Merge pull request #1 from chains-project/main

Incorporate upstream.

.github/workflows/tests.yml

@@ -12,7 +12,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Set up JDK 17
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4
         with:

.github/workflows/validate-json-files.yml

@@ -10,7 +10,7 @@ jobs:
   validate-json:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       - name: Validate successfully reproduced breaking update JSON
         uses: cardinalby/schema-validator-action@v3

README.md

@@ -3,13 +3,24 @@
 ## Overview 
 Bump is a benchmark of breaking dependency updates. It can be downloaded from [`Zenodo`](https://zenodo.org/records/10041883).
 A breaking updates is defined as:
-a pair of commits for a Java project, which we designate as the pre-commit and the breaking-commit. 
+a pair of commits for a Java project, which we designate as the pre-commit and the breaking-commit, typically performed by bots such as 
+Dependabot and Renovate. 
 When we build the project with the pre-commit, compilation and test execution are successful, 
 while the build of the breaking-commit fails. 
 Each breaking-commit is a one-line change in the Maven pom file.
 
-This definition matches common dependency "bumps" as performed by bots such as 
-Dependabot and Renovate, but also corresponds to an update made by a human developer.
+If you use Bump, please cite:
+
+```bibtex
+@inproceedings{bump2024,
+ title = {BUMP: A Benchmark of Reproducible Breaking Dependency Updates},
+ booktitle = {Proceedings of SANER},
+ year = {2024},
+ doi = {10.1109/SANER60148.2024.00024},
+ author = {Frank Reyes and Yogya Gamage and Gabriel Skoglund and Benoit Baudry and Martin Monperrus},
+ url = {http://arxiv.org/pdf/2401.09906},
+}
+```
 
 ## Download BUMP 
 

pom.xml

@@ -13,7 +13,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.4.1</version>
+                <version>3.4.2</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -26,7 +26,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.2.5</version>
+                <version>3.3.0</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -85,7 +85,7 @@
         <dependency>
             <groupId>org.kohsuke</groupId>
             <artifactId>github-api</artifactId>
-            <version>1.321</version>
+            <version>1.323</version>
         </dependency>
         <dependency>
             <groupId>com.squareup.okhttp3</groupId>
@@ -100,7 +100,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.17.1</version>
+            <version>2.17.2</version>
         </dependency>
 
         <dependency>
@@ -132,18 +132,18 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.10.2</version>
+            <version>5.10.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.maven</groupId>
             <artifactId>maven-model</artifactId>
-            <version>3.9.6</version>
+            <version>3.9.8</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.10.1</version>
+            <version>2.11.0</version>
         </dependency>
     </dependencies>
 </project>