Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

See Config Migration PR: #1225.

Awaiting Schedule

The following updates are awaiting their schedule. To get an update now, click on a checkbox below.

• Update info.picocli to v4.7.7 (info.picocli:picocli-codegen, info.picocli:picocli)
• Update actions/setup-java action to v5.3.0
• Update com.diffplug.spotless to v8.7.0 (com.diffplug.spotless, com.diffplug.spotless:com.diffplug.spotless.gradle.plugin)
• Update com.google.errorprone to v2.50.0
• Update com.google.guava to v33.6.0-jre
• Update com.gradle.plugin-publish to v2.1.1
• Update com.gradleup.nmcp to v1.5.0
• Update com.gradleup.nmcp.aggregation to v1.5.0
• Update com.gradleup.shadow to v9.4.2
• Update com.squareup.okhttp3 to v5.4.0
• Update commons-codec to v1.22.0
• Update Gradle to v9.6.0
• Update org.mockito to v5.23.0
• Update protobuf_grpc (io.grpc:protoc-gen-grpc-java, com.google.protobuf:protoc, io.grpc:grpc-bom, com.google.protobuf:protobuf-bom, com.google.protobuf)
• Update actions/checkout action to v7
• Update GitHub Artifact Actions to v7
• Update gradle/actions action to v6
• Update net.ltgt.errorprone to v5
• Update no.nav.security to v4
• Update org.jsonschema2dataclass to v6
• Update org.junit to v6
• 🔐 Create all awaiting schedule PRs at once 🔐

Detected Dependencies

github-actions (10)

.github/workflows/byob-slsa.yaml (1)

• AdamKorcz/java-slsa-generator main

.github/workflows/ci.yaml (5)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• actions/setup-go v6.4.0@4a3601121dd01d1626a1e23e37211e3254c1c06c
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]
• go 1.26.x

.github/workflows/cifuzz.yaml (3)

• google/oss-fuzz master
• google/oss-fuzz master
• actions/upload-artifact v6.0.0@b7c566a772e6b6bfb58ed0dc250532a479d7789f → [Updates: v7.0.1]

.github/workflows/conformance.yml (6)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• sigstore/sigstore-conformance v0.0.29@21533cde107c734ebc153c3e3a24d75fc9811a36
• sigstore/sigstore-conformance v0.0.29@21533cde107c734ebc153c3e3a24d75fc9811a36

.github/workflows/depsreview.yml

.github/workflows/examples.yaml (6)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]

.github/workflows/gradle-wrapper-validation.yaml (2)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]

.github/workflows/release-sigstore-gradle-plugin-from-tag.yaml (4)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]

.github/workflows/release-sigstore-java-from-tag.yaml (6)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]
• google-github-actions/auth v3.0.0@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
• google-github-actions/get-secretmanager-secrets v3.0.0@bc9c54b29fdffb8a47776820a7d26e77b379d262

.github/workflows/tuf-conformance.yml (5)

• actions/checkout v6.0.3@df4cb1c069e1874edd31b4311f1884172cec0e10 → [Updates: v7.0.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• gradle/actions v5.0.2@0723195856401067f7a2779048b490ace7a47d7c → [Updates: v6.2.0]
• actions/setup-java v5.2.0@be666c2fcd27ec809703dec50e508c2fdc7f6654 → [Updates: v5.3.0]
• theupdateframework/tuf-conformance v2.4.0@500c525c9ce287a472fd334fe8d885cace667d32

gradle (50)

build-logic-commons/gradle-plugin/build.gradle.kts

build-logic-commons/gradle-plugin/src/main/kotlin/build-logic.kotlin-dsl-gradle-plugin.gradle.kts

build-logic-commons/gradle.properties

build-logic-commons/settings.gradle.kts

build-logic/basics/build.gradle.kts

build-logic/basics/src/main/kotlin/build-logic.repositories.gradle.kts

build-logic/basics/src/main/kotlin/build-logic.reproducible-builds.gradle.kts

build-logic/build-parameters/build.gradle.kts (1)

• org.gradlex.build-parameters 1.4.5

build-logic/build.gradle.kts

build-logic/gradle.properties

build-logic/jvm/build.gradle.kts (6)

• com.diffplug.spotless:com.diffplug.spotless.gradle.plugin 8.6.0 → [Updates: 8.7.0]
• com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin 3.0.2
• de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin 3.10
• org.jetbrains.dokka-javadoc:org.jetbrains.dokka-javadoc.gradle.plugin 2.2.0
• com.github.autostyle:com.github.autostyle.gradle.plugin 4.0.1
• net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin 4.4.0 → [Updates: 5.1.0]

build-logic/jvm/src/main/kotlin/build-logic.build-info.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.dokka-javadoc.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.errorprone.gradle.kts (2)

• com.google.errorprone:error_prone_core 2.46.0 → [Updates: 2.50.0]
• com.google.guava:guava-beta-checker 1.0

build-logic/jvm/src/main/kotlin/build-logic.forbidden-apis.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.java-library.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.java.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.kotlin.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.spotless-base.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.test-junit5.gradle.kts

build-logic/jvm/src/main/kotlin/build-logic.testing.gradle.kts

build-logic/publishing/build.gradle.kts (3)

• dev.sigstore:sigstore-gradle-sign-plugin 2.2.0
• com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin 2.0.0 → [Updates: 2.1.1]
• com.gradleup.nmcp:com.gradleup.nmcp.gradle.plugin 1.4.0 → [Updates: 1.5.0]

build-logic/publishing/src/main/kotlin/build-logic.depends-on-local-sigstore-java-repo.gradle.kts

build-logic/publishing/src/main/kotlin/build-logic.depends-on-local-sigstore-maven-plugin-repo.gradle.kts

build-logic/publishing/src/main/kotlin/build-logic.java-published-library.gradle.kts

build-logic/publishing/src/main/kotlin/build-logic.kotlin-dsl-published-gradle-plugin.gradle.kts

build-logic/publishing/src/main/kotlin/build-logic.publish-to-central.gradle.kts

build-logic/publishing/src/main/kotlin/build-logic.publish-to-tmp-maven-repo.gradle.kts

build-logic/publishing/src/main/kotlin/build-logic.signing.gradle.kts

build-logic/root-build/build.gradle.kts

build-logic/root-build/src/main/kotlin/build-logic.root-build.gradle.kts

build-logic/settings.gradle.kts

build.gradle.kts (2)

• com.gradleup.nmcp.aggregation 1.4.0 → [Updates: 1.5.0]
• com.diffplug.spotless 8.6.0 → [Updates: 8.7.0]

fuzzing/build.gradle.kts (2)

• com.code-intelligence:jazzer-api 0.30.0
• com.google.guava:guava 33.5.0-jre → [Updates: 33.6.0-jre]

gradle.properties (1)

• dev.sigstore:sigstore-java 2.3.0

sandbox/gradle-precompiled-plugin/build.gradle.kts

sandbox/gradle-precompiled-plugin/src/main/kotlin/sigstore-conventions.gradle.kts

sandbox/gradle-sign-file/build.gradle.kts

sandbox/gradle-sign-java-library/build.gradle.kts

sandbox/settings.gradle.kts

settings.gradle.kts (1)

• org.gradle.toolchains.foojay-resolver-convention 1.0.0

sigstore-cli/build.gradle.kts (7)

• com.gradleup.shadow 9.0.0-rc3 → [Updates: 9.4.2]
• info.picocli:picocli 4.7.6 → [Updates: 4.7.7]
• com.google.guava:guava 33.5.0-jre → [Updates: 33.6.0-jre]
• com.google.oauth-client:google-oauth-client-bom 1.39.0
• org.eclipse.jetty:jetty-server 12.1.10
• org.slf4j:slf4j-simple 2.0.18
• info.picocli:picocli-codegen 4.7.6 → [Updates: 4.7.7]

sigstore-gradle/sigstore-gradle-sign-base-plugin/build.gradle.kts

sigstore-gradle/sigstore-gradle-sign-base-plugin/src/main/kotlin/dev.sigstore.sign-base.gradle.kts

sigstore-gradle/sigstore-gradle-sign-plugin/build.gradle.kts

sigstore-gradle/sigstore-gradle-sign-plugin/src/main/kotlin/dev.sigstore.sign.gradle.kts

sigstore-java/build.gradle.kts (25)

• org.jsonschema2dataclass 5.0.0 → [Updates: 6.1.0]
• com.google.protobuf 0.9.6 → [Updates: 0.10.0]
• org.immutables:gson 2.12.2
• org.immutables:value-annotations 2.12.2
• org.immutables:value 2.12.2
• com.google.http-client:google-http-client-bom 2.1.0
• io.github.erdtman:java-json-canonicalization 1.1
• dev.sigstore:protobuf-specs 0.5.0
• com.google.protobuf:protobuf-bom 4.33.4 → [Updates: 4.35.1]
• io.grpc:grpc-bom 1.78.0 → [Updates: 1.82.0]
• org.apache.tomcat:annotations-api 6.0.53
• commons-codec:commons-codec 1.18.0 → [Updates: 1.22.0]
• com.google.code.gson:gson 2.14.0
• org.bouncycastle:bcutil-jdk18on 1.84
• org.bouncycastle:bcpkix-jdk18on 1.84
• com.google.oauth-client:google-oauth-client-bom 1.39.0
• org.junit:junit-bom 5.14.4 → [Updates: 6.1.0]
• org.mockito:mockito-bom 5.21.0 → [Updates: 5.23.0]
• no.nav.security:mock-oauth2-server 0.5.10 → [Updates: 4.0.1]
• com.squareup.okhttp3:mockwebserver 5.3.2 → [Updates: 5.4.0]
• net.sourceforge.htmlunit:htmlunit 2.70.0
• io.github.netmikey.logunit:logunit-core 2.0.0
• io.github.netmikey.logunit:logunit-jul 2.0.0
• com.google.protobuf:protoc 4.33.4 → [Updates: 4.35.1]
• io.grpc:protoc-gen-grpc-java 1.78.0 → [Updates: 1.82.0]

sigstore-maven-plugin/build.gradle.kts (7)

• org.gradlex.maven-plugin-development 1.0.3
• org.apache.maven:maven-plugin-api 3.9.16
• org.apache.maven:maven-core 3.9.16
• org.apache.maven.plugin-tools:maven-plugin-annotations 3.15.2
• org.bouncycastle:bcutil-jdk18on 1.84
• org.apache.maven.plugins:maven-gpg-plugin 3.2.8
• org.apache.maven.shared:maven-verifier 1.8.0

sigstore-testkit/build.gradle.kts (4)

• com.google.code.gson:gson 2.14.0
• com.google.guava:guava 33.5.0-jre → [Updates: 33.6.0-jre]
• org.junit:junit-bom 5.14.4 → [Updates: 6.1.0]
• org.assertj:assertj-core 3.27.7

tuf-cli/build.gradle.kts (7)

• com.gradleup.shadow 9.0.0-rc3 → [Updates: 9.4.2]
• info.picocli:picocli 4.7.6 → [Updates: 4.7.7]
• com.google.guava:guava 33.5.0-jre → [Updates: 33.6.0-jre]
• com.google.oauth-client:google-oauth-client-bom 1.39.0
• org.eclipse.jetty:jetty-server 12.1.10
• org.slf4j:slf4j-simple 2.0.18
• info.picocli:picocli-codegen 4.7.6 → [Updates: 4.7.7]

gradle-wrapper (2)

gradle/wrapper/gradle-wrapper.properties (1)

• gradle 9.5.1 → [Updates: 9.6.0]

sandbox/gradle/wrapper/gradle-wrapper.properties (1)

• gradle 9.5.1 → [Updates: 9.6.0]

---

• Check this box to trigger a request for Renovate to run again on this repository