Update dependency com.autonomousapps.dependency-analysis to v2.6.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
com.autonomousapps.dependency-analysis	2.5.0 -> 2.6.0

---

Release Notes

autonomousapps/dependency-analysis-android-gradle-plugin (com.autonomousapps.dependency-analysis)

v2.6.0

• [Feat]: improvements relating to generating project graphs.
• [Fix]: use stable kotlin-metadata 2.0.21.
• [Fix]: error message code example
• [Chore]: use graph-support v0.4.
• [Chore]: build with Gradle 8.11.1.
• [Chore]: use com.gradle.develocity plugin exclusively.
• [Chore]: replace deprecated kotlinOptions with compilerOptions.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

settings.gradle.kts

Package	Version	License	Issue Type
org.jetbrains.kotlin:kotlin-metadata-jvm	2.0.21	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
maven/com.autonomousapps:dependency-analysis-gradle-plugin	2.6.0	Unknown	Unknown
maven/com.autonomousapps:graph-support	0.4	Unknown	Unknown
maven/com.google.errorprone:error_prone_annotations	2.28.0	🟢 6.2	Details Check Score Reason Code-Review 🟢 4 Found 12/30 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 1 9 existing vulnerabilities detected
maven/com.google.guava:guava	33.3.1-jre	🟢 8.6	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 19 out of 19 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review 🟢 3 Found 11/29 approved changesets -- score normalized to 3 Contributors 🟢 10 project has 10 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
maven/com.google.j2objc:j2objc-annotations	3.0.0	🟢 4.9	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
maven/org.checkerframework:checker-qual	3.43.0	🟢 3.8	Details Check Score Reason Code-Review 🟢 5 Found 10/20 approved changesets -- score normalized to 5 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ -1 No tokens found Maintained 🟢 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Security-Policy ⚠️ 0 security policy file not detected License 🟢 9 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts ⚠️ -1 internal error: failure checking for Gradle wrapper validating Action: failure listing workflow runs: internal error: ListWorkflowRunsByFileName: GET https://api.github.com/repos/typetools/checker-framework/actions/workflows/gradle-wrapper-validation.yml-DISABLED/runs?status=success: 404 Not Found [] Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
maven/org.jetbrains.kotlin:kotlin-metadata-jvm	2.0.21	Unknown	Unknown

Scanned Files

• settings.gradle.kts