Skip to content

Commit

Permalink
Add log4j1 dependabot ignore entry (#5245)
Browse files Browse the repository at this point in the history 
Any other dependencies with the same coordinates are unofficial releases
that would likely be in violation of Apache trademarks anyways as Log4j
1.2.17 is the official final release of 1.x and has been for over five
years.
  • Loading branch information
@jvz
jvz committed Feb 4, 2021
1 parent 4b95fd8 commit 5014b23
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,5 @@ updates:
- dependency-name: "com.google.inject:guice"
# the dependency is actually provided by the Web container, hence it is aligned with Jetty. See https://github.com/jenkinsci/jenkins/pull/5211
- dependency-name: "javax.servlet:javax.servlet-api"
# log4j 1.2.17 is the final 1.x release
- dependency-name: "log4j:log4j"

0 comments on commit 5014b23

Please sign in to comment.