Skip to content

chore(deps): bump 7 low-risk build-tooling dependencies#39

Merged
fightBoxing merged 1 commit into
lance-format:mainfrom
fightBoxing:chore/deps-upgrade-low-risk
May 29, 2026
Merged

chore(deps): bump 7 low-risk build-tooling dependencies#39
fightBoxing merged 1 commit into
lance-format:mainfrom
fightBoxing:chore/deps-upgrade-low-risk

Conversation

@fightBoxing
Copy link
Copy Markdown
Collaborator

@fightBoxing fightBoxing commented May 29, 2026

Summary

Bumps 7 low-risk dependencies in a single PR, consolidating the equivalent Dependabot suggestions (#27, #28, #30, #33, #35, #36, #37). All upgrades are either patch/minor bumps of build-time tooling or GitHub Actions versions — no production runtime code or APIs are affected.

Changes

GitHub Actions (.github/workflows/pr-title.yml)

Action From To Related
actions/github-script v7 v9 #27
actions/setup-node v4 v6 #28

Maven build plugins (pom.xml)

Plugin From To Related
maven-compiler-plugin 3.11.0 3.15.0 #30
maven-jar-plugin 3.3.0 3.5.0 #33
maven-source-plugin 3.3.0 3.4.0 #35
maven-shade-plugin 3.5.0 3.6.2 #36
jacoco-maven-plugin 0.8.10 0.8.14 #37

Why one combined PR?

Each of the 7 individual Dependabot PRs touches a single line of build-tool config. Reviewing/merging them one by one creates unnecessary noise. They are independent, all build-time only, and have no inter-dependency, so combining is safe and saves reviewer cycles.

Risk

Very low. None of these dependencies appear in the production classpath:

  • All Maven plugins only run during mvn build/test phases.
  • GitHub Actions only run in CI.

No source code changes were required.

Verification

$ mvn -DskipTests compile
...
[INFO] --- compiler:3.15.0:compile (default-compile) @ flink-connector-lance ---
[INFO] argLine set to -javaagent:.../org.jacoco.agent-0.8.14-runtime.jar=...
[INFO] BUILD SUCCESS

Confirms maven-compiler-plugin 3.15.0 and jacoco-maven-plugin 0.8.14 are picked up correctly.

Out of scope (intentionally NOT included)

The following Dependabot PRs are not part of this batch and will be handled separately due to higher risk:

Closes

Closes #27, #28, #30, #33, #35, #36, #37

chore(deps): bump 7 low-risk dependencies
c51c0ac 
- actions/github-script v7 -> v9 (lance-format#27)
- actions/setup-node v4 -> v6 (lance-format#28)
- maven-compiler-plugin 3.11.0 -> 3.15.0 (lance-format#30)
- maven-jar-plugin 3.3.0 -> 3.5.0 (lance-format#33)
- maven-source-plugin 3.3.0 -> 3.4.0 (lance-format#35)
- maven-shade-plugin 3.5.0 -> 3.6.2 (lance-format#36)
- jacoco-maven-plugin 0.8.10 -> 0.8.14 (lance-format#37)

Verified with: mvn -DskipTests compile -> BUILD SUCCESS
@github-actions github-actions Bot added the chore Maintenance and chores label May 29, 2026
This was referenced May 29, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@fightBoxing fightBoxing merged commit e64c6ab into lance-format:main May 29, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

chore Maintenance and chores

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fightBoxing