diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6ad0ceb3..101f7e1b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,6 +12,10 @@ updates: - package-ecosystem: maven directories: - "**/*" + # Exclude the vendored artifact pom shipped inside the authorization + # server's META-INF/ (it is dependency metadata, not a buildable + # module) so Dependabot stops opening noise PRs against it. + - "!/samples/security/oauth/authorization-server/META-INF/**" schedule: interval: "monthly" open-pull-requests-limit: 15 diff --git a/infra/cdk/pom.xml b/infra/cdk/pom.xml index 3da05d1b..8b9dfdf9 100644 --- a/infra/cdk/pom.xml +++ b/infra/cdk/pom.xml @@ -104,7 +104,10 @@ com.fasterxml.jackson.core jackson-databind - 2.22.0 + + 2.21.4