| # |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to you under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| version: 2 |
| # Add Maven Central explicitly to work around: |
| # https://github.com/dependabot/dependabot-core/issues/8329 |
| registries: |
| maven-central: |
| type: maven-repository |
| url: https://repo.maven.apache.org/maven2 |
| |
| updates: |
| - package-ecosystem: maven |
| directory: "/" |
| open-pull-requests-limit: 10 |
| schedule: |
| interval: "daily" |
| target-branch: "2.x" |
| registries: |
| - maven-central |
| ignore: |
| # Jetty 10.x does not have an internal logging API |
| - dependency-name: "org.eclipse.jetty:*" |
| update-types: ["version-update:semver-major"] |
| # EclipseLink 3.x is Jakarta EE 9 |
| - dependency-name: "org.eclipse.persistence:*" |
| update-types: ["version-update:semver-major"] |
| # Spring 6.x is Jakarta EE 9 |
| - dependency-name: "org.springframework:*" |
| update-types: ["version-update:semver-major"] |
| # Spring Boot 3.x is Jakarta EE 9 |
| - dependency-name: "org.springframework.boot:*" |
| update-types: ["version-update:semver-major"] |
| # Spring Cloud 2022.x is Jakarta EE 9 |
| - dependency-name: "org.springframework.cloud:*" |
| update-types: ["version-update:semver-major"] |
| # Tomcat Juli 10.1.x requires Java 11 |
| - dependency-name: "org.apache.tomcat:*" |
| update-types: ["version-update:semver-major", "version-update:semver-minor"] |
| # Keep Logback version 1.2.x |
| - dependency-name: "ch.qos.logback:*" |
| update-types: ["version-update:semver-major", "version-update:semver-minor"] |
| # Mockito 5.x requires Java 11 |
| - dependency-name: "org.mockito:*" |
| update-types: ["version-update:semver-major"] |
| # JUnit Pioneer 2.x requires Java 11 |
| - dependency-name: "org.junit-pioneer:*" |
| update-types: ["version-update:semver-major"] |
| # Apache Cassandra: keep version 3.x |
| - dependency-name: "org.apache.cassandra:*" |
| versions: ["[4.0.0,)"] |
| # Kubernetes: keep version 5.x |
| - dependency-name: "io.fabric8:*" |
| versions: ["[6.0.0,)"] |
| # `com.conversantmedia:disruptor` 1.2.16 requires Java 9 |
| - dependency-name: "com.conversantmedia:disruptor" |
| versions: ["[1.2.16,)"] |
| # Keep Jakarta EE at version 9.0 |
| - dependency-name: "jakarta.platform:*" |
| versions: ["[10.0.0,)"] |
| # OpenRewrite is quite noisy. Let us skip patch and minor updates: |
| - dependency-name: "org.openrewrite:*" |
| update-types: ["version-update:semver-minor", "version-update:semver-patch"] |
| - dependency-name: "org.openrewrite.maven:*" |
| update-types: ["version-update:semver-minor", "version-update:semver-patch"] |
| - dependency-name: "org.openrewrite.recipe:*" |
| update-types: ["version-update:semver-minor", "version-update:semver-patch"] |
| # Json Unit 3.x requires Java 17 |
| - dependency-name: "net.javacrumbs.json-unit:*" |
| versions: ["[3.0.0,)"] |
| # Update both `disruptor.version` to latest 3.x version |
| # and `disruptor4.version` to latest 4.x version |
| - dependency-name: "com.lmax:disruptor" |
| update-types: ["version-update:semver-major"] |
| # WebCompere System Stubs requires Java 11 |
| - dependency-name: "uk.org.webcompere:*" |
| versions: ["2.1.0,)"] |
| # SLF4J 1.7.x should only upgrade to 1.7.x and |
| # SLF4J 2.x should only upgrade to 2.x. |
| - dependency-name: "org.slf4j:slf4j-api" |
| update-types: ["version-update:semver-major"] |
| # Plexus Utils 4.x are for Maven 4.x |
| - dependency-name: "org.codehaus.plexus:plexus-utils" |
| versions: ["4,)"] |
| # MongoDB 3.x should only upgrade to 3.x and |
| # MongoDB 4.x should only upgrade to 4.x |
| - dependency-name: "org.mongodb:*" |
| update-types: ["version-update:semver-major"] |
| |
| - package-ecosystem: github-actions |
| directory: "/" |
| schedule: |
| interval: "daily" |
| target-branch: "2.x" |
| |
| - package-ecosystem: maven |
| directory: "/" |
| open-pull-requests-limit: 10 |
| schedule: |
| interval: "daily" |
| target-branch: "main" |
| registries: |
| - maven-central |
| ignore: |
| # Jetty 10.x does not have an internal logging API |
| - dependency-name: "org.eclipse.jetty:*" |
| update-types: ["version-update:semver-major"] |
| # EclipseLink 3.x is Jakarta EE 9 |
| - dependency-name: "org.eclipse.persistence:*" |
| update-types: ["version-update:semver-major"] |
| # Spring 6.x is Jakarta EE 9 |
| - dependency-name: "org.springframework:*" |
| update-types: ["version-update:semver-major"] |
| # Spring Boot 3.x is Jakarta EE 9 |
| - dependency-name: "org.springframework.boot:*" |
| update-types: ["version-update:semver-major"] |
| # Spring Cloud 2022.x is Jakarta EE 9 |
| - dependency-name: "org.springframework.cloud:*" |
| update-types: ["version-update:semver-major"] |
| # Keep Logback version 1.2.x |
| - dependency-name: "ch.qos.logback:*" |
| update-types: ["version-update:semver-major", "version-update:semver-minor"] |
| # Apache Cassandra: keep version 3.x |
| - dependency-name: "org.apache.cassandra:*" |
| versions: ["[4.0.0,)"] |
| # Kubernetes: keep version 5.x |
| - dependency-name: "io.fabric8:*" |
| versions: ["[6.0.0,)"] |
| # Keep Jakarta EE at version 9.0 |
| - dependency-name: "jakarta.platform:*" |
| versions: ["[10.0.0,)"] |
| # OpenRewrite is quite noisy. Let us skip patch and minor updates: |
| - dependency-name: "org.openrewrite:*" |
| update-types: ["version-update:semver-minor", "version-update:semver-patch"] |
| - dependency-name: "org.openrewrite.maven:*" |
| update-types: ["version-update:semver-minor", "version-update:semver-patch"] |
| - dependency-name: "org.openrewrite.recipe:*" |
| update-types: ["version-update:semver-minor", "version-update:semver-patch"] |
| # Json Unit 3.x requires Java 17 |
| - dependency-name: "net.javacrumbs.json-unit:*" |
| versions: ["[3.0.0,)"] |
| # SLF4J 1.7.x should only upgrade to 1.7.x and |
| # SLF4J 2.x should only upgrade to 2.x. |
| - dependency-name: "org.slf4j:slf4j-api" |
| update-types: ["version-update:semver-major"] |
| # Plexus Utils 4.x are for Maven 4.x |
| - dependency-name: "org.codehaus.plexus:plexus-utils" |
| versions: ["[4,)"] |
| # Don't upgrade to 3.x |
| - dependency-name: "org.apache.logging.log4j:log4j-api" |
| versions: ["[3,)"] |
| |
| - package-ecosystem: github-actions |
| directory: "/" |
| schedule: |
| interval: "daily" |
| target-branch: "main" |