Configure Renovate

Welcome to Renovate! This is an onboarding MR to help you understand and configure settings before regular Merge Requests begin.

🚦 To activate Renovate, merge this Merge Request. To disable Renovate, simply close this Merge Request unmerged.

---

Detected Package Files

• ci-maven-demo-webapp/Dockerfile (dockerfile)
• .gitlab-ci.yml (gitlabci)
• ci-maven-demo-service/pom.xml (maven)
• ci-maven-demo-webapp/pom.xml (maven)
• jacoco-report-aggregate/pom.xml (maven)
• pom.xml (maven)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding MR is merged
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration MRs when needed.
• Pin dependency versions for devDependencies.
• Raise MR when vulnerability alerts are detected with label 'security'.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Merge Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 12 Merge Requests:

Pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/pin-dependencies
• Merge into: main
• Upgrade docker.io/alpine to sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d
• Upgrade docker.io/maven to sha256:8d63d4c1902cb12d9e79a70671b18ebe26358cb592561af33ca1808f00d935cb
• Upgrade eclipse-temurin to sha256:4c1ec9743c333c9d47f55d883c4e317d117e198899e7edf1d9cf4c89253b1b9d
• Upgrade gcr.io/kaniko-project/executor to sha256:c3109d5926a997b100c4343944e06c6b30a6804b2f9abe0994d3de6ef92b028e
• Upgrade registry.gitlab.com/haynes/jacoco2cobertura to sha256:1b8ee364eba07c074f907c9e28ade778671e437e09b5e4457849979fb4265065

Update dependency org.apache.maven.plugins:maven-site-plugin to v4.0.0-M16

• Schedule: ["at any time"]
• Branch name: renovate/plugin.maven-site.version
• Merge into: main
• Upgrade org.apache.maven.plugins:maven-site-plugin to 4.0.0-M16

Update dependency org.jacoco:jacoco-maven-plugin to v0.8.12

• Schedule: ["at any time"]
• Branch name: renovate/plugin.jacoco.version
• Merge into: main
• Upgrade org.jacoco:jacoco-maven-plugin to 0.8.12

Update docker.io/maven Docker tag to v3.9.9

• Schedule: ["at any time"]
• Branch name: renovate/docker.io-maven-3.x
• Merge into: main
• Upgrade docker.io/maven to sha256:440a97a9304d5f66cb96e01161724d0ac3a50d1d90c4cb99dffd94fe4282d31f

Update eclipse-temurin Docker tag to v21.0.5_11-jre

• Schedule: ["at any time"]
• Branch name: renovate/eclipse-temurin-21.x
• Merge into: main
• Upgrade eclipse-temurin to sha256:4c1ec9743c333c9d47f55d883c4e317d117e198899e7edf1d9cf4c89253b1b9d

Update registry.gitlab.com/haynes/jacoco2cobertura Docker tag to v1.0.10

• Schedule: ["at any time"]
• Branch name: renovate/registry.gitlab.com-haynes-jacoco2cobertura-1.x
• Merge into: main
• Upgrade registry.gitlab.com/haynes/jacoco2cobertura to sha256:a511ca02828bbbf042a7aad53617a9a09803b7fd33eba9c940c2bd64c5288784

Update dependency org.apache.maven.plugins:maven-project-info-reports-plugin to v3.8.0

• Schedule: ["at any time"]
• Branch name: renovate/plugin.maven-info.version
• Merge into: main
• Upgrade org.apache.maven.plugins:maven-project-info-reports-plugin to 3.8.0

Update dependency org.apache.maven.plugins:maven-surefire-report-plugin to v3.5.2

• Schedule: ["at any time"]
• Branch name: renovate/plugin.surefire.version
• Merge into: main
• Upgrade org.apache.maven.plugins:maven-surefire-report-plugin to 3.5.2

Update dependency org.codehaus.mojo:versions-maven-plugin to v2.17.1

• Schedule: ["at any time"]
• Branch name: renovate/plugin.versions-maven.version
• Merge into: main
• Upgrade org.codehaus.mojo:versions-maven-plugin to 2.17.1

Update dependency org.owasp:dependency-check-maven to v9.2.0

• Schedule: ["at any time"]
• Branch name: renovate/plugin.owasp.version
• Merge into: main
• Upgrade org.owasp:dependency-check-maven to 9.2.0

Update dependency org.springframework.boot:spring-boot-starter-parent to v3.3.5

• Schedule: ["at any time"]
• Branch name: renovate/spring-boot
• Merge into: main
• Upgrade org.springframework.boot:spring-boot-starter-parent to 3.3.5

Update dependency org.owasp:dependency-check-maven to v11

• Schedule: ["at any time"]
• Branch name: renovate/major-plugin.owasp.version
• Merge into: main
• Upgrade org.owasp:dependency-check-maven to 11.1.0

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

⚠️ Warning

Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this MR.

• Failed to look up maven package demo.ci-maven-demo:ci-maven-demo

Files affected: ci-maven-demo-service/pom.xml, ci-maven-demo-webapp/pom.xml, jacoco-report-aggregate/pom.xml

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

---

This MR has been generated by Renovate Bot.