forked from jenkinsci/jenkins
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dependabot.yml
61 lines (49 loc) · 2.49 KB
/
dependabot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "daily"
ignore:
# Exclusions in this section have been triaged and determined to be
# permanent. We do not anticipate removing exclusions from this section.
# Provided by Jetty and should be aligned with the version provided by the
# version of Jetty we deliver. See:
# https://github.com/jenkinsci/jenkins/pull/5211
- dependency-name: "jakarta.servlet:jakarta.servlet-api"
# Jetty Maven Plugin and Winstone should be upgraded in lockstep in order
# to keep their corresponding Jetty versions aligned.
- dependency-name: "org.eclipse.jetty:jetty-maven-plugin"
- dependency-name: "org.jenkins-ci:winstone"
# Log4j 1.2.17 is the final 1.x release.
- dependency-name: "log4j:log4j"
# Here lies technical debt. Exclusions in this section have been triaged
# and determined to be temporary. Exclusions should be removed from this
# section once the remaining action items have been completed.
# Fails test automation; needs further investigation.
- dependency-name: "com.google.inject:guice-bom"
# Contains incompatible API changes and needs compatibility work.
- dependency-name: "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api"
# This is a banned dependency, and we have a redundant trick in our POM to
# prevent it from being pulled in. If and when the reference is removed in
# our POM, this exclusion can also be removed.
- dependency-name: "javax.servlet:servlet-api"
# Needs significant testing. See:
# https://github.com/jenkinsci/jenkins/pull/5112#issuecomment-744429487
# https://github.com/jenkinsci/jenkins/pull/5116#issuecomment-744526638
- dependency-name: "org.codehaus.groovy:groovy-all"
versions: [">=2.5.0"]
# Consumed by Groovy and should be updated in lockstep with Groovy. See:
# https://github.com/jenkinsci/jenkins/pull/5184
- dependency-name: "org.fusesource.jansi:jansi"
# Requires Java 11 starting with version 2.0.2.
- dependency-name: "org.glassfish.tyrus.bundles:tyrus-standalone-client-jdk"
versions: [">=2.0.2"]
# Contains incompatible API changes and needs compatibility work. See:
# https://github.com/jenkinsci/jenkins/pull/4224
- dependency-name: "org.jfree:jfreechart"