This is an automated email from the ASF dual-hosted git repository.
pottlinger pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/creadur-rat.git
The following commit(s) were added to refs/heads/master by this push:
new 603fe8d2 Fix dependabot configuration to ignore non-JDK8 stuff
603fe8d2 is described below
commit 603fe8d278cf081cd0d64f2b3fc1b466ef827155
Author: P. Ottlinger <[email protected]>
AuthorDate: Tue Oct 7 22:51:11 2025 +0200
Fix dependabot configuration to ignore non-JDK8 stuff
Thanks to
https://github.com/dependabot/dependabot-core/issues/13141#issuecomment-3377625909
---
.github/dependabot.yml | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 52d46028..c166f5c4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -20,14 +20,17 @@ updates:
schedule:
interval: "daily"
ignore:
-# as we run on JDK8 we must not update tika-core that runs on >= JDK11
+# Remember that version range definitions depend on the build tool, thus for
Maven:
+#
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#versions-ignore
+#
https://maven.apache.org/pom.html#Dependency_Version_Requirement_Specification
+# RAT-478: as of 0.17 we run on JDK8 we must not update tika-core that runs on
>= JDK11
- dependency-name: "org.apache.tika:tika-core"
- versions: ["3.x"]
+ versions: ["[3,)"]
# as we run on JDK8 we must not update mockito as it dropped JDK8 beginning
from v4.x
- dependency-name: "org.mockito:mockito-core"
- versions: ["4.x", "5.x"]
+ versions: ["[3,)"]
- dependency-name: "com.github.spotbugs:spotbugs-maven-plugin"
- versions: ["4.9.x"]
+ versions: ["[4.9,)"]
- package-ecosystem: "github-actions"
directory: "/"
schedule:
