dependabot[bot] opened a new pull request, #8812: URL: https://github.com/apache/camel-quarkus/pull/8812
Bumps [eu.maveniverse.maven.scalpel:extension](https://github.com/maveniverse/scalpel) from 0.3.5 to 0.3.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/maveniverse/scalpel/releases">eu.maveniverse.maven.scalpel:extension's releases</a>.</em></p> <blockquote> <h2>Scalpel 0.3.7</h2> <p>Fix <a href="https://redirect.github.com/maveniverse/scalpel/issues/39">#39</a>: Exclude .mvn/ files from source mapping and add testsSkipped boolean (<a href="https://redirect.github.com/maveniverse/scalpel/issues/42">#42</a>)</p> <p><code>apache/camel#24250</code></p> <ol> <li> <p>.mvn/ files (extensions.xml, maven.config) are Maven build infrastructure, not module source. When fullBuildTriggers is overridden to exclude .mvn/**, these files were still mapped to the root module as SOURCE_CHANGE, causing ALL reactor modules to cascade as DOWNSTREAM (670 instead of 45).</p> </li> <li> <p>The report JSON had testsSkippedReason (string) but no testsSkipped (boolean). CI scripts using jq '.testsSkipped == true' found 0 matches because the field did not exist — only testsSkippedReason was present.</p> </li> </ol> <p>Co-authored-by: Claude Opus 4.6 <a href="mailto:[email protected]">[email protected]</a></p> <h2>Scalpel 0.3.6</h2> <p>Fix <a href="https://redirect.github.com/maveniverse/scalpel/issues/39">#39</a>: Exclude upstream build-prerequisite modules from report affectedModules</p> <p>Upstream-only modules (pulled in by alsoMake for build ordering) are not genuinely affected by a change — they are build prerequisites. Including them in report mode's affectedModules causes sync-point modules like camel-allcomponents to explode the affected set to the entire reactor.</p> <p>Changes:</p> <ul> <li>Exclude UPSTREAM-category modules from report affectedModules</li> <li>Add excludedUpstreamCount field to JSON report for observability</li> <li>Deprecate REASON_UPSTREAM_DEPENDENCY constant (no longer emitted)</li> <li>Add comprehensive debug logging across POM analysis, reactor trimming, and report generation</li> <li>Guard debug calls with isDebugEnabled() where needed (S2629), balanced against cognitive complexity limits (S3776)</li> <li>Add regression tests covering upstream exclusion, BOM property changes, and the camel-like sync-point scenario (39 tests total)</li> </ul> <p>Co-Authored-By: Claude Opus 4.6 <a href="mailto:[email protected]">[email protected]</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/maveniverse/scalpel/commit/af81921f1f3ab1b88e16d92dbb323a4cdc5dc434"><code>af81921</code></a> Fix <a href="https://redirect.github.com/maveniverse/scalpel/issues/39">#39</a>: Exclude .mvn/ files from source mapping and add testsSkipped boolean...</li> <li><a href="https://github.com/maveniverse/scalpel/commit/35f8f2167fb49859a778b1458353edfd1b092b99"><code>35f8f21</code></a> Fix <a href="https://redirect.github.com/maveniverse/scalpel/issues/39">#39</a>: Exclude upstream build-prerequisite modules from report affectedModules</li> <li>See full diff in <a href="https://github.com/maveniverse/scalpel/compare/0.3.5...0.3.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
