d8520d9714
bucket4j-core 8.10.1 is manually pinned in pom.xml outside the Spring BOM. Adds a packageRules entry so Renovate tracks it: patch updates auto-merge, minor/major updates open PRs for manual review. Addresses Tobias Concern 1 from PR #617 review. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
25 lines
843 B
JSON
25 lines
843 B
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"packageRules": [
|
|
{
|
|
"description": "bucket4j-core is manually pinned outside the Spring BOM — track patch auto-merge, minor/major as PRs.",
|
|
"matchPackageNames": ["com.bucket4j:bucket4j-core"],
|
|
"groupName": "bucket4j",
|
|
"automerge": true,
|
|
"matchUpdateTypes": ["patch"]
|
|
},
|
|
{
|
|
"matchPackagePatterns": ["^@tiptap/"],
|
|
"groupName": "tiptap",
|
|
"automerge": false
|
|
},
|
|
{
|
|
"description": "Digest bumps for images used in privileged CI steps (--privileged --pid=host) must be reviewed manually — a compromised image has root-equivalent host access.",
|
|
"matchPaths": [".gitea/workflows/**"],
|
|
"matchUpdateTypes": ["digest"],
|
|
"automerge": false,
|
|
"reviewersFromCodeOwners": false
|
|
}
|
|
]
|
|
}
|