Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

• chore(deps): update actions/cache digest to 0057852
• chore(deps): update actions/checkout digest to 93cb6ef
• chore(deps): update actions/setup-java digest to be666c2
• chore(deps): update dyladan/component-owners digest to 7ff2b34
• chore(deps): update googleapis/release-please-action digest to 16a9c90
• chore(deps): update providers/go-feature-flag/wasm-releases digest to dd54e60
• chore(deps): update com.vmlens.version to v1.2.27 (com.vmlens:vmlens-maven-plugin, com.vmlens:api)
• chore(deps): update dependency com.configcat:configcat-java-client to v9.4.4
• chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.9.8.3
• chore(deps): update dependency com.google.code.gson:gson to v2.13.2
• chore(deps): update dependency io.reactivex.rxjava3:rxjava to v3.1.12
• chore(deps): update dependency maven to v3.9.14
• chore(deps): update dependency org.apache.logging.log4j:log4j-slf4j2-impl to v2.25.4
• chore(deps): update dependency org.codehaus.mojo:exec-maven-plugin to v3.6.3
• chore(deps): update dependency org.projectlombok:lombok to v1.18.44
• chore(deps): update jackson monorepo to v2.21.2 (com.fasterxml.jackson.core:jackson-databind, com.fasterxml.jackson.core:jackson-core, com.fasterxml.jackson.datatype:jackson-datatype-jsr310)
• chore(deps): update testcontainers-java monorepo to v2.0.4 (org.testcontainers:testcontainers-junit-jupiter, org.testcontainers:testcontainers)
• chore(deps): update dependency com.diffplug.spotless:spotless-maven-plugin to v3.4.0
• chore(deps): update dependency com.dylibso.chicory:chicory-compiler-maven-plugin to v1.7.5
• chore(deps): update dependency com.dylibso.chicory:wasi to v1.7.5
• chore(deps): update dependency com.google.guava:guava to v33.5.0-jre
• chore(deps): update dependency com.optimizely.ab:core-api to v4.3.1
• chore(deps): update dependency com.optimizely.ab:core-httpclient-impl to v4.3.1
• chore(deps): update dependency com.squareup.okio:okio-jvm to v3.17.0
• chore(deps): update dependency com.statsig:serversdk to v1.36.5
• chore(deps): update dependency dev.openfeature.contrib.providers:flagd to v0.12.0
• chore(deps): update dependency io.flipt:flipt-java to v1.4.0
• chore(deps): update dependency io.getunleash:unleash-client-java to v11.2.1
• chore(deps): update dependency org.mockito:mockito-bom to v5.23.0
• chore(deps): update dependency providers/flagd/test-harness to v3.3.0
• chore(deps): update dependency tools/flagd-api-testkit/test-harness to v3.3.0
• chore(deps): update grpc-java monorepo to v1.80.0 (io.grpc:grpc-stub, io.grpc:grpc-protobuf, io.grpc:grpc-netty-shaded)
• chore(deps): update actions/cache action to v5
• chore(deps): update actions/checkout action to v6
• chore(deps): update dependency com.flagsmith:flagsmith-java-client to v8
• chore(deps): update dependency com.puppycrawl.tools:checkstyle to v13
• chore(deps): update dependency com.statsig:serversdk to v3
• chore(deps): update dependency io.getunleash:unleash-client-java to v12
• 🔐 Create all pending approval PRs at once 🔐

---

Warning

Renovate failed to look up the following dependencies: Failed to look up maven package dev.openfeature.contrib.tools:flagd-api-testkit: no-result.

Files affected: tools/flagd-core/pom.xml

---

Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

• chore(deps): update dependency io.rest-assured:rest-assured to v6
• chore(deps): update junit-framework monorepo to v6 (major) (org.junit.jupiter:junit-jupiter, org.junit:junit-bom)
• Click on this checkbox to rebase all open PRs at once

PR Closed (Blocked)

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

• chore(deps): update dependency com.networknt:json-schema-validator to v3
• chore(deps): update dependency org.semver4j:semver4j to v6
• chore(deps): update okhttp monorepo to v5 (major) (com.squareup.okhttp3:okhttp, com.squareup.okhttp3:mockwebserver)

Detected Dependencies

git-submodules (1)

.gitmodules (6)

• providers/flagd/schemas 9f823b5b36bf219f8ea342de006fdf5013c1bc79
• providers/flagd/test-harness v3.0.1@3bff4b7eaee0efc8cfe60e0ef6fbd77441b370e6 → [Updates: v3.3.0]
• providers/flagd/spec eefdf439c5a5b69ccde036c3c6959a4a6c17e08c
• providers/go-feature-flag/wasm-releases a18dba9985c82ceb20b5910697a347769ddf151e → [Updates: undefined]
• tools/flagd-core/schemas 9f823b5b36bf219f8ea342de006fdf5013c1bc79
• tools/flagd-api-testkit/test-harness v3.1.0@ad336ebc7cad91ee028a72dec5f60a17a17316b1 → [Updates: v3.3.0]

github-actions (4)

.github/workflows/ci.yml (3)

• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• actions/cache v4@0400d5f644dc74513175e3cd8d07132dd4860809 → [Updates: v5, v4]

.github/workflows/component-owners.yml (1)

• dyladan/component-owners 58bd86e9814d23f1525d0a970682cead459fa783 → [Updates: undefined]

.github/workflows/lint-pr.yml (1)

• amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50

.github/workflows/release-please.yml (4)

• googleapis/release-please-action v4@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c → [Updates: v4]
• actions/checkout v5@08c6903cd8c0fde910a37f88322edcfb5dd907a8 → [Updates: v6, v5]
• actions/setup-java v5@dded0888837ed1f317902acf8a20df0ad188d165 → [Updates: v5]
• actions/cache v4@0400d5f644dc74513175e3cd8d07132dd4860809 → [Updates: v5, v4]

maven (19)

hooks/open-telemetry/pom.xml (2)

• io.opentelemetry:opentelemetry-bom 1.60.1
• io.opentelemetry.semconv:opentelemetry-semconv-incubating 1.28.0-alpha

pom.xml (29)

• org.junit:junit-bom 5.14.3 → [Updates: 6.0.3]
• io.cucumber:cucumber-bom 7.34.3
• org.mockito:mockito-bom 5.22.0 → [Updates: 5.23.0]
• dev.openfeature:sdk [1.16.0,1.99999)
• org.projectlombok:lombok 1.18.42 → [Updates: 1.18.44]
• com.github.spotbugs:spotbugs 4.9.8
• org.assertj:assertj-core 3.27.7
• org.junit-pioneer:junit-pioneer 2.3.0
• org.awaitility:awaitility 4.3.0
• org.apache.maven.plugins:maven-toolchains-plugin 3.2.0
• org.apache.maven.plugins:maven-compiler-plugin 3.15.0
• org.apache.maven.plugins:maven-jar-plugin 3.5.0
• org.apache.maven.plugins:maven-surefire-plugin 3.5.5
• org.honton.chas:exists-maven-plugin 0.15.2
• org.apache.maven.plugins:maven-source-plugin 3.4.0
• org.apache.maven.plugins:maven-javadoc-plugin 3.12.0
• org.cyclonedx:cyclonedx-maven-plugin 2.9.1
• org.apache.maven.plugins:maven-gpg-plugin 3.2.8
• org.sonatype.central:central-publishing-maven-plugin 0.10.0
• org.apache.maven.plugins:maven-checkstyle-plugin 3.6.0
• com.puppycrawl.tools:checkstyle 12.3.1 → [Updates: 13.3.0]
• org.apache.maven.plugins:maven-pmd-plugin 3.28.0
• com.github.spotbugs:spotbugs-maven-plugin 4.9.8.2 → [Updates: 4.9.8.3]
• com.h3xstream.findsecbugs:findsecbugs-plugin 1.14.0
• com.github.spotbugs:spotbugs 4.9.8
• com.diffplug.spotless:spotless-maven-plugin 3.3.0 → [Updates: 3.4.0]
• org.apache.maven.plugins:maven-toolchains-plugin 3.2.0
• org.apache.maven.plugins:maven-surefire-plugin 3.5.5
• org.apache.maven.plugins:maven-compiler-plugin 3.15.0

providers/configcat/pom.xml (3)

• com.configcat:configcat-java-client 9.4.3 → [Updates: 9.4.4]
• org.slf4j:slf4j-api 2.0.17
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]

providers/env-var/pom.xml (1)

• org.apache.commons:commons-lang3 3.20.0

providers/flagd/pom.xml (20)

• dev.openfeature.contrib.tools:flagd-core [0.0.1,)
• io.grpc:grpc-netty-shaded 1.79.0 → [Updates: 1.80.0]
• io.grpc:grpc-protobuf 1.79.0 → [Updates: 1.80.0]
• io.grpc:grpc-stub 1.79.0 → [Updates: 1.80.0]
• org.apache.tomcat:annotations-api 6.0.53
• org.apache.commons:commons-collections4 4.5.0
• io.opentelemetry:opentelemetry-api 1.60.1
• org.junit.jupiter:junit-jupiter 5.14.3 → [Updates: 6.0.3]
• org.testcontainers:testcontainers 2.0.3 → [Updates: 2.0.4]
• org.testcontainers:testcontainers-junit-jupiter 2.0.3 → [Updates: 2.0.4]
• io.rest-assured:rest-assured 5.5.7 → [Updates: 6.0.0]
• commons-io:commons-io 2.21.0
• org.slf4j:slf4j-simple 2.0.17
• com.vmlens:api 1.2.24 → [Updates: 1.2.27]
• kr.motd.maven:os-maven-plugin 1.7.1
• org.codehaus.mojo:exec-maven-plugin 3.6.2 → [Updates: 3.6.3]
• org.xolstice.maven.plugins:protobuf-maven-plugin 0.6.1
• com.github.spotbugs:spotbugs-maven-plugin 4.9.8.2 → [Updates: 4.9.8.3]
• com.vmlens:vmlens-maven-plugin 1.2.24 → [Updates: 1.2.27]
• org.codehaus.mojo:exec-maven-plugin 3.6.2 → [Updates: 3.6.3]

providers/flagsmith/pom.xml (3)

• com.flagsmith:flagsmith-java-client 7.4.3 → [Updates: 8.0.0]
• com.squareup.okhttp3:okhttp 4.12.0 → [Updates: 5.3.2]
• com.squareup.okhttp3:mockwebserver 4.12.0 → [Updates: 5.3.2]

providers/flipt/pom.xml (8)

• io.flipt:flipt-java 1.1.2 → [Updates: 1.4.0]
• org.slf4j:slf4j-api 2.0.17
• com.fasterxml.jackson.core:jackson-databind 2.21.1 → [Updates: 2.21.2]
• org.wiremock:wiremock 3.13.2
• com.fasterxml.jackson.core:jackson-core 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-databind 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-annotations 2.21
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]

providers/go-feature-flag/pom.xml (13)

• com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-core 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-databind 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-annotations 2.21
• org.slf4j:slf4j-api 2.0.17
• io.reactivex.rxjava3:rxjava 3.1.10 → [Updates: 3.1.12]
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]
• com.dylibso.chicory:wasi 1.6.0 → [Updates: 1.7.5]
• com.squareup.okhttp3:mockwebserver 4.12.0 → [Updates: 5.3.2]
• com.squareup.okhttp3:okhttp 4.12.0 → [Updates: 5.3.2]
• com.squareup.okio:okio-jvm 3.15.0 → [Updates: 3.17.0]
• com.github.spotbugs:spotbugs-annotations 4.9.8
• com.dylibso.chicory:chicory-compiler-maven-plugin 1.6.0 → [Updates: 1.7.5]

providers/jsonlogic-eval-provider/pom.xml (3)

• io.github.jamsesso:json-logic-java 1.1.0
• org.json:json 20250517
• com.github.spotbugs:spotbugs-annotations 4.9.8

providers/multiprovider/pom.xml (2)

• org.json:json 20250517
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]

providers/ofrep/pom.xml (8)

• com.fasterxml.jackson.datatype:jackson-datatype-jsr310 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-core 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-databind 2.21.1 → [Updates: 2.21.2]
• com.fasterxml.jackson.core:jackson-annotations 2.21
• org.slf4j:slf4j-api 2.0.17
• commons-validator:commons-validator 1.10.1
• com.google.guava:guava 33.4.8-jre → [Updates: 33.5.0-jre]
• com.squareup.okhttp3:mockwebserver 4.12.0 → [Updates: 5.3.2]

providers/optimizely/pom.xml (4)

• com.optimizely.ab:core-api 4.2.2 → [Updates: 4.3.1]
• com.optimizely.ab:core-httpclient-impl 4.2.2 → [Updates: 4.3.1]
• org.slf4j:slf4j-api 2.0.17
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]

providers/statsig/pom.xml (3)

• com.statsig:serversdk 1.18.1 → [Updates: 1.36.5, 3.1.3]
• org.slf4j:slf4j-api 2.0.17
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]

providers/unleash/pom.xml (4)

• io.getunleash:unleash-client-java 11.0.2 → [Updates: 11.2.1, 12.2.0]
• org.slf4j:slf4j-api 2.0.17
• org.wiremock:wiremock 3.13.2
• org.apache.logging.log4j:log4j-slf4j2-impl 2.25.2 → [Updates: 2.25.4]

tools/flagd-api-testkit/pom.xml (5)

• dev.openfeature.contrib.tools:flagd-api [0.0.1,)
• org.assertj:assertj-core 3.27.7
• com.fasterxml.jackson.core:jackson-databind 2.21.1 → [Updates: 2.21.2]
• org.codehaus.mojo:exec-maven-plugin 3.6.2 → [Updates: 3.6.3]
• org.apache.maven.plugins:maven-resources-plugin 3.5.0

tools/flagd-api/pom.xml

tools/flagd-core/pom.xml (13)

• dev.openfeature.contrib.tools:flagd-api 0.1.0
• com.fasterxml.jackson.core:jackson-databind 2.21.1 → [Updates: 2.21.2]
• io.github.jamsesso:json-logic-java 1.1.0
• com.google.code.gson:gson 2.13.1 → [Updates: 2.13.2]
• com.networknt:json-schema-validator 1.5.9 → [Updates: 3.0.1]
• org.apache.commons:commons-lang3 3.20.0
• org.semver4j:semver4j 5.8.0 → [Updates: 6.0.0]
• commons-codec:commons-codec 1.21.0
• org.junit.jupiter:junit-jupiter 5.14.3 → [Updates: 6.0.3]
• org.assertj:assertj-core 3.27.7
• dev.openfeature.contrib.tools:flagd-api-testkit [0.0.1,)
• org.codehaus.mojo:exec-maven-plugin 3.6.2 → [Updates: 3.6.3]
• org.apache.maven.plugins:maven-resources-plugin 3.5.0

tools/flagd-http-connector/pom.xml (3)

• dev.openfeature.contrib.providers:flagd 0.11.20 → [Updates: 0.12.0]
• org.apache.commons:commons-lang3 3.20.0
• com.google.code.findbugs:annotations 3.0.1u2

tools/junit-openfeature/pom.xml (2)

• org.apache.commons:commons-lang3 3.20.0
• org.junit-pioneer:junit-pioneer 2.3.0

maven-wrapper (3)

.mvn/wrapper/maven-wrapper.properties (1)

• maven 3.9.11 → [Updates: 3.9.14]

mvnw (1)

• maven-wrapper 3.3.4

mvnw.cmd (1)

• maven-wrapper 3.3.4

renovate-config-presets (1)

renovate.json

---

• Check this box to trigger a request for Renovate to run again on this repository