diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 8c2bd4291a6e..000000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" - - package-ecosystem: "maven" - directory: "/" - schedule: - interval: "daily" - ignore: - # Exclusions in this section have been triaged and determined to be - # permanent. We do not anticipate removing exclusions from this section. - - # Provided by Jetty and should be aligned with the version provided by the - # version of Jetty we deliver. See: - # https://github.com/jenkinsci/jenkins/pull/5211 - - dependency-name: "jakarta.servlet:jakarta.servlet-api" - - # Jetty Maven Plugin and Winstone should be upgraded in lockstep in order - # to keep their corresponding Jetty versions aligned. - - dependency-name: "org.eclipse.jetty:jetty-maven-plugin" - - dependency-name: "org.jenkins-ci:winstone" - - # Here lies technical debt. Exclusions in this section have been triaged - # and determined to be temporary. Exclusions should be removed from this - # section once the remaining action items have been completed. - - # Contains incompatible API changes and needs compatibility work. - - dependency-name: "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api" - - # Needs significant testing. See: - # https://github.com/jenkinsci/jenkins/pull/5112#issuecomment-744429487 - # https://github.com/jenkinsci/jenkins/pull/5116#issuecomment-744526638 - - dependency-name: "org.codehaus.groovy:groovy-all" - versions: [">=2.5.0"] - - # Consumed by Groovy and should be updated in lockstep with Groovy. See: - # https://github.com/jenkinsci/jenkins/pull/5184 - - dependency-name: "org.fusesource.jansi:jansi" - - # Contains incompatible API changes and needs compatibility work. See: - # https://github.com/jenkinsci/jenkins/pull/4224 - - dependency-name: "org.jfree:jfreechart" - - # Starting with 6.x, Spring requires Java 17 at a minimum. - - dependency-name: "org.springframework:spring-framework-bom" - versions: [">=6.0.0"] - - # Starting with 6.x, Spring Security requires Java 17 at a minimum. - - dependency-name: "org.springframework.security:spring-security-bom" - versions: [">=6.0.0"] - - # Starting with 7.x, Guice switches from javax.* to jakarta.* bindings. - # See https://github.com/google/guice/wiki/Guice700 - - dependency-name: "com.google.inject:guice-bom" - versions: [">=7.0.0"] - - package-ecosystem: "maven" - directory: "/" - target-branch: "stable-2.452" - labels: - - "into-lts" - - "needs-justification" - schedule: - interval: "daily" - # Include only security updates and exclude version updates. - open-pull-requests-limit: 0 diff --git a/.github/renovate.json b/.github/renovate.json index 8c3c4ad17cea..23cf5480a3b6 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -5,7 +5,7 @@ ":disableDependencyDashboard", ":semanticCommitsDisabled" ], - "enabledManagers": ["npm", "regex"], + "prHourlyLimit": 0, "postUpdateOptions": ["yarnDedupeHighest"], "packageRules": [ { @@ -17,6 +17,54 @@ { "matchPackageNames": ["node"], "allowedVersions": "/20.[0-9]+.[0-9]+(.[0-9]+)?$/" + }, + { + "matchPackagePatterns": ["(org.eclipse.jetty:jetty-maven-plugin|org.jenkins-ci:winstone)"], + "description": "Should be upgraded in lockstep in order to keep their corresponding Jetty versions aligned, could be grouped but releases are likely separated by a bit of time", + "matchManagers": ["maven"], + "enabled": false + }, + { + "matchPackagePatterns": ["jakarta.servlet:jakarta.servlet-api"], + "description": "Provided by Jetty and should be aligned with the version provided by the version of Jetty we deliver. See: https://github.com/jenkinsci/jenkins/pull/5211", + "matchManagers": ["maven"], + "enabled": false + }, + { + "matchPackagePatterns": ["jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api"], + "description": "Contains incompatible API changes and needs compatibility work", + "matchManagers": ["maven"], + "enabled": false + }, + { + "matchPackagePatterns": ["org.codehaus.groovy:groovy-all"], + "description": "Needs significant testing. See: https://github.com/jenkinsci/jenkins/pull/5112#issuecomment-744429487 and https://github.com/jenkinsci/jenkins/pull/5116#issuecomment-744526638", + "matchManagers": ["maven"], + "allowedVersions": "<2.5.0" + }, + { + "matchPackagePatterns": ["org.fusesource.jansi:jansi"], + "description": "Consumed by Groovy and should be updated in lockstep with Groovy. See: https://github.com/jenkinsci/jenkins/pull/5184", + "matchManagers": ["maven"], + "enabled": false + }, + { + "matchPackagePatterns": ["org.jfree:jfreechart"], + "description": "Contains incompatible API changes and needs compatibility work. See: https://github.com/jenkinsci/jenkins/pull/4224", + "matchManagers": ["maven"], + "enabled": false + }, + { + "matchPackagePatterns": ["org.springframework"], + "description": "Starting with 6.x, Spring requires Java 17 at a minimum.", + "matchManagers": ["maven"], + "allowedVersions": "<6.0.0" + }, + { + "matchPackagePatterns": ["com.google.inject:guice-bom"], + "description": "Starting with 7.x, Guice switches from javax.* to jakarta.* bindings. See https://github.com/google/guice/wiki/Guice700", + "matchManagers": ["maven"], + "allowedVersions": "<7.0.0" } ], "regexManagers": [