chore(deps): bump io.appium:java-client from 9.4.0 to 10.1.1#17
Conversation
Bumps [io.appium:java-client](https://github.com/appium/java-client) from 9.4.0 to 10.1.1. - [Release notes](https://github.com/appium/java-client/releases) - [Changelog](https://github.com/appium/java-client/blob/master/CHANGELOG.md) - [Commits](appium/java-client@v9.4.0...v10.1.1) --- updated-dependencies: - dependency-name: io.appium:java-client dependency-version: 10.1.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dj4oC
left a comment
There was a problem hiding this comment.
Dependabot gradle bump: io.appium:java-client 9.4.0→10.1.1 — a major version bump (test-only dependency, not shipped in the app APK).
Findings
Nothing blocking, one caveat for visibility: this is a major version with a documented v9→v10 migration guide (removed deprecated Selenium Location/LocationContext usages) and a Selenium floor bump to 4.42.0. compile check is green on the current head SHA, but this repo's e2e Appium test workflow doesn't run on dependency-bump PRs (only on schedule/manual), so compile-green is the only automated signal we have — it doesn't exercise actual Appium runtime behavior. No known CVE; 10.1.1 actually adds a security hardening fix to overrideServerUrl.
Verdict
Approved — Dependabot fast-lane eligible (CI green, no open human/bot questions, no known CVE). Flagging the major-version/compile-only-signal caveat for awareness, not blocking.
Generated by Claude Code
Generated by Claude Code |
There was a problem hiding this comment.
Pull request overview
Updates the Gradle version catalog to use a newer major release of Appium’s Java client library, aligning this repo’s E2E/Appium-based tests with the latest upstream fixes and Selenium compatibility range.
Changes:
- Bump
io.appium:java-clientfrom9.4.0to10.1.1in the version catalog.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Bumps io.appium:java-client from 9.4.0 to 10.1.1.
Release notes
Sourced from io.appium:java-client's releases.
... (truncated)
Changelog
Sourced from io.appium:java-client's changelog.
... (truncated)
Commits
82a0e4arelease: v10.1.1 (#2409)bfe5cd5fix: Make the library compatible to Selenium 4.44 (#2410)2b9cd44fix: Perform additional security checks on overrideServerUrl API (#2408)6b7597fchore: make API changes compatible with Selenium 4.42.0 (#2390)40f0341build(deps): Bump org.owasp.dependencycheck from 12.2.0 to 12.2.1 (#2407)29b3e9abuild(deps): Bump io.github.bonigarcia:webdrivermanager (#2406)aeb244dbuild(deps): Bump com.gradleup.shadow from 9.4.0 to 9.4.1 (#2404)f6c838bbuild(deps): Bump gradle-wrapper from 9.4.0 to 9.4.1 (#2403)92ff52ebuild(deps): Bump org.projectlombok:lombok from 1.18.42 to 1.18.44 (#2401)9a36a4abuild(deps): Bump com.gradleup.shadow from 9.3.2 to 9.4.0 (#2400)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)