Test dependabot

Signed-off-by: ricekot <[email protected]>

Author: ricekot

.github/dependabot.yml

@@ -9,3 +9,37 @@ updates:
         applies-to: version-updates
         patterns:
         - "*"
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      gradle-minor-patch-updates:
+        applies-to: version-updates
+        patterns:
+        - "*"
+        update-types:
+        - "version-update:semver-minor"
+        - "version-update:semver-patch"
+      gradle-major-updates:
+        applies-to: version-updates
+        patterns:
+        - "*"
+        update-types:
+        - "version-update:semver-major"
+    ignore:
+      # network dependencies are managed manually
+      - dependency-name: "io.netty:*"
+      - dependency-name: "org.bouncycastle:*"
+      - dependency-name: "com.aayushatharva.brotli4j:*"
+      - dependency-name: "org.apache.httpcomponents.client5:httpclient5"
+      - dependency-name: "org.jitsi:ice4j"
+      - dependency-name: "com.diffplug.spotless*" # newer versions lead to runtime error, will need to update common plugin first
+      - dependency-name: "org.apache.logging.log4j:*" # provided by core
+      - dependency-name: "org.jruby:jruby-complete"
+        versions: [ ">= 10" ] # versions 10.x and later require Java 21
+      - dependency-name: "org.xhtmlrenderer:flying-saucer-pdf"
+        versions: [ ">= 10" ] # versions 10.x and later require Java 21
+      - dependency-name: "org.seleniumhq.selenium:htmlunit3-driver" # dependabot uses the wrong version when updating
+      - dependency-name: "com.google.inject.extensions:guice-assistedinject" # updating this leads to errors and this is transitive dependency
+      - dependency-name: "org.zaproxy:zap" # core versions are manually updated when targeting a new core