Update all non-major dependencies by renovate[bot] · Pull Request #97 · SonarSource/cloud-native-gradle-modules

renovate · 2026-02-02T02:25:18Z

This PR contains the following updates:

Package	Change	Age	Confidence
com.sonarsource.rule-api:rule-api (source)	`2.19.0.5763` → `2.20.0.5857`
org.sonarqube	`7.1.0.6387` → `7.2.3.7755`
com.gradleup.shadow:com.gradleup.shadow.gradle.plugin	`9.3.1` → `9.4.1`
com.fasterxml.jackson:jackson-bom	`2.20.1` → `2.21.3`
com.diffplug.spotless	`8.1.0` → `8.4.0`
com.diffplug.spotless:spotless-plugin-gradle	`8.1.0` → `8.4.0`

Release Notes

GradleUp/shadow (com.gradleup.shadow:com.gradleup.shadow.gradle.plugin)

`v9.4.1`

Compare Source

Changed

Update Kotlin to 2.3.20. (#1978)

`v9.4.0`

Compare Source

Added

Support Isolated Projects. (#1139)

Changed

Allow opting out of adding shadowJar into assemble lifecycle. (#1939)

shadow {
  // Disable making `assemble` task depend on `shadowJar`. This is enabled by default.
  addShadowJarToAssembleLifecycle = false
}

Stop catching ZipException when writing entries. (#1970)

Fixed

Fix interaction with Gradle artifact transforms. (#1345)
Fix skipStringConstants per-relocator behavior in mapName. (#1968)
Fix failing for non-existent class directories. (#1976)

`v9.3.2`

Compare Source

Changed

Stop moving gradleApi dependency from api to compileOnly for Gradle 9.4+. (#1919)
Log warnings for duplicates in the final JAR. (#1931)

Fixed

Fix relocation patterns not included in task fingerprint. (#1933)

Configuration

📅 Schedule: (in timezone CET)

Branch creation
- "before 4am on Monday"
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

sonarqube-next · 2026-02-02T02:30:10Z

Quality Gate passed for 'cloud-native-gradle-modules'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonarqube-next · 2026-03-04T15:53:12Z

Quality Gate passed for 'cloud-native-gradle-modules'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonarqube-next · 2026-04-08T10:59:38Z

Quality Gate passed for 'cloud-native-gradle-modules'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonar-review-alpha · 2026-04-15T13:23:38Z

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

This is a Renovate-automated dependency update for non-major versions. Five dependencies are bumped in gradle/libs.versions.toml:

spotless-gradle: 8.1.0 → 8.4.0
jackson: 2.20.1 → 2.21.3
gradle-plugin-shadow: 9.3.1 → 9.4.1
sonar-scanner-gradle: 7.1.0.6387 → 7.2.3.7755

Plus one direct dependency update in the rule-api gradle plugin: com.sonarsource.rule-api:rule-api 2.19.0.5763 → 2.20.0.5857.

All are minor or patch version updates with no breaking changes expected.

What reviewers should know

Review scope: Changes are confined to dependency declarations in two files:

gradle/libs.versions.toml (version catalog, 4 updates)
gradle-modules/src/main/kotlin/org.sonarsource.cloud-native.rule-api.gradle.kts (1 update)

Key notes:

Shadow plugin 9.4.0 added support for Isolated Projects and changed the default shadowJar lifecycle behavior (configurable via addShadowJarToAssembleLifecycle). Verify the build behaves as expected if this project uses shadow.
Jackson jumped from 2.20.1 to 2.21.3 (minor bump, safe).
All other updates are patch versions.

Testing: Run the Gradle build to verify no compatibility issues with the new versions.

Generate Walkthrough
Generate Diagram

🗣️ Give feedback

sonarqube-next · 2026-04-21T17:51:04Z

Quality Gate passed for 'cloud-native-gradle-modules'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonarqube-next · 2026-05-03T22:45:34Z

Quality Gate passed for 'cloud-native-gradle-modules'

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
0 Dependency risks
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

sonar-review-alpha

LGTM! ✅

Clean dependency update with no functional issues. All bumps are non-breaking minor/patch releases in well-established libraries.

One minor discrepancy worth noting: the PR description says jackson-bom goes to 2.21.2, but the actual diff shows 2.21.3. This is a stale auto-generated Renovate description with no code impact.

Shadow plugin 9.3.1 → 9.4.1: The most significant upstream change is the new addShadowJarToAssembleLifecycle opt-out flag (default: true). Since it defaults to enabled, the existing sonar-plugin.gradle.kts behavior is unchanged — archives(tasks.shadowJar) still works as before. The other 9.4.x changes (Isolated Projects support, artifact-transform interaction fix, relocation fingerprinting fix) are all beneficial or additive.

🗣️ Give feedback

renovate Bot added the dependencies label Feb 2, 2026

renovate Bot requested a review from a team February 2, 2026 02:25

renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 1c5259c to 1bc4078 Compare February 16, 2026 23:13

renovate Bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from a2dd906 to d632b2b Compare February 23, 2026 03:01

renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 636987b to 20ea299 Compare March 4, 2026 15:49

renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 2b080c2 to a0b156d Compare March 18, 2026 18:52

This comment was marked as resolved.

Sign in to view

renovate Bot force-pushed the renovate/all-minor-patch branch from a0b156d to 749c8b3 Compare March 20, 2026 18:43

This comment was marked as resolved.

Sign in to view

renovate Bot force-pushed the renovate/all-minor-patch branch from 749c8b3 to d969117 Compare March 27, 2026 11:03