Ignore JUnit's major/minor updates

[marko-bekhta]

Since orm test utils depend on JUnit to create the engine/extensions, we probably should stick to the ORM's version anyway...

[yrodiere]

Since orm test utils depend on JUnit to create the engine/extensions, we probably should stick to the ORM's version anyway...

Okay, but then let's remove explicit dependencies?

[marko-bekhta]

Okay, but then let's remove explicit dependencies?

I did think about that... but since we are using other Junit annotations that aren't coming from the ORM utils, it makes sense to list the junit explicitly...
in other words we could remove the junit-jupiter-engine as it is "replaced" by the one from the ORM utils, but then we'd be still keeping the junit-jupiter and that could get out of sync (in terms of versions) 🙈

[yrodiere]

Ok, then... whatever works I guess. But I suspect removing dependabot here will just lead to this stuff getting out of sync -- I don't expect anyone will update it here unless it breaks.

Maybe we should report that in ORM JIRA, because we also have the problem that hibernate-platform is too large to be used in Quarkus (which would need a "Hibernate only" BOM, without transitive dependencies). And here it seems we have another use case where we'd like the whole junit BOM to be pulled in by hibernate-platform (or a new hibernate-platform-testing?)

[marko-bekhta]

ok... another idea I had: what if we split the dependabot config, and let it update projects individually. And then add an enforcer plugin with a custom rule to watch over the JUnit version for ORM/Search to keep it aligned with ORM extension needs ?

[yrodiere]

Like I said, whatever works :)
Though I'd suggest that maybe our time is better invested in exposing a "super-fat BOM" in ORM than in doing this kind of things.