Skip to content

Upgrade spotbugs and pitest-maven to latest patch versions #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bernardladenthin merged 2 commits into from
Jun 10, 2026
Merged

Upgrade spotbugs and pitest-maven to latest patch versions #220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5fd73a2
Block all net.jqwik Dependabot updates (anti-AI policy)
claude Jun 10, 2026
accedf9
Align spotbugs-maven-plugin to 4.9.8.4 and pitest-maven to 1.25.4
claude Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ updates:
directory: "/"
schedule:
interval: "weekly"
# Anti-AI policy: jqwik >=1.10 injects prompts targeting AI agents in test
# stdout. Pinned at 1.9.3; block ALL net.jqwik updates. See README.
ignore:
- dependency-name: "net.jqwik:*"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -598,7 +598,7 @@ The system's updated C++ runtime will be used instead, resolving the crash.

### Contributors: do not upgrade jqwik past 1.9.3

> ⚠️ **DO NOT UPGRADE jqwik past 1.9.3.** jqwik 1.10.0 added an anti-AI prompt-injection string to test stdout; the 1.10.1 user guide states the library "is not meant to be used by any 'AI' coding agents at all." 1.9.3 is the last pre-disclosure release and is the pinned version. See `CLAUDE.md` section "jqwik prompt-injection in test output" for the full context.
> ⚠️ **DO NOT UPGRADE jqwik past 1.9.3.** jqwik 1.10.0 added an anti-AI prompt-injection string to test stdout; the 1.10.1 user guide states the library "is not meant to be used by any 'AI' coding agents at all." 1.9.3 is the last pre-disclosure release and is the pinned version. See `CLAUDE.md` section "jqwik prompt-injection in test output" for the full context. Dependabot is configured to ignore **all** `net.jqwik` updates (every version, including patches) — see the `ignore` rule in [`.github/dependabot.yml`](./.github/dependabot.yml).

## Similar Projects / Usage

Expand Down
6 changes: 3 additions & 3 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ SPDX-License-Identifier: MIT
section "jqwik prompt-injection in test output" for full context. -->
<jqwik.version>1.9.3</jqwik.version>
<archunit.version>1.4.2</archunit.version>
<spotbugs.version>4.9.8.3</spotbugs.version>
<spotbugs.version>4.9.8.4</spotbugs.version>
<fb-contrib.version>7.7.4</fb-contrib.version>
<findsecbugs.version>1.14.0</findsecbugs.version>
<spotless.version>3.6.0</spotless.version>
Expand Down Expand Up @@ -296,7 +296,7 @@ SPDX-License-Identifier: MIT
<plugin>
<groupId>org.pitest</groupId>
<artifactId>pitest-maven</artifactId>
<version>1.25.3</version>
<version>1.25.4</version>
</plugin>
<plugin>
<groupId>org.sonatype.central</groupId>
Expand Down Expand Up @@ -643,7 +643,7 @@ SPDX-License-Identifier: MIT
mutation parity, gated at a 100% threshold on every CI build. Expand
the targetClasses globs as further packages reach parity (see README
TODO). The value/ and exception/ trees are at 100% (verified with
pitest-maven 1.25.3); their unit tests are pure-Java (no native
pitest-maven 1.25.4); their unit tests are pure-Java (no native
libjllama / model file needed).
-->
<groupId>org.pitest</groupId>
Expand Down
Loading