Skip to content

chore(deps): bump the quarkus group across 1 directory with 2 updates#428

Merged
ginccc merged 1 commit into
mainfrom
dependabot/maven/quarkus-b2d083f753
Apr 30, 2026
Merged

chore(deps): bump the quarkus group across 1 directory with 2 updates#428
ginccc merged 1 commit into
mainfrom
dependabot/maven/quarkus-b2d083f753

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 20, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the quarkus group with 2 updates in the / directory: io.quarkus.platform:quarkus-bom and io.quarkus.platform:quarkus-maven-plugin.

Updates io.quarkus.platform:quarkus-bom from 3.34.5 to 3.34.6

Commits
  • 01edd14 [maven-release-plugin] prepare release 3.34.6
  • 69e894e Merge pull request #1913 from gsmet/quarkus-3.34.6
  • a4ef3d4 Upgrade to Quarkus 3.34.6
  • bf883d1 Merge pull request #1901 from quarkusio/update-automation/3.34-operatorsdk-7.7.4
  • 8421bde Update OperatorSDK to 7.7.4
  • b5b0b14 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.34.5 to 3.34.6

Commits
  • 01edd14 [maven-release-plugin] prepare release 3.34.6
  • 69e894e Merge pull request #1913 from gsmet/quarkus-3.34.6
  • a4ef3d4 Upgrade to Quarkus 3.34.6
  • bf883d1 Merge pull request #1901 from quarkusio/update-automation/3.34-operatorsdk-7.7.4
  • 8421bde Update OperatorSDK to 7.7.4
  • b5b0b14 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Updates io.quarkus.platform:quarkus-maven-plugin from 3.34.5 to 3.34.6

Commits
  • 01edd14 [maven-release-plugin] prepare release 3.34.6
  • 69e894e Merge pull request #1913 from gsmet/quarkus-3.34.6
  • a4ef3d4 Upgrade to Quarkus 3.34.6
  • bf883d1 Merge pull request #1901 from quarkusio/update-automation/3.34-operatorsdk-7.7.4
  • 8421bde Update OperatorSDK to 7.7.4
  • b5b0b14 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

@dependabot @github

dependabot Bot commented on behalf of github Apr 20, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: chore. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Apr 20, 2026
@github-actions

github-actions Bot commented Apr 20, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

pom.xml

PackageVersionLicenseIssue Type
io.quarkus.platform:quarkus-bom3.34.6NullUnknown License
io.quarkus.platform:quarkus-maven-plugin3.34.6NullUnknown License
Denied Licenses: GPL-3.0, AGPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
maven/io.quarkus.platform:quarkus-bom 3.34.6 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 4Found 5/12 approved changesets -- score normalized to 4
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
maven/io.quarkus.platform:quarkus-maven-plugin 3.34.6 🟢 6.3
Details
CheckScoreReason
Code-Review🟢 4Found 5/12 approved changesets -- score normalized to 4
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy⚠️ 0security policy file not detected
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • pom.xml

@dependabot dependabot Bot changed the title chore(deps): bump the quarkus group with 2 updates chore(deps): bump the quarkus group across 1 directory with 2 updates Apr 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/maven/quarkus-b2d083f753 branch 2 times, most recently from ce27d5f to 26ed1a1 Compare April 26, 2026 15:34
@dependabot dependabot Bot requested review from ginccc and rolandpickl as code owners April 26, 2026 15:34
@dependabot dependabot Bot force-pushed the dependabot/maven/quarkus-b2d083f753 branch from 26ed1a1 to ab236eb Compare April 28, 2026 00:37
@dependabot
chore(deps): bump the quarkus group across 1 directory with 2 updates
24c7ada 
Bumps the quarkus group with 2 updates in the / directory: [io.quarkus.platform:quarkus-bom](https://github.com/quarkusio/quarkus-platform) and [io.quarkus.platform:quarkus-maven-plugin](https://github.com/quarkusio/quarkus-platform).


Updates `io.quarkus.platform:quarkus-bom` from 3.34.5 to 3.34.6
- [Commits](quarkusio/quarkus-platform@3.34.5...3.34.6)

Updates `io.quarkus.platform:quarkus-maven-plugin` from 3.34.5 to 3.34.6
- [Commits](quarkusio/quarkus-platform@3.34.5...3.34.6)

Updates `io.quarkus.platform:quarkus-maven-plugin` from 3.34.5 to 3.34.6
- [Commits](quarkusio/quarkus-platform@3.34.5...3.34.6)

---
updated-dependencies:
- dependency-name: io.quarkus.platform:quarkus-bom
  dependency-version: 3.34.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: quarkus
- dependency-name: io.quarkus.platform:quarkus-maven-plugin
  dependency-version: 3.34.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: quarkus
- dependency-name: io.quarkus.platform:quarkus-maven-plugin
  dependency-version: 3.34.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: quarkus
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/maven/quarkus-b2d083f753 branch from ab236eb to 24c7ada Compare April 29, 2026 19:51
@ginccc ginccc merged commit 8d167ef into main Apr 30, 2026
17 checks passed
@dependabot dependabot Bot deleted the dependabot/maven/quarkus-b2d083f753 branch April 30, 2026 06:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ginccc ginccc ginccc approved these changes
@rolandpickl rolandpickl Awaiting requested review from rolandpickl rolandpickl is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ginccc