Skip to content

chore: stacked updates#576

Draft
sgammon wants to merge 13 commits into
mainfrom
chore/stacked-updates
Draft

chore: stacked updates#576
sgammon wants to merge 13 commits into
mainfrom
chore/stacked-updates

Conversation

@sgammon
Copy link
Copy Markdown
Owner

@sgammon sgammon commented Apr 22, 2026

Integration branch to gather fixes for main and PR updates

jesseschalken and others added 5 commits April 22, 2026 13:53
@jesseschalken @claude @sgammon
chore: add support for GraalVM JDK 24 and 25
f2162db 
Adds binary distribution mappings for GraalVM Community Edition and
Oracle GraalVM across all supported platforms for JDK 24 (24.0.0,
24.0.1, 24.0.2) and JDK 25 (25.0.0, 25.0.1, 25.0.2). Updates
_LatestJvmRelease to 25. Adds "23", "24", and "25" to
TARGET_JAVA_VERSIONS so that the java23/java24/java25 platform
constraints are generated by graalvm/platform/jvm/BUILD.bazel.

Note: macOS x64 is not available for JDK 25.0.2 (dropped upstream).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Jesse Schalken <me@jesseschalken.com>
(cherry picked from commit 0c96148)
Signed-off-by: Sam Gammon <sam@elide.ventures>
@jesseschalken @sgammon
fix sort
e7b8ad9 
Signed-off-by: Jesse Schalken <me@jesseschalken.com>
(cherry picked from commit f3683e0)
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
test: sync integration-tests with ci matrix, add bazel8 test
b868fef 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
fix: bazel9/bazel8 tests and bugs
78e58d7 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
fix: bazel5/bazel6 tests suppressed for macos
c5518c4 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon sgammon self-assigned this Apr 22, 2026
@sgammon sgammon added the bug Something isn't working label Apr 22, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: The number of snapshots compared for the base SHA (0) and the head SHA (1) do not match. You may see unexpected additions in the diff.
Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

PackageVersionLicenseIssue Type
org.graalvm.truffle:truffle-compiler24.1.1NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
maven/org.graalvm.compiler:compiler 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.nativeimage:native-image-base 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.nativeimage:objectfile 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.nativeimage:pointsto 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.nativeimage:svm 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.polyglot:polyglot 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.sdk:collections 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.sdk:graal-sdk 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.sdk:nativeimage 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.sdk:word 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/org.graalvm.truffle:truffle-compiler 24.1.1 🟢 4
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/24 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Binary-Artifacts⚠️ 0binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • pom.xml

sgammon and others added 8 commits April 22, 2026 15:40
@sgammon
test: restore components-ce and components-oracle
849ecfa 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
fix: use new macos-15-intel runners for darwin amd64
11fe548 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
fix: adapt for bazel4, restore tests
98875b6 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
test: add bazel9, fix macos amd64 last-release version
72887e0 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
chore: fmt
6dfed1f 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
fix: fmt / lintfix (ignore examples)
0410009 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
chore: fmt/fix buildifier version
92d9e5e 
Signed-off-by: Sam Gammon <sam@elide.ventures>
@sgammon
chore: update to bazel 9.1.0
0242026 
Signed-off-by: Sam Gammon <sam@elide.dev>
@sgammon sgammon force-pushed the chore/stacked-updates branch from 8debfc4 to 0242026 Compare April 23, 2026 19:35
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 23, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sgammon sgammon

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sgammon @jesseschalken