Configure Renovate

[renovate[bot]]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• certextractor/Dockerfile (dockerfile)
• .github/workflows/merge-main.yml (github-actions)
• .github/workflows/pr-close.yml (github-actions)
• .github/workflows/pr-open.yml (github-actions)
• core/pom.xml (maven)
• spring/pom.xml (maven)
• core/.mvn/wrapper/maven-wrapper.properties (maven-wrapper)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Disable Docker major updates.
• Group all minor and patch updates together.
• Group all @types packages together.
• Group various lint packages together.
• Group known monorepo packages together.
• Group React and corresponding @types packages together.
• Use curated list of recommended non-monorepo package groupings.
• Automerge digest upgrades if they pass tests.
• Update lint packages automatically if tests pass.
• Automerge patch and minor upgrades if they pass tests.
• Automerge patch upgrades if they pass tests.
• Raise a PR first before any automerging.
• Require all status checks to pass before any automerging.
• Update @types/* packages automatically if tests pass.
• Do not separate patch and minor upgrades into separate PRs for the same dependency.
• Raise PR when vulnerability alerts are detected.
• Run lock file maintenance (updates) on the first day of each month.
• Preserve (but continue to upgrade) any existing SemVer ranges.
• Rebase existing PRs any time the base branch has been updated.
• Use semantic prefixes for commit messages and PR titles.
• Use semantic commit scope deps for all commits and PR titles.
• Default preset for use with Renovate's repos
• Presets from https://github.com/bcgov/renovate-config

🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.

---

What to Expect

With your current configuration, Renovate will create 5 Pull Requests:

chore(deps): update dependency com.github.tomakehurst:wiremock-jre8-standalone to v2.35.1 [security]

- Branch name: `renovate/maven-com.github.tomakehurst-wiremock-jre8-standalone-vulnerability` - Merge into: `main` - Upgrade [com.github.tomakehurst:wiremock-jre8-standalone](https://togithub.com/wiremock/wiremock) to `2.35.1`

chore(deps): update all non-major dependencies

- Schedule: ["at any time"] - Branch name: `renovate/all-minor-patch` - Merge into: `main` - Upgrade eclipse-temurin to `17.0.9_9-jdk-alpine` - Upgrade maven to `3.9.5`

chore(deps): update maven all non-major dependencies

- Schedule: ["at any time"] - Branch name: `renovate/maven-all-minor-patch` - Merge into: `main` - Upgrade [org.cyclonedx:cyclonedx-maven-plugin](https://togithub.com/CycloneDX/cyclonedx-maven-plugin) to `2.7.10` - Upgrade org.apache.maven.plugins:maven-checkstyle-plugin to `3.3.1` - Upgrade org.apache.maven.plugins:maven-enforcer-plugin to `3.4.1` - Upgrade org.apache.maven.plugins:maven-javadoc-plugin to `3.6.2` - Upgrade [org.jacoco:jacoco-maven-plugin](https://togithub.com/jacoco/jacoco) to `0.8.11` - Upgrade org.apache.maven.plugins:maven-surefire-plugin to `3.2.2` - Upgrade org.apache.maven.plugins:maven-failsafe-plugin to `3.2.2` - Upgrade [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml/src) to `2.2` - Upgrade [org.testcontainers:oracle-xe](https://togithub.com/testcontainers/testcontainers-java) to `1.19.1` - Upgrade [org.springdoc:springdoc-openapi-starter-webflux-api](https://togithub.com/springdoc/springdoc-openapi) to `2.2.0` - Upgrade [io.swagger.core.v3:swagger-annotations](https://togithub.com/swagger-api/swagger-core) to `2.2.18` - Upgrade [org.slf4j:slf4j-api](https://togithub.com/qos-ch/slf4j) to `2.0.9` - Upgrade [com.fasterxml.jackson.core:jackson-annotations](https://togithub.com/FasterXML/jackson-annotations) to `2.15.3` - Upgrade [org.apache.commons:commons-lang3](https://gitbox.apache.org/repos/asf?p=commons-lang.git) to `3.13.0` - Upgrade [org.testcontainers:testcontainers-bom](https://togithub.com/testcontainers/testcontainers-java) to `1.19.1` - Upgrade [org.projectlombok:lombok](https://togithub.com/projectlombok/lombok) to `1.18.30` - Upgrade [org.springframework.boot:spring-boot-starter-parent](https://togithub.com/spring-projects/spring-boot) to `3.1.5`

chore(deps): update github actions all dependencies

- Schedule: ["at any time"] - Branch name: `renovate/github-actions-all` - Merge into: `main` - Upgrade [bcgov-nr/action-builder-ghcr](https://togithub.com/bcgov-nr/action-builder-ghcr) to `v1.3.0` - Upgrade [bcgov-nr/action-pr-description-add](https://togithub.com/bcgov-nr/action-pr-description-add) to `v1.1.0`

chore(deps): update github actions all dependencies (major)

- Schedule: ["at any time"] - Branch name: `renovate/major-github-actions-all` - Merge into: `main` - Upgrade [TriPSs/conventional-changelog-action](https://togithub.com/TriPSs/conventional-changelog-action) to `v4` - Upgrade [actions/checkout](https://togithub.com/actions/checkout) to `v4` - Upgrade [bcgov-nr/action-builder-ghcr](https://togithub.com/bcgov-nr/action-builder-ghcr) to `v2.0.0` - Upgrade [bcgov-nr/action-test-and-analyse-java](https://togithub.com/bcgov-nr/action-test-and-analyse-java) to `v1.0.0`

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

[!WARNING] Please correct - or verify that you can safely ignore - these dependency lookup failures before you merge this PR.

• Failed to look up maven package ca.bc.gov.nrs-commons:forest-client-core

Files affected: spring/pom.xml

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

---

This PR has been generated by Mend Renovate. View repository job log here.

---

Thanks for the PR!

<dependency>
  <groupId>ca.bc.gov.nrs-commons</groupId>
  <artifactId>forest-client-core</artifactId>
  <version>0.1.2.PR11</version>
</dependency>

<dependency>
  <groupId>ca.bc.gov.nrs-commons</groupId>
  <artifactId>forest-client-spring</artifactId>
  <version>0.1.2.PR11</version>
</dependency>

Once merged, the code will be promoted and handed off to the following workflow run. Main Merge Workflow

[github-actions[bot]]

Current changelog

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information