-
Notifications
You must be signed in to change notification settings - Fork 131
/
Copy pathdependabot.yml
35 lines (35 loc) · 1.85 KB
/
dependabot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
version: 2
updates:
- package-ecosystem: "gradle"
open-pull-requests-limit: 6
directory: "/"
schedule:
interval: "daily"
labels:
- "bot: dependencies update"
reviewers:
- "woocommerce/android-developers"
ignore:
# The Android Gradle Plugin is a dependency we'd like to have in sync with other
# in-house libraries due to compatibility with composite build.
- dependency-name: "com.android.tools.build:gradle"
- dependency-name: "com.android.application"
- dependency-name: "com.android.library"
# Bumping 2.26.3 to 2.27.2 will break the mocks. For more details, see
# https://github.com/wiremock/wiremock/issues/1345#issuecomment-656060968
- dependency-name: "com.github.tomakehurst:wiremock"
# Our libraries that are stored in S3 have a custom versioning scheme which doesn't work with Dependabot.
- dependency-name: "org.wordpress:utils"
- dependency-name: "org.wordpress:fluxc"
- dependency-name: "org.wordpress.fluxc.plugins:woocommerce"
- dependency-name: "org.wordpress:login"
- dependency-name: "com.automattic:Automattic-Tracks-Android"
- dependency-name: "com.automattic.tracks:experimentation"
# Assertj is a java first library only used for testing. It has caused troubles several times due to library
# updates with Kotlin breaking changes. For that it has been decided to update this library on a manual basis
- dependency-name: "org.assertj:assertj-core"
# Ignore dependencies that were added only to address security vulnerabilities of transitive WireMock dependencies
- dependency-name: "org.eclipse.jetty:jetty-webapp"
- dependency-name: "com.fasterxml.jackson.core:jackson-databind"
- dependency-name: "com.jayway.jsonpath:json-path"
- dependency-name: "commons-fileupload:commons-fileupload"