From 166bb8968a4ffeaebe7ecbc53ecf3bf3b9e0f196 Mon Sep 17 00:00:00 2001 From: Zachary Whitley Date: Wed, 15 Jul 2026 07:59:19 -0400 Subject: [PATCH] chore(deps): ignore org.junit BOM major bumps The existing ignore rules cover org.junit.jupiter:* and org.junit.platform:* but not org.junit:junit-bom, which is what dependabot actually uses to drive junit.version updates. As a result, dependabot repeatedly opens (e.g. #377) JUnit 6 major bumps that cannot pass CI: no released maven-surefire-plugin (including 3.6.0-M1) is built against junit-platform-commons 6.x, so the forked test JVM dies with NoSuchMethodError on CollectionUtils.toUnmodifiableList(). Add org.junit:* to the ignore list until Surefire ships JUnit Platform 6 support and we do the coordinated toolchain bump the comment already describes. --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4a1a3b32..f60e1c9e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,6 +24,8 @@ updates: # junit.platform.version into junit.version). Block major bumps # until we're ready to do that as a scoped piece of work. ignore: + - dependency-name: "org.junit:*" + update-types: ["version-update:semver-major"] - dependency-name: "org.junit.jupiter:*" update-types: ["version-update:semver-major"] - dependency-name: "org.junit.platform:*"