diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 801e440e5..03f0f715a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,4 +12,31 @@ updates:
directory: "/"
schedule:
interval: "weekly"
+ ignore:
+ # gh-aw generated files — action SHAs are managed by `gh aw compile`
+ # via .github/aw/actions-lock.json, not by Dependabot.
+ # Dependabot's find-and-replace breaks lockfile metadata headers.
+ - dependency-name: "actions/github-script"
+ - dependency-name: "github/gh-aw-actions"
+ # Major version bumps may have breaking changes and must be
+ # evaluated and applied manually.
+ - dependency-name: "*"
+ update-types: ["version-update:semver-major"]
+ groups:
+ github-actions:
+ patterns:
+ - "*"
+ - package-ecosystem: "maven"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+ ignore:
+ # Major version bumps often drop Java 17 support or have breaking
+ # API changes. These must be evaluated and applied manually.
+ - dependency-name: "*"
+ update-types: ["version-update:semver-major"]
+ groups:
+ maven-deps:
+ patterns:
+ - "*"
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
index dbc577cc2..1143634f6 100644
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -46,7 +46,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+ - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 22
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
@@ -105,7 +105,7 @@ jobs:
- name: Create PR for JaCoCo badge update
if: success() && github.ref == 'refs/heads/main'
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+ uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
with:
commit-message: "Update JaCoCo coverage badge"
title: "Update JaCoCo coverage badge"
diff --git a/.github/workflows/codegen-check.yml b/.github/workflows/codegen-check.yml
index a27dfcf9d..b6f161d85 100644
--- a/.github/workflows/codegen-check.yml
+++ b/.github/workflows/codegen-check.yml
@@ -36,7 +36,7 @@ jobs:
# For PRs, check out the PR head so we can push back to it
repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
- - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+ - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 22
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
index 145629457..5bc3f5618 100644
--- a/.github/workflows/copilot-setup-steps.yml
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -24,12 +24,12 @@ jobs:
# Install GitHub CLI and gh-aw extension for Copilot Agent interaction
- name: Install gh-aw extension
- uses: github/gh-aw/actions/setup-cli@7a970851c1090295e55a16e549c61ba1ce227f16 # v0.42.17
+ uses: github/gh-aw/actions/setup-cli@ce1794953e0ec42adc41b6fca05e02ab49ee21c3 # v0.68.3
with:
version: v0.42.17
# Setup Node.js
- - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+ - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 22
diff --git a/.github/workflows/update-copilot-dependency.yml b/.github/workflows/update-copilot-dependency.yml
index 099fae439..f7faee073 100644
--- a/.github/workflows/update-copilot-dependency.yml
+++ b/.github/workflows/update-copilot-dependency.yml
@@ -29,7 +29,7 @@ jobs:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+ - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 22
diff --git a/pom.xml b/pom.xml
index 0880b0f4f..8864fe3c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -60,7 +60,7 @@
com.fasterxml.jackson.core
jackson-databind
- 2.21.1
+ 2.21.2
com.fasterxml.jackson.core
@@ -70,7 +70,7 @@
com.fasterxml.jackson.datatype
jackson-datatype-jsr310
- 2.21.1
+ 2.21.2
@@ -85,7 +85,7 @@
org.junit.jupiter
junit-jupiter
- 5.14.1
+ 5.14.3
test
@@ -112,7 +112,7 @@
com.github.spotbugs
spotbugs-maven-plugin
- 4.9.8.2
+ 4.9.8.3
config/spotbugs/spotbugs-exclude.xml
@@ -123,12 +123,12 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.14.1
+ 3.15.0
org.apache.maven.plugins
maven-jar-plugin
- 3.4.2
+ 3.5.0
@@ -215,7 +215,7 @@
org.apache.ant
ant
- 1.10.15
+ 1.10.17
@@ -223,7 +223,7 @@
org.codehaus.mojo
exec-maven-plugin
- 3.6.2
+ 3.6.3
install-harness-dependencies
@@ -245,7 +245,7 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.5.4
+ 3.5.5
${testExecutionAgentArgs} ${surefire.jvm.args}
@@ -278,7 +278,7 @@
com.diffplug.spotless
spotless-maven-plugin
- 2.44.5
+ 2.46.1
@@ -369,7 +369,7 @@
org.apache.maven.plugins
maven-resources-plugin
- 3.4.0
+ 3.5.0
filter-site-markdown
@@ -456,7 +456,7 @@
org.apache.maven.doxia
doxia-module-markdown
- 2.0.0
+ 2.1.0
@@ -515,13 +515,13 @@
org.apache.maven.plugins
maven-surefire-report-plugin
- 3.5.4
+ 3.5.5
com.github.spotbugs
spotbugs-maven-plugin
- 4.9.8.2
+ 4.9.8.3
config/spotbugs/spotbugs-exclude.xml
@@ -530,7 +530,7 @@
org.codehaus.mojo
taglist-maven-plugin
- 3.2.1
+ 3.2.2
@@ -555,7 +555,7 @@
org.apache.maven.plugins
maven-dependency-plugin
- 3.9.0
+ 3.10.0
@@ -659,7 +659,7 @@
org.codehaus.mojo
exec-maven-plugin
- 3.6.2
+ 3.6.3
update-copilot-schema-version
@@ -681,7 +681,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.5.0
+ 3.6.2
require-schema-version
@@ -712,7 +712,7 @@
org.codehaus.mojo
exec-maven-plugin
- 3.6.2
+ 3.6.3
codegen-npm-install
diff --git a/scripts/codegen/package-lock.json b/scripts/codegen/package-lock.json
index cbe41f202..682b30bc6 100644
--- a/scripts/codegen/package-lock.json
+++ b/scripts/codegen/package-lock.json
@@ -6,7 +6,7 @@
"": {
"name": "copilot-sdk-java-codegen",
"dependencies": {
- "@github/copilot": "^1.0.35",
+ "@github/copilot": "^1.0.36",
"json-schema": "^0.4.0",
"tsx": "^4.20.6"
}
@@ -428,26 +428,26 @@
}
},
"node_modules/@github/copilot": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot/-/copilot-1.0.35.tgz",
- "integrity": "sha512-O1nUy8DXOTE+v86b/FTkyu09EMrDy+vj+2rhmUOcmsXGe0RE5ECyESsasUTUoHK/CSgAExFTziNxbubUoiMMfg==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot/-/copilot-1.0.36.tgz",
+ "integrity": "sha512-x0N5wLzw+tANzb+vCFYLHn3BV3qii2oyn14wC20RO7SsS8/YeBH8olvwlDLJ4PB0mL17QOiytNCdkvjvprm28w==",
"license": "SEE LICENSE IN LICENSE.md",
"bin": {
"copilot": "npm-loader.js"
},
"optionalDependencies": {
- "@github/copilot-darwin-arm64": "1.0.35",
- "@github/copilot-darwin-x64": "1.0.35",
- "@github/copilot-linux-arm64": "1.0.35",
- "@github/copilot-linux-x64": "1.0.35",
- "@github/copilot-win32-arm64": "1.0.35",
- "@github/copilot-win32-x64": "1.0.35"
+ "@github/copilot-darwin-arm64": "1.0.36",
+ "@github/copilot-darwin-x64": "1.0.36",
+ "@github/copilot-linux-arm64": "1.0.36",
+ "@github/copilot-linux-x64": "1.0.36",
+ "@github/copilot-win32-arm64": "1.0.36",
+ "@github/copilot-win32-x64": "1.0.36"
}
},
"node_modules/@github/copilot-darwin-arm64": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot-darwin-arm64/-/copilot-darwin-arm64-1.0.35.tgz",
- "integrity": "sha512-NNZE0TOz0HOlv7eqlh6EcQbNkhtnIHReBLieW6pfDUUTKkgsqbUu1MOitF8m+LUQk3ml1T0MQ5MOfad1HSa/MQ==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot-darwin-arm64/-/copilot-darwin-arm64-1.0.36.tgz",
+ "integrity": "sha512-5qkb7frTS4K/LdTDLrzKo78VR4aw/EZ6JzLz4KfmaW4UYyPiNirExDFXa/By22X0o8YMfOp4MCA2KSCAxKdgTg==",
"cpu": [
"arm64"
],
@@ -461,9 +461,9 @@
}
},
"node_modules/@github/copilot-darwin-x64": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot-darwin-x64/-/copilot-darwin-x64-1.0.35.tgz",
- "integrity": "sha512-XCv/mfdv0rnrtrNVOluio/N/kyCge0uG2hghvtlgO/+z6EjvzFygkpXXS1gVxiXhWc3lX232cTXQU3zklC/8Ng==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot-darwin-x64/-/copilot-darwin-x64-1.0.36.tgz",
+ "integrity": "sha512-AdsM8QtM5QSzMLpavLREh8HALO5G+VWzGNQqIHu4f0YQC/s1cGoiwo3wsgkpxRcLGBykFc+bDX3yK3MDQ8XvSw==",
"cpu": [
"x64"
],
@@ -477,9 +477,9 @@
}
},
"node_modules/@github/copilot-linux-arm64": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot-linux-arm64/-/copilot-linux-arm64-1.0.35.tgz",
- "integrity": "sha512-mbaadATfJPzmXq2SD1TWocIG/GobcYC6OvNFhCG8UXMsiXY5cevhszl5ujuayhPJBxS77Yj5uvIFjNQ1Kf5V8Q==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot-linux-arm64/-/copilot-linux-arm64-1.0.36.tgz",
+ "integrity": "sha512-n7K1I6r0ggOJ4A9uAMS11USTvn6BKtAwvrOkzEaeRK89VNUJzpTe6p0mE13ItzRe5eot9WLBQOxvXLtL9f6E+g==",
"cpu": [
"arm64"
],
@@ -493,9 +493,9 @@
}
},
"node_modules/@github/copilot-linux-x64": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot-linux-x64/-/copilot-linux-x64-1.0.35.tgz",
- "integrity": "sha512-NrZ0VjztdBbJ5qAmuUtuKsWkimOaqzjDV+ZGUv1FxSxoys40kiiakQ5WbnMFDzaIFaf47zDi++6ixgQzq7Jk5A==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot-linux-x64/-/copilot-linux-x64-1.0.36.tgz",
+ "integrity": "sha512-wBtCdR3ITZcq07BJbkwHfwI6ayiwbH5pF1ex+Ycl4UI+Lf1vP9eQD6wJppPgsrjwFcdeWRThaYTPCRTkSGHv5g==",
"cpu": [
"x64"
],
@@ -509,9 +509,9 @@
}
},
"node_modules/@github/copilot-win32-arm64": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot-win32-arm64/-/copilot-win32-arm64-1.0.35.tgz",
- "integrity": "sha512-KQN7Q7+oPyglmvUEiMp6SYWjl30VSu91T0dUpNHbUs/xRM3qgnCymLPPUyBZGWHog/FueUAsRkhisMHWQVnO+g==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot-win32-arm64/-/copilot-win32-arm64-1.0.36.tgz",
+ "integrity": "sha512-0GzZUZQn07alI8BgbzK0NlR5+ta/Rd0sWmd8kbRCns7oybAIkSALy6BKVwJmVHtXUi6h4iUE8oiFhkn0spymvw==",
"cpu": [
"arm64"
],
@@ -525,9 +525,9 @@
}
},
"node_modules/@github/copilot-win32-x64": {
- "version": "1.0.35",
- "resolved": "https://registry.npmjs.org/@github/copilot-win32-x64/-/copilot-win32-x64-1.0.35.tgz",
- "integrity": "sha512-J0XhXO2FmlFr8pGa970xEd4tr1rqFiZxoaPW5WvkJYZoZUHbBhFcGasp5/yEeJ71b3vI4PHm/mSZZebD3ALMKQ==",
+ "version": "1.0.36",
+ "resolved": "https://registry.npmjs.org/@github/copilot-win32-x64/-/copilot-win32-x64-1.0.36.tgz",
+ "integrity": "sha512-UBX9qj0McCK/SLq93XIr1i80fj3b3XmE3befVFrzxQuTeOoxLURN35vi7W+4x+4ZfsDHQpRTlJNjZw9w0fPr+Q==",
"cpu": [
"x64"
],
diff --git a/scripts/codegen/package.json b/scripts/codegen/package.json
index 5cf9c687c..1b540376e 100644
--- a/scripts/codegen/package.json
+++ b/scripts/codegen/package.json
@@ -7,7 +7,7 @@
"generate:java": "tsx java.ts"
},
"dependencies": {
- "@github/copilot": "^1.0.35",
+ "@github/copilot": "^1.0.36",
"json-schema": "^0.4.0",
"tsx": "^4.20.6"
}