Commit 5023985
chore: exclude test fixture manifests from Dependabot (#409)
## Summary
- Add Dependabot ecosystem entries for npm, pip, gomod, gradle, and
cargo with `exclude-paths: ["src/test/**"]` and
`open-pull-requests-limit: 0`
- Prevents Dependabot from raising version update PRs for test fixture
manifests in `src/test/resources/tst_manifests/`
- These manifests contain intentionally pinned (and sometimes
vulnerable) dependencies used as test data for the dependency-analysis
client
**Note:** `exclude-paths` only applies to Dependabot version updates.
Security update PRs for test fixtures (e.g. #403, #404, #405, #407) must
be closed manually and their alerts dismissed.
## Test plan
- [x] Verify `dependabot.yml` is valid YAML
- [ ] After merge, verify no new Dependabot version update PRs are
created for `src/test/` manifests
- [ ] Close existing test fixture security update PRs (#403, #404, #405,
#407) and dismiss their alerts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>1 parent cf45396 commit 5023985
1 file changed
Lines changed: 38 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
0 commit comments