Skip to content

Update all dependencies #112

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update all dependencies #112

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 24, 2025
edited by jarkkoka
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
io.arrow-kt:arrow-core (source) 2.2.0 -> 2.2.1.1 age adoption passing confidence
org.springframework.boot:spring-boot-starter-parent (source) 3.5.7 -> 4.0.1 age adoption passing confidence

Release Notes

arrow-kt/arrow (io.arrow-kt:arrow-core)

v2.2.1.1

Compare Source

This release was triggered just because 2.2.1 failed to publish. Please refer to the 2.2.1 release for more information.

v2.2.1

Compare Source

For the full release notes, see the Arrow blog.

What's Changed
New Contributors

Full Changelog: arrow-kt/arrow@2.2.0...2.2.1

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v4.0.1

Compare Source

v4.0.0

Compare Source

v3.5.9

Compare Source

v3.5.8

Compare Source

⚠️ Noteworthy changes
🐞 Bug Fixes
  • Gradle war task does not exclude starter POMs from lib-provided #​48196
  • Testcontainers integration fails on Docker 29.0.0 #​48192
  • SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
  • Properties bound in the child management context ignore the parent's environment prefix #​48176
  • ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
  • Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
  • NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
  • Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
  • Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
  • Auto-configured JCacheMetrics cannot be customized #​48056
  • WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
  • Devtools Restarter does not work with a parameterless main method #​47987
  • Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
  • Docker response 407 is not handled correctly resulting in no error message #​47900
  • spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780
📔 Documentation
  • Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
  • Fix typo in PortInUseException Javadoc #​48133
  • Correct section about required setters in "Type-safe Configuration Properties" #​48130
  • Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
  • Document support for configuring servlet context init parameters using properties #​48111
  • Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
  • Use since attribute in configuration properties deprecation consistently #​47980
  • BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
  • Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
  • Document that Actuator endpoint may have at most one extension of each type #​47873
  • Limit Kotlin API documentation to Kotlin-specific APIs #​47859
  • Adapt AOTCache documentation to JEP 514 #​47274
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, @​siva-sai-udaygiri, @​tschut, and @​vpavic

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

This change is Reviewable

@renovate renovate bot requested a review from a team November 24, 2025 00:45
@renovate renovate bot changed the title Update all dependencies Update dependency org.springframework.boot:spring-boot-starter-parent to v4 Dec 10, 2025
@renovate renovate bot changed the title Update dependency org.springframework.boot:spring-boot-starter-parent to v4 Update all dependencies Dec 17, 2025
@renovate renovate bot force-pushed the renovate/all branch 4 times, most recently from 924cc6e to 781e703 Compare December 22, 2025 12:25
@github-actions
Copy link

github-actions bot commented Dec 22, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

pom.xml

PackageVersionLicenseIssue Type
io.arrow-kt:arrow-core2.2.1.1NullUnknown License
Allowed Licenses: CC0-1.0, Unlicense, WTFPL, 0BSD, MIT, Apache-2.0, ISC, BSD-2-Clause, BSD-3-Clause, Zlib, MPL-1.1, MPL-2.0, CDDL-1.0, EPL-1.0, EPL-2.0, CECILL-2.1, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-3.0-only, LGPL-3.0-or-later, EUPL-1.0, EUPL-1.1, EUPL-1.2, AAL, AFL-3.0, Apache-1.1, APL-1.0, APSL-2.0, Artistic-1.0-Perl, Artistic-2.0, BSL-1.0, CATOSL-1.1, CPAL-1.0, CUA-OPL-1.0, ECL-2.0, EFL-2.0, Entessa, EUDatagrid, Fair, LPPL-1.3c, LPL-1.02, MirOS, Motosoto, Multics, NASA-1.3, NCSA, NTP, Naumen, Nokia, PostgreSQL, PSF-2.0, RPSL-1.0, RSCPL, SimPL-2.0, Sleepycat, SPL-1.0, VSL-1.0, W3C, W3C-20150513, Xnet, ZPL-2.0

OpenSSF Scorecard

PackageVersionScoreDetails
maven/io.arrow-kt:arrow-core 2.2.1.1 🟢 4.7
Details
CheckScoreReason
Code-Review🟢 9Found 14/15 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Binary-Artifacts🟢 7binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
Vulnerabilities⚠️ 012 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • pom.xml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant