From 8de93570c5acaadf58911b2f60b2965f543c1e14 Mon Sep 17 00:00:00 2001 From: Christoph John Date: Thu, 7 May 2026 09:39:33 +0200 Subject: [PATCH] Update dependabot.yml to ignore specific Maven dependency Added ignore rule for specific dependency version in Maven updates. --- .github/dependabot.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3f5555c833..ed9e5bc505 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,14 +3,16 @@ version: 2 updates: - - package-ecosystem: "maven" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "maven" + directory: "/" schedule: interval: "daily" open-pull-requests-limit: 10 + ignore: + - dependency-name: "org.apache.mina:mina-core" + versions: ["<= 2.2.4"] # Override the stale PR-comment ignore; allow any 2.2.5+ security fix - package-ecosystem: "github-actions" directory: "/" schedule: - # Check for updates to GitHub Actions every weekday interval: "daily" open-pull-requests-limit: 10