0514622f39
All checks were successful
CI / Unit & Component Tests (pull_request) Successful in 3m13s
CI / OCR Service Tests (pull_request) Successful in 20s
CI / Backend Unit Tests (pull_request) Successful in 3m10s
CI / fail2ban Regex (pull_request) Successful in 41s
CI / Semgrep Security Scan (pull_request) Successful in 19s
CI / Compose Bucket Idempotency (pull_request) Successful in 1m0s
bucket4j-core 8.10.1 is manually pinned in pom.xml outside the Spring BOM. Adds a packageRules entry so Renovate tracks it: patch updates auto-merge, minor/major updates open PRs for manual review. Addresses Tobias Concern 1 from PR #617 review. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
843 B
JSON
25 lines
843 B
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"packageRules": [
|
|
{
|
|
"description": "bucket4j-core is manually pinned outside the Spring BOM — track patch auto-merge, minor/major as PRs.",
|
|
"matchPackageNames": ["com.bucket4j:bucket4j-core"],
|
|
"groupName": "bucket4j",
|
|
"automerge": true,
|
|
"matchUpdateTypes": ["patch"]
|
|
},
|
|
{
|
|
"matchPackagePatterns": ["^@tiptap/"],
|
|
"groupName": "tiptap",
|
|
"automerge": false
|
|
},
|
|
{
|
|
"description": "Digest bumps for images used in privileged CI steps (--privileged --pid=host) must be reviewed manually — a compromised image has root-equivalent host access.",
|
|
"matchPaths": [".gitea/workflows/**"],
|
|
"matchUpdateTypes": ["digest"],
|
|
"automerge": false,
|
|
"reviewersFromCodeOwners": false
|
|
}
|
|
]
|
|
}
|