From cb856631936a20b2771706a3ceb1110b97e685b8 Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Mon, 11 Aug 2025 10:24:34 +0200 Subject: [PATCH 1/2] Exclude the demo-targets since they are intentionally to remain vulnerable We want the juice-shop to be updated therefore the docker-compose manager will be included Signed-off-by: Samreet Singh --- renovate.json | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/renovate.json b/renovate.json index e185ce8a8f..e8b42d3d21 100644 --- a/renovate.json +++ b/renovate.json @@ -5,5 +5,19 @@ "group:recommended", ":disableDependencyDashboard" ], - "enabledManagers": ["dockerfile"] + "enabledManagers": ["dockerfile", "docker-compose"], + + "ignorePaths": [ + "demo-targets/bodgeit/**", + "demo-targets/dummy-ssh/**", + "demo-targets/http-webhook/**", + "demo-targets/old-typo3/**", + "demo-targets/old-joomla/**", + "demo-targets/old-wordpress/**", + "demo-targets/swagger-petstore/**", + "demo-targets/unsafe-https/**", + "demo-targets/vulnerable-log4j/**" + ] } + + From bb2333cbdc6a4359a0d2c25e2043e6b2b7d671ee Mon Sep 17 00:00:00 2001 From: Samreet Singh Date: Mon, 11 Aug 2025 10:29:40 +0200 Subject: [PATCH 2/2] Fix config to reference the directories instead of explicit files Signed-off-by: Samreet Singh --- .github/dependabot.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 861351009f..4dd5076fb5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -107,8 +107,8 @@ updates: directories: - "/auto-discovery/kubernetes" - "/auto-discovery/cloud-aws" - - "/operator/go.mod" - - "/lurker/go.mod" + - "/operator" + - "/lurker" schedule: interval: "weekly" groups: