From a3a3cdb3608b646d59710d128b6a9b761a487631 Mon Sep 17 00:00:00 2001 From: DemchaAV Date: Mon, 1 Jun 2026 12:56:12 +0100 Subject: [PATCH] ci(dependabot): ignore broken jackson-bom 2.22.0 + central-publishing 0.10.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two grouped-PR poison-pills are tripping the maven-minor-patch group: - `com.fasterxml.jackson:jackson-bom 2.22.0` was published to Maven Central ahead of its module jars. `jackson-core-2.22.0.jar` currently returns 404 on `repo1.maven.org` — Sonatype partial-sync window. Until 2.22.1 (or 2.23.0) lands with full module sync, every grouped Dependabot PR that picks 2.22.0 fails CI at the dependency-resolution stage. - `org.sonatype.central:central-publishing-maven-plugin 0.10.0` is a 3-minor jump (0.7 → 0.10) on the plugin that pushes our Maven Central releases. The v1.6.6 cut used 0.7.0. We want to validate the release profile against 0.10.x in a focused PR, not let it ride along in a group bump that nobody is going to test against a real Central staging run. Adding both as explicit `ignore` entries (one specific version each) so Dependabot drops them from the grouped PR but still proposes future versions when they ship. Drop these entries once the upstream issues clear / the central-publishing 0.10.x evaluation lands. --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fafe8d38..59fcfd2d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,6 +21,19 @@ updates: maven-minor-patch: patterns: ["*"] update-types: ["minor", "patch"] + ignore: + # jackson-bom 2.22.0 ships ahead of its module jars: jackson-core-2.22.0.jar + # returns 404 on repo1.maven.org (Sonatype partial-sync window). Block this + # exact release so the grouped PR is buildable. Drop this entry once + # jackson-bom >= 2.22.1 (or 2.23.0) lands on Central with full module sync. + - dependency-name: "com.fasterxml.jackson:jackson-bom" + versions: ["2.22.0"] + # central-publishing-maven-plugin 0.10.0 is a 3-minor jump (0.7 → 0.10) on + # the plugin that publishes Maven Central artefacts (the v1.6.6 release + # used 0.7.0). Block this version until the release profile is validated + # against 0.10.x in a focused PR; remove this entry once that work lands. + - dependency-name: "org.sonatype.central:central-publishing-maven-plugin" + versions: ["0.10.0"] - package-ecosystem: github-actions directory: "/"