Keep Docker dependency updates on Java 21 line

krotname · krotname · commit 4bb44b043661 · 2026-06-10T00:08:05.000+03:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -23,3 +23,6 @@ updates:
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 2
+    ignore:
+      - dependency-name: "eclipse-temurin"
+        update-types: ["version-update:semver-major"]
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,6 +36,7 @@
 - Governance documentation added for protected branch, required checks, and release accountability.
 - Security policy now links directly to GitHub Security Advisories.
 - Scorecards workflow kept non-blocking for transient external result-publication failures.
+- Docker Dependabot updates constrained to the Java 21 runtime line.
 
 ## 1.0.0
 ### Added
diff --git a/docs/DEPENDENCY_POLICY.md b/docs/DEPENDENCY_POLICY.md
@@ -33,6 +33,7 @@ The baseline favors current stable releases over milestones, betas, snapshots, o
 - Keep Dependabot enabled for Maven, GitHub Actions, and Docker images.
 - Pin GitHub Actions to full commit SHAs and keep the human-readable version in a trailing comment.
 - Pin Docker images by digest; refresh the digest together with the reviewed tag.
+- Keep Docker runtime updates on the Java 21 line unless the project compilation target changes.
 - Keep `.mvn/wrapper/maven-wrapper.properties` distribution checksum in sync with the Maven distribution URL.
 
 ## Manual update check
