Dependency Dashboard

[renovate[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• [ ] Update dependency org.jetbrains.kotlinx:kotlinx-serialization-json to v1.7.2
• [ ] Update PMD packages to v7.5.0 (net.sourceforge.pmd:pmd-java, net.sourceforge.pmd:pmd-core)
• [ ] Update kotlin monorepo to v2 (major) (org.jetbrains.kotlin:kotlin-gradle-plugin, org.jetbrains.kotlin:kotlin-scripting-dependencies, org.jetbrains.kotlin:kotlin-scripting-jvm-host, org.jetbrains.kotlin:kotlin-scripting-jvm, org.jetbrains.kotlin:kotlin-scripting-common, org.jetbrains.kotlin:kotlin-reflect)
• [ ] Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• [ ] Update dependency org.jetbrains.kotlin.plugin.serialization to v2

Detected dependencies

dockerfile

Dockerfile

- `eclipse-temurin 17.0.12_7-jre`

docs/Dockerfile

github-actions

.github/workflows/build.yml

- `actions/checkout v4` - `actions/setup-java v4` - `gradle/actions v4` - `softprops/action-gh-release v2`

.github/workflows/codecov.yml

- `actions/checkout v4` - `actions/setup-java v4` - `gradle/actions v4` - `actions/upload-artifact v4` - `codecov/codecov-action v4`

.github/workflows/detekt.yml

- `actions/checkout v4` - `actions/setup-java v4` - `gradle/actions v4` - `github/codeql-action v3`

.github/workflows/docs.yml

- `actions/checkout v4` - `actions/setup-java v4` - `gradle/actions v4` - `actions/setup-python v5`

.github/workflows/upgrade.yml

- `actions/checkout v4` - `actions/setup-java v4` - `gradle/actions v4` - `actions/upload-artifact v4` - `actions/download-artifact v4` - `actions/github-script v7`

gradle

gradle.properties

settings.gradle.kts

build.gradle.kts

buildSrc/settings.gradle.kts

buildSrc/build.gradle.kts

buildSrc/src/main/kotlin/code-quality.gradle.kts

buildSrc/src/main/kotlin/documented-module.gradle.kts

buildSrc/src/main/kotlin/documented.gradle.kts

buildSrc/src/main/kotlin/features.gradle.kts

buildSrc/src/main/kotlin/metadata.gradle.kts

buildSrc/src/main/kotlin/module.gradle.kts

buildSrc/src/main/kotlin/publish.gradle.kts

code-coverage-report/build.gradle.kts

codyze-backends/cpg/build.gradle.kts

codyze-cli/build.gradle.kts

codyze-core/build.gradle.kts

codyze-plugins/build.gradle.kts

- `com.github.spotbugs:spotbugs 4.8.6` - `com.h3xstream.findsecbugs:findsecbugs-plugin 1.13.0` - `net.sourceforge.pmd:pmd-core 7.4.0` - `net.sourceforge.pmd:pmd-java 7.4.0`

codyze-specification-languages/coko/coko-core/build.gradle.kts

codyze-specification-languages/coko/coko-dsl/build.gradle.kts

gradle/libs.versions.toml

- `io.github.detekt.sarif4k:sarif4k 0.6.0` - `org.jetbrains.kotlinx:kotlinx-serialization-json 1.7.1` - `org.jetbrains.kotlin:kotlin-reflect 1.9.25` - `de.fraunhofer.aisec:cpg-core 8.3.0` - `de.fraunhofer.aisec:cpg-analysis 8.3.0` - `de.fraunhofer.aisec:cpg-language-cxx 8.3.0` - `de.fraunhofer.aisec:cpg-language-java 8.3.0` - `io.github.oshai:kotlin-logging-jvm 7.0.0` - `org.apache.logging.log4j:log4j-slf4j2-impl 2.23.1` - `com.github.ajalt.clikt:clikt 4.4.0` - `io.insert-koin:koin-core 3.5.6` - `io.insert-koin:koin-test 3.5.6` - `io.insert-koin:koin-test-junit5 3.5.6` - `org.jetbrains.kotlin:kotlin-scripting-common 1.9.25` - `org.jetbrains.kotlin:kotlin-scripting-jvm 1.9.25` - `org.jetbrains.kotlin:kotlin-scripting-jvm-host 1.9.25` - `org.jetbrains.kotlin:kotlin-scripting-dependencies 1.9.25` - `io.gitlab.arturbosch.detekt:detekt-formatting 1.23.6` - `org.junit:junit-bom 5.11.0` - `io.mockk:mockk 1.13.12` - `org.jetbrains.kotlin:kotlin-gradle-plugin 1.9.25` - `org.jetbrains.dokka:dokka-gradle-plugin 1.9.20` - `com.diffplug.spotless:spotless-plugin-gradle 6.25.0` - `io.gitlab.arturbosch.detekt:detekt-gradle-plugin 1.23.6` - `org.jetbrains.dokka:dokka-base 1.9.20` - `org.jetbrains.kotlin.plugin.serialization 1.9.25` - `org.jetbrains.dokka 1.9.20` - `com.diffplug.spotless 6.25.0`

gradle-wrapper

gradle/wrapper/gradle-wrapper.properties

- `gradle 8.10`

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository

[oxisto]

We should probably exclude dependencies in the script folder (or maybe get rid of those scripts anyway).

[fwendland]

I would like to keep the work in script but it might be better served elsewhere 🤔 I think that the tools are good for our own testing and third party users can use them as well.