036c3c6959a4a6c17e08c → [Updates: undefined]
• providers/go-feature-flag/wasm-releases a4bbeb697641104415f772159ef1a5605076a1c6
• tools/flagd-core/schemas 1daf5ff56b48d582187d59e35d48c6e191c23839 → [Updates: undefined]
• tools/flagd-api-testkit/test-harness 7575a1dc45f176e57e809748a712a555e9aa5d11

github-actions (4)

.github/workflows/ci.yml (3)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• actions/cache v4@0400d5f644dc74513175e3cd8d07132dd4860809 → [Updates: v5, v4]

.github/workflows/component-owners.yml

.github/workflows/lint-pr.yml (1)

• amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50

.github/workflows/release-please.yml (4)

• googleapis/release-please-action v4@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c → [Updates: v5, v4]
• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• actions/cache v4@0400d5f644dc74513175e3cd8d07132dd4860809 → [Updates: v5, v4]

maven (21)

hooks/open-telemetry/pom.xml (2)

• io.opentelemetry:opentelemetry-bom 1.63.0
• io.opentelemetry.semconv:opentelemetry-semconv-incubating 1.28.0-alpha

pom.xml (31)

• org.junit:junit-bom 5.14.3 → [Updates: 5.14.4, 6.1.0]
• io.cucumber:cucumber-bom 7.34.3
• org.mockito:mockito-bom 5.23.0
• dev.openfeature:sdk [1.16.0,1.99999)
• org.projectlombok:lombok 1.18.42 → [Updates: 1.18.46]
• com.github.spotbugs:spotbugs 4.9.8 → [Updates: 4.10.2]
• org.assertj:assertj-core 3.27.7
• org.junit-pioneer:junit-pioneer 2.3.0
• org.awaitility:awaitility 4.3.0
• org.apache.maven.plugins:maven-toolchains-plugin 3.2.0
• org.apache.maven.plugins:maven-compiler-plugin 3.15.0
• org.apache.maven.plugins:maven-jar-plugin 3.5.0
• org.apache.maven.plugins:maven-surefire-plugin 3.5.5 → [Updates: 3.5.6]
• org.codehaus.mojo:flatten-maven-plugin 1.7.0 → [Updates: 1.7.3]
• org.apache.maven.plugins:maven-resources-plugin 3.5.0
• org.honton.chas:exists-maven-plugin 0.15.2
• org.apache.maven.plugins:maven-source-plugin 3.4.0
• org.apache.maven.plugins:maven-javadoc-plugin 3.12.0
• org.cyclonedx:cyclonedx-maven-plugin 2.9.1
• org.apache.maven.plugins:maven-gpg-plugin 3.2.8
• org.sonatype.central:central-publishing-maven-plugin 0.10.0 → [Updates: 0.11.0]
• org.apache.maven.plugins:maven-checkstyle-plugin 3.6.0
• com.puppycrawl.tools:checkstyle 12.3.1 → [Updates: 13.6.0]
• org.apache.maven.plugins:maven-pmd-plugin 3.28.0
• com.github.spotbugs:spotbugs-maven-plugin 4.9.8.3 → [Updates: 4.10.2.0]
• com.h3xstream.findsecbugs:findsecbugs-plugin 1.14.0
• com.github.spotbugs:spotbugs 4.9.8 → [Updates: 4.10.2]
• com.diffplug.spotless:spotless-maven-plugin 3.4.0 → [Updates: 3.7.0]
• org.apache.maven.plugins:maven-toolchains-plugin 3.2.0
• org.apache.maven.plugins:maven-surefire-plugin 3.5.5 → [Updates: 3.5.6]
• org.apache.maven.plugins:maven-compiler-plugin 3.15.0

providers/configcat/pom.xml (3)

• com.configcat:configcat-java-client 9.4.3 → [Updates: 9.4.4, 10.0.1]
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]

providers/env-var/pom.xml (1)

• org.apache.commons:commons-lang3 3.20.0

providers/flagd/pom.xml (20)

• dev.openfeature.contrib.tools:flagd-core [2.0.0,3.0.0)
• io.grpc:grpc-netty-shaded 1.82.0
• io.grpc:grpc-protobuf 1.82.0
• io.grpc:grpc-stub 1.82.0
• org.apache.tomcat:annotations-api 6.0.53
• org.apache.commons:commons-collections4 4.5.0
• io.opentelemetry:opentelemetry-api 1.63.0
• org.junit.jupiter:junit-jupiter 5.14.3 → [Updates: 5.14.4, 6.1.0]
• org.testcontainers:testcontainers 2.0.4 → [Updates: 2.0.5]
• org.testcontainers:testcontainers-junit-jupiter 2.0.4 → [Updates: 2.0.5]
• io.rest-assured:rest-assured 6.0.0
• commons-io:commons-io 2.21.0 → [Updates: 2.22.0]
• org.slf4j:slf4j-simple 2.0.17 → [Updates: 2.0.18]
• com.vmlens:api 1.2.28
• kr.motd.maven:os-maven-plugin 1.7.1
• org.codehaus.mojo:exec-maven-plugin 3.6.3
• org.xolstice.maven.plugins:protobuf-maven-plugin 0.6.1
• com.github.spotbugs:spotbugs-maven-plugin 4.9.8.3 → [Updates: 4.10.2.0]
• com.vmlens:vmlens-maven-plugin 1.2.28
• org.codehaus.mojo:exec-maven-plugin 3.6.3

providers/flagsmith/pom.xml (3)

• com.flagsmith:flagsmith-java-client 7.4.3 → [Updates: 8.1.1]
• com.squareup.okhttp3:okhttp 4.12.0 → [Updates: 5.4.0]
• com.squareup.okhttp3:mockwebserver 4.12.0 → [Updates: 5.4.0]

providers/flipt/pom.xml (8)

• io.flipt:flipt-java 1.1.2 → [Updates: 1.4.0]
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• com.fasterxml.jackson.core:jackson-databind 2.22.0
• org.wiremock:wiremock 3.13.2
• com.fasterxml.jackson.core:jackson-core 2.22.0
• com.fasterxml.jackson.core:jackson-databind 2.22.0
• com.fasterxml.jackson.core:jackson-annotations 2.22
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]

providers/gcp/pom.xml (6)

• com.google.cloud:libraries-bom 26.83.0 → [Updates: 26.84.0]
• com.fasterxml.jackson:jackson-bom 2.22.0
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.0 → [Updates: 2.26.0]
• com.vmlens:api 1.2.28
• com.vmlens:vmlens-maven-plugin 1.2.27 → [Updates: 1.2.28]

providers/go-feature-flag/pom.xml (13)

• com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.22.0
• com.fasterxml.jackson.core:jackson-core 2.22.0
• com.fasterxml.jackson.core:jackson-databind 2.22.0
• com.fasterxml.jackson.core:jackson-annotations 2.22
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• io.reactivex.rxjava3:rxjava 3.1.10 → [Updates: 3.1.12]
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]
• com.dylibso.chicory:wasi 1.7.5
• com.squareup.okhttp3:mockwebserver 4.12.0 → [Updates: 5.4.0]
• com.squareup.okhttp3:okhttp 4.12.0 → [Updates: 5.4.0]
• com.squareup.okio:okio-jvm 3.15.0 → [Updates: 3.17.0]
• com.github.spotbugs:spotbugs-annotations 4.9.8 → [Updates: 4.10.2]
• com.dylibso.chicory:chicory-compiler-maven-plugin 1.7.5

providers/jsonlogic-eval-provider/pom.xml (3)

• io.github.gzsombor:json-logic-java 1.1.5 → [Updates: 1.1.6]
• org.json:json 20250517
• com.github.spotbugs:spotbugs-annotations 4.9.8 → [Updates: 4.10.2]

providers/multiprovider/pom.xml (2)

• org.json:json 20250517
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]

providers/ofrep/pom.xml (8)

• com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.22.0
• com.fasterxml.jackson.core:jackson-core 2.22.0
• com.fasterxml.jackson.core:jackson-databind 2.22.0
• com.fasterxml.jackson.core:jackson-annotations 2.22
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• commons-validator:commons-validator 1.10.1
• com.google.guava:guava 33.4.8-jre → [Updates: 33.6.0-jre]
• com.squareup.okhttp3:mockwebserver 4.12.0 → [Updates: 5.4.0]

providers/optimizely/pom.xml (4)

• com.optimizely.ab:core-api 4.2.2 → [Updates: 4.4.2]
• com.optimizely.ab:core-httpclient-impl 4.2.2 → [Updates: 4.4.2]
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]

providers/statsig/pom.xml (3)

• com.statsig:serversdk 1.18.1 → [Updates: 1.36.5, 3.2.0]
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]

providers/unleash/pom.xml (4)

• io.getunleash:unleash-client-java 11.0.2 → [Updates: 11.2.1, 12.2.2]
• org.slf4j:slf4j-api 2.0.17 → [Updates: 2.0.18]
• org.wiremock:wiremock 3.13.2
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.26.0]

samples/gcp/pom.xml (4)

• dev.openfeature.contrib.providers:gcp 0.0.2
• dev.openfeature:sdk 1.12.1 → [Updates: 1.20.2]
• org.slf4j:slf4j-simple 2.0.17 → [Updates: 2.0.18]
• org.codehaus.mojo:exec-maven-plugin 3.5.0 → [Updates: 3.6.3]

tools/flagd-api-testkit/pom.xml (5)

• dev.openfeature.contrib.tools:flagd-api [0.0.1,)
• org.assertj:assertj-core 3.27.7
• com.fasterxml.jackson.core:jackson-databind 2.22.0
• org.codehaus.mojo:exec-maven-plugin 3.6.3
• org.apache.maven.plugins:maven-resources-plugin 3.5.0

tools/flagd-api/pom.xml

tools/flagd-core/pom.xml (13)

• dev.openfeature.contrib.tools:flagd-api [1.0.0,2.0.0)
• com.fasterxml.jackson.core:jackson-databind 2.22.0
• io.github.gzsombor:json-logic-java 1.1.5 → [Updates: 1.1.6]
• com.google.code.gson:gson 2.13.1 → [Updates: 2.14.0]
• com.networknt:json-schema-validator 1.5.9 → [Updates: 3.0.4]
• org.apache.commons:commons-lang3 3.20.0
• org.semver4j:semver4j 5.8.0 → [Updates: 6.0.0]
• commons-codec:commons-codec 1.21.0 → [Updates: 1.22.0]
• org.junit.jupiter:junit-jupiter 5.14.3 → [Updates: 5.14.4, 6.1.0]
• org.assertj:assertj-core 3.27.7
• dev.openfeature.contrib.tools:flagd-api-testkit [0.0.1,)
• org.codehaus.mojo:exec-maven-plugin 3.6.3
• org.apache.maven.plugins:maven-resources-plugin 3.5.0

tools/flagd-http-connector/pom.xml (3)

• dev.openfeature.contrib.providers:flagd 0.11.20 → [Updates: 0.14.0]
• org.apache.commons:commons-lang3 3.20.0
• com.google.code.findbugs:annotations 3.0.1u2

tools/junit-openfeature/pom.xml (2)

• org.apache.commons:commons-lang3 3.20.0
• org.junit-pioneer:junit-pioneer 2.3.0

maven-wrapper (3)

.mvn/wrapper/maven-wrapper.properties (1)

• maven 3.9.14 → [Updates: 3.9.16]

mvnw (1)

• maven-wrapper 3.3.4

mvnw.cmd (1)

• maven-wrapper 3.3.4

renovate-config (1)

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository