Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): lock file maintenance j:cdx-227

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update all dependencies j:cdx-227 (@commitlint/config-conventional, @octokit/auth-app, actions/setup-java, actions/setup-node, actions/upload-artifact, ossf/scorecard-action, step-security/harden-runner, com.diffplug.spotless:spotless-maven-plugin, org.apache.maven:maven-model, commons-codec:commons-codec, org.mockito:mockito-core, joda-time:joda-time, io.github.cdimascio:dotenv-java, com.google.code.gson:gson, org.apache.logging.log4j:log4j-core, org.apache.maven.plugins:maven-gpg-plugin, org.apache.maven.plugins:maven-javadoc-plugin)
• fix(deps): update all dependencies j:cdx-227 (major) (@octokit/auth-app, io.github.resilience4j:resilience4j-retry)

Detected dependencies

github-actions

.github/workflows/build.yml

• step-security/harden-runner v2.10.1@91182cccc01eb5e619899d80e4e971d6181294a7
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-java v4.5.0@8df1039502a15bceb9433410b1a100fbe190c53b

.github/workflows/codeql.yml

• coveo/public-actions main

.github/workflows/dependency-review.yml

• coveo/public-actions main

.github/workflows/maven-publish.yml

• step-security/harden-runner v2.10.1@91182cccc01eb5e619899d80e4e971d6181294a7
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-java v4.5.0@8df1039502a15bceb9433410b1a100fbe190c53b

.github/workflows/pr-title-semantic-lint.yml

• step-security/harden-runner v2.10.1@91182cccc01eb5e619899d80e4e971d6181294a7
• actions/checkout v4@11bd71901bbe5b1630ceea73d27597364c9af683

.github/workflows/release.yml

• step-security/harden-runner v2.10.1@91182cccc01eb5e619899d80e4e971d6181294a7
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-node v4.1.0@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
• actions/setup-java v4.5.0@8df1039502a15bceb9433410b1a100fbe190c53b
• google-github-actions/release-please-action v4.1.1@e4dc86ba9405554aeba3c6bb2d169500e7d3b4ee
• node 18

.github/workflows/scorecards.yml

• step-security/harden-runner v2.10.1@91182cccc01eb5e619899d80e4e971d6181294a7
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• ossf/scorecard-action v2.4.0@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
• actions/upload-artifact v4.4.3@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
• github/codeql-action v3.26.13@f779452ac5af1c261dce0346a8f964149f49322b

maven

pom.xml

• org.apache.maven.plugins:maven-source-plugin 3.3.1
• com.diffplug.spotless:spotless-maven-plugin 2.43.0
• org.apache.maven.plugins:maven-javadoc-plugin 3.11.1
• org.apache.maven.plugins:maven-gpg-plugin 3.2.7
• org.apache.logging.log4j:log4j-core 2.24.1
• com.google.code.gson:gson 2.11.0
• io.github.cdimascio:dotenv-java 3.0.2
• joda-time:joda-time 2.13.0
• org.mockito:mockito-core 5.14.2
• junit:junit 4.13.2
• commons-codec:commons-codec 1.17.1
• io.github.resilience4j:resilience4j-retry 1.7.1
• org.apache.maven:maven-model 3.9.9

npm

package.json

• @actions/core ^1.10.0
• @commitlint/config-conventional 19.5.0
• @octokit/auth-app ^7.0.0