Test dependabot

ricekot · ricekot · commit 3280cd979725 · 2025-10-03T16:42:04.000+05:30
Signed-off-by: ricekot &lt;git@ricekot.com&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,3 +9,28 @@ updates:
         applies-to: version-updates
         patterns:
         - "*"
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      gradle:
+        applies-to: version-updates
+        patterns:
+        - "*"
+    ignore:
+      # network dependencies are managed manually
+      - dependency-name: "io.netty:*"
+      - dependency-name: "org.bouncycastle:*"
+      - dependency-name: "com.aayushatharva.brotli4j:*"
+      - dependency-name: "org.apache.httpcomponents.client5:httpclient5"
+      - dependency-name: "org.jitsi:ice4j"
+      - dependency-name: "com.diffplug.spotless*" # newer versions lead to runtime error, will need to update common plugin first
+      - dependency-name: "org.apache.logging.log4j:*" # provided by core
+      - dependency-name: "org.jruby:jruby-complete"
+        versions: [ ">= 10" ] # versions 10.x and later require Java 21
+      - dependency-name: "org.xhtmlrenderer:flying-saucer-pdf"
+        versions: [ ">= 10" ] # versions 10.x and later require Java 21
+      - dependency-name: "org.seleniumhq.selenium:htmlunit3-driver" # dependabot uses the wrong version when updating
+      - dependency-name: "com.google.inject.extensions:guice-assistedinject" # updating this leads to errors and this is transitive dependency
+      - dependency-name: "org.zaproxy:zap" # core versions are manually updated when targeting a new core
