[BUILD-739] Convert dependency-bot-excludes.properties back into something helpful Created: 05/Apr/22  Updated: 28/Apr/22  Resolved: 28/Apr/22

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Maxime Michel Assignee: Roberto Gomez
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:
Epic Link: Renovate

 Description   

Before we used Renovate we used a homemade dependency bot (BUILD-688) which stored exceptions in a file at the root of boms (master & release/6.2 branches) called dependency-bot-excludes.properties.

With Renovate, that file is unhelpful. Renovate works with the JSON property ignoredDeps: https://docs.renovatebot.com/configuration-options/#ignoredeps

JSON doesn't support comments, though. We would lose the extra value we currently have in dependency-bot-excludes.properties if we used it. Therefore, we should roll back to XML comments. Those seem good enough for AWS: https://github.com/aws/aws-sdk-java-v2/blob/2.17.176/pom.xml#L105

That way we would see that information directly in the diff of PRs created by Renovate.

Once done

Once that is done, we could use ignoredDeps on top of that. It would help reduce the Bitbucket spam when we know for sure we are not bumping one dependency.



 Comments   
Comment by Roberto Gomez [ 28/Apr/22 ]

Changes merged into master and releases/6.2

Generated at Sun Feb 11 23:44:43 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.