From 966888cdda3f1d877160f71e679a0f2886aab5d4 Mon Sep 17 00:00:00 2001
From: Leo Gertsenshteyn <146586+leoger@users.noreply.github.com>
Date: Thu, 23 Jan 2025 23:49:51 -0800
Subject: [PATCH] Revert dependency version regression, fix dependabot config
(#1104)
* Revert dependency bump that breaks Java 11 build
Dependabot changed `error-prone` library to 2.36.0 again in #1089,
re-breaking the fix that was included in #1083.
This reverts commit 6902df09e38d3715a1da6d737f180b8d6cfae8b5.
* further dependabot config refinements
---
.github/dependabot.yml | 26 ++++++++++++++++++++++++--
pom.xml | 2 +-
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 7239c0b14..e7a53e801 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,11 +3,33 @@ updates:
- package-ecosystem: maven
directory: "/"
schedule:
- interval: daily
+ interval: weekly
target-branch: main
+ ignore:
+ # Ignore minor version updates for dependencies with group ID "com.google.errorprone"
+ - dependency-name: "com.google.errorprone:*"
+ update-types: [ "version-update:semver-minor" ]
+ groups:
+ security:
+ # Group security updates into a single pull request
+ applies-to: security-updates
+ patterns:
+ - "*"
+ production-dependencies:
+ # Group version updates for "production" dependencies into a single pull request
+ applies-to: version-updates
+ dependency-type: production
+ patterns:
+ - "*"
+ development-dependencies:
+ # Group version updates for "development" dependencies into a single pull request
+ applies-to: version-updates
+ dependency-type: development
+ patterns:
+ - "*"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
- interval: "daily"
+ interval: "weekly"
target-branch: main
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e253e7ed8..3a2014744 100644
--- a/pom.xml
+++ b/pom.xml
@@ -81,7 +81,7 @@
1.7.0
- 2.36.0
+ 2.31.0
0.8.12
3.5.2