Configure Renovate (!2) · Merge requests · pub / DnumArchi / Démonstrateur CI Maven

gl-renovate requested to merge renovate/configure into main Oct 30, 2024

Welcome to Renovate! This is an onboarding MR to help you understand and configure settings before regular Merge Requests begin.

🚦 To activate Renovate, merge this Merge Request. To disable Renovate, simply close this Merge Request unmerged.

Detected Package Files

ci-maven-demo-webapp/Dockerfile (dockerfile)
.gitlab-ci.yml (gitlabci)
ci-maven-demo-service/pom.xml (maven)
ci-maven-demo-webapp/pom.xml (maven)
jacoco-report-aggregate/pom.xml (maven)
pom.xml (maven)

Configuration Summary

Based on the default config's presets, Renovate will:

Start dependency updates only once this onboarding MR is merged
Enable Renovate Dependency Dashboard creation.
Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
Group known monorepo packages together.
Use curated list of recommended non-monorepo package groupings.
Apply crowd-sourced package replacement rules.
Apply crowd-sourced workarounds for known problems with packages.
Pin Docker digests.
Pin github-action digests.
Enable Renovate configuration migration MRs when needed.
Pin dependency versions for devDependencies.
Raise MR when vulnerability alerts are detected with label 'security'.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Merge Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 12 Merge Requests:

Pin dependencies

Schedule: ["at any time"]
Branch name: renovate/pin-dependencies
Merge into: main
Upgrade docker.io/alpine to sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
Upgrade docker.io/maven to sha256:8d63d4c1902cb12d9e79a70671b18ebe26358cb592561af33ca1808f00d935cb
Upgrade eclipse-temurin to sha256:4c1ec9743c333c9d47f55d883c4e317d117e198899e7edf1d9cf4c89253b1b9d
Upgrade gcr.io/kaniko-project/executor to sha256:c3109d5926a997b100c4343944e06c6b30a6804b2f9abe0994d3de6ef92b028e
Upgrade registry.gitlab.com/haynes/jacoco2cobertura to sha256:1b8ee364eba07c074f907c9e28ade778671e437e09b5e4457849979fb4265065

Update dependency org.apache.maven.plugins:maven-site-plugin to v4.0.0-M16

Schedule: ["at any time"]
Branch name: renovate/plugin.maven-site.version
Merge into: main
Upgrade org.apache.maven.plugins:maven-site-plugin to 4.0.0-M16

Update dependency org.jacoco:jacoco-maven-plugin to v0.8.12

Schedule: ["at any time"]
Branch name: renovate/plugin.jacoco.version
Merge into: main
Upgrade org.jacoco:jacoco-maven-plugin to 0.8.12

Update docker.io/maven Docker tag to v3.9.9

Schedule: ["at any time"]
Branch name: renovate/docker.io-maven-3.x
Merge into: main
Upgrade docker.io/maven to sha256:440a97a9304d5f66cb96e01161724d0ac3a50d1d90c4cb99dffd94fe4282d31f

Update eclipse-temurin Docker tag to v21.0.5_11-jre

Schedule: ["at any time"]
Branch name: renovate/eclipse-temurin-21.x
Merge into: main
Upgrade eclipse-temurin to sha256:4c1ec9743c333c9d47f55d883c4e317d117e198899e7edf1d9cf4c89253b1b9d

Update registry.gitlab.com/haynes/jacoco2cobertura Docker tag to v1.0.10

Schedule: ["at any time"]
Branch name: renovate/registry.gitlab.com-haynes-jacoco2cobertura-1.x
Merge into: main
Upgrade registry.gitlab.com/haynes/jacoco2cobertura to sha256:a511ca02828bbbf042a7aad53617a9a09803b7fd33eba9c940c2bd64c5288784

Update dependency org.apache.maven.plugins:maven-project-info-reports-plugin to v3.8.0

Schedule: ["at any time"]
Branch name: renovate/plugin.maven-info.version
Merge into: main
Upgrade org.apache.maven.plugins:maven-project-info-reports-plugin to 3.8.0

Update dependency org.apache.maven.plugins:maven-surefire-report-plugin to v3.5.2

Schedule: ["at any time"]
Branch name: renovate/plugin.surefire.version
Merge into: main
Upgrade org.apache.maven.plugins:maven-surefire-report-plugin to 3.5.2

Update dependency org.codehaus.mojo:versions-maven-plugin to v2.17.1

Schedule: ["at any time"]
Branch name: renovate/plugin.versions-maven.version
Merge into: main
Upgrade org.codehaus.mojo:versions-maven-plugin to 2.17.1

Update dependency org.owasp:dependency-check-maven to v9.2.0

Schedule: ["at any time"]
Branch name: renovate/plugin.owasp.version
Merge into: main
Upgrade org.owasp:dependency-check-maven to 9.2.0

Update dependency org.springframework.boot:spring-boot-starter-parent to v3.3.5

Schedule: ["at any time"]
Branch name: renovate/spring-boot
Merge into: main
Upgrade org.springframework.boot:spring-boot-starter-parent to 3.3.5

Update dependency org.owasp:dependency-check-maven to v11

Schedule: ["at any time"]
Branch name: renovate/major-plugin.owasp.version
Merge into: main
Upgrade org.owasp:dependency-check-maven to 11.1.0

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

⚠️ Warning

Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this MR.

Failed to look up maven package demo.ci-maven-demo:ci-maven-demo

Files affected: ci-maven-demo-service/pom.xml, ci-maven-demo-webapp/pom.xml, jacoco-report-aggregate/pom.xml

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

This MR has been generated by Renovate Bot.

Edited Nov 04, 2024 by gl-renovate

Configure Renovate

Detected Package Files

Configuration Summary

What to Expect

Merge request reports