Bump the all group across 2 directories with 8 updates

[dependabot]

Bumps the all group with 7 updates in the / directory:

Package	From	To
com.google.errorprone:error_prone_annotations	2.39.0	2.41.0
com.github.spotbugs:spotbugs-annotations	4.9.3	4.9.4
com.fasterxml.jackson:jackson-bom	2.19.1	2.19.2
org.apache.logging.log4j:log4j-bom	0.0.0-SNAPSHOT	2.25.1
org.apache.logging.log4j:log4j-core	2.25.0	2.25.1
org.springframework.boot:spring-boot-dependencies	3.5.3	3.5.4
org.springframework.boot:spring-boot-maven-plugin	3.5.3	3.5.4

Bumps the all group with 1 update in the /log4j-samples-graalvm directory: org.assertj:assertj-bom.

Updates com.google.errorprone:error_prone_annotations from 2.39.0 to 2.41.0

Release notes

Sourced from com.google.errorprone:error_prone_annotations's releases.

Error Prone 2.41.0

New checks:

• EffectivelyPrivate: Detect declarations that have public or protected modifiers, but are effectively private

Changes:

• Skip BooleanLiteral findings if the target type is boxed (#5134)

Full changelog: google/error-prone@v2.40.0...v2.41.0

Error Prone 2.40.0

Changes:

• Bug fixes and improvements
• Releases (including snapshots) have migrated from OSSRH to the Central Publisher Portal

Full changelog: google/error-prone@v2.39.0...v2.40.0

Commits

• d6539d6 Release Error Prone 2.41.0
• 6161d4e Skip BooleanLiteral findings if the target type is boxed
• 98d83bf Avoid touching parameters of @Subscribe methods.
• 13d46e7 Refactor to use WellKnownKeep
• ef33eee Fix a println statement left over from https://github.com/google/error-prone/...
• ce784a9 Detect non-private, non-override methods in anonymous classes
• 43759cd Recognise com.google.common.inject.components.OtherRequiredBindings as an i...
• ef5073b UnnecessaryQualifier: don't fire on interfaces, in deference to Dagger.
• 3d7b585 TruthIncompatibleType support for MultisetSubject#hasCount.
• b5c6175 Add a test confirming external #5151.
• Additional commits viewable in compare view

Updates com.github.spotbugs:spotbugs-annotations from 4.9.3 to 4.9.4

Release notes

Sourced from com.github.spotbugs:spotbugs-annotations's releases.

SpotBugs 4.9.4

CHANGELOG

• https://github.com/spotbugs/spotbugs/blob/4.9.4/CHANGELOG.md

CHECKSUM

file	checksum (sha256)
note: The checksums were not produced here due to change with gradle 9 when we published. This is subsequently fixed for next releases.

Changelog

Sourced from com.github.spotbugs:spotbugs-annotations's changelog.

4.9.4 - 2025-08-07

Changed

• AnnotationMatcher can now ignore bugs if annotation is also applied on methods or fields. Previously only annotations on classes were considered.
• Add relevant CWE ids to bugs and refer the CWEs in the bug messages (#3354).
• Replace LOCAL_VARIABLE_UNKNOWN with exact method name for NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE (#3485)

Fixed

• Widen main method recognition according to JEP 445. (#3371)
• Do not report US_USELESS_SUPPRESSION_ON_* on methods, fields, parameters, packages or classes with an *.Generated annotation with retention >= class (#3350)(#3409)
• Rewrite some member in ResourceValueFrame.java to Enum (#2061)
• Ignore non-interpreted text when looking for FS_BAD_DATE_FORMAT_FLAG_COMBO (#3387)
• Fix IllegalArgumentException thrown from FindNoSideEffectMethods detector (#3320)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a Mockito doAnswer(), doCallRealMethod(), doNothing(), doThrow() or doReturn() call (#3334)
• Fix CT_CONSTRUCTOR_THROW false positive with public and private constructors in specific order of methods (#3417)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE, AT_NONATOMIC_64BIT_PRIMITIVE and AT_STALE_THREAD_WRITE_OF_PRIMITIVE FP when the relevant code is in private method, which is only called with proper synchronization (#3428)
• Do not report RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT when part of a BDDMockito call (#3441)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE when field of a local variable is set. (#3459)
• Fix AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE FP when there was no compound operation (#3363)
• Fix NM_FIELD_NAMING_CONVENTION crash in the TestASM detector (#3489)
• Do not report UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR for fields initialized in JUnit 3/4 setUp() method. (#3169)
• Fix US_USELESS_SUPPRESSION_ON_FIELD/UUF_UNUSED_FIELD false positive (#3496)
• Make the osgi manifest of the annotations jar Java 8 compatible (#3498) (#3500)
• TextUICommandLine supports all options encoded in Eclipse preferences file (#3520)
• Unnecessary suppressions fix for records headers (#3471)
• Dead store fix when switch case contains loops (#3530) (#3449)
• Consider PUTFIELD and PUTSTATIC when looking for assertions with side effects (#3463)
• Detect cases when equals() unconditionally returns true or false (#3528)
• Do not report that an Iterator does not throw NoSuchElementException when hasNext() returns true (#3501)
• Detect random value cast to int when stored in temporary variable (#3461)
• Look for interfaces default methods when searching uncalled private methods (#1988)
• Fixed field self assignment false positive (#2258)
• Fixed DMI_INVOKING_TOSTRING_ON_ARRAY on newer JDK (#1147)
• Fix NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE false positive with Objects.requireNonNull (#2965) (#3573)
• Track inner classes access methods to correctly report the bugs (#2029)
• SF_SWITCH_NO_DEFAULT false positive fix (#1148) (#3572)

Added

• Added the unnecessary annotation to the US_USELESS_SUPPRESSION_ON_* messages (#3395)
• Multi-threaded code checks can be skipped with @NotThreadSafe (#3390)
• New bug type CWO_CLOSED_WITHOUT_OPENED for locks that might be released without even being acquired. (See SEI CERT rule LCK08-J) (#2055)
  • Breaking change: changed values and new items in ResourceValueFrame.
• Inline access method for method. (#3481)
• Added DMI_MISLEADING_SUBSTRING for calling subString(0) on a StringBuffer/StringBuilder (#1928)

Signing

• Signing for Eclipse plugin has been removed at the current time due to signing keys being expired. The expired key produced a warning during install, the same is true without signing.

Commits

• 014b0ee release v4.9.4
• 0c0f125 build: Adjustments to the tag checking
• 788524b prepare for next release
• 44656f0 release v4.9.4
• da2f64d build: Make sure check is against origin/master not master
• 0db0852 prepare for next release
• 7ecaa15 release v4.9.4
• a2845af build: Remove space in curl
• b433c57 build: Disable parallel builds for now
• a4e906f build: Cleanup release action to correctly work
• Additional commits viewable in compare view

Updates com.fasterxml.jackson:jackson-bom from 2.19.1 to 2.19.2

Commits

• d36caaf [maven-release-plugin] prepare release jackson-bom-2.19.2
• 53b24d1 Prep for 2.19.2 release
• 833ee01 Merge pull request #107 from FasterXML/tatu/2.19/backport-106-from-2.20
• c146c75 Backport #106 from 2.20 to 2.19(.2)
• e7c8ef3 Update jackson-parent dep
• ec00ff9 Merge branch '2.18' into 2.19
• 4e23492 Update jackson-parent version
• 6417767 Back to snapshot dep
• 4f37a5c [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Updates org.apache.logging.log4j:log4j-bom from 0.0.0-SNAPSHOT to 2.25.1

Release notes

Sourced from org.apache.logging.log4j:log4j-bom's releases.

2.25.1

This patch release addresses a dozen bugs in version 2.25.0, in particular:

• Resolves a concurrency issue in the new unified datetime formatter.
• Fixes build failures affecting Gradle users.
• Restores backward compatibility with Spring Boot’s common logging configuration.
• Improves handling of edge cases in GraalVM support.

Fixed

• Fix detection of the Disruptor major version in environments with non-standard thread context classloader. (#3706)
• Downgrade spotbugs-annotations to resolve Gradle build failures. (#3754)
• Fix incorrect version resolution of jspecify and error_prone_annotations dependencies in published POM files. (#3758, #3779)
• Restore compatibility with Spring Boot by allowing reconfiguration using the LoggerContext.start method. (#3770)
• Allow omission of the -Alog4j.graalvm.groupId and -Alog4j.graalvm.artifactId arguments when building Log4j plugins. (#3771)
• Broaden the OSGi manifest's Import-Package constraints to support Jakarta Servlet API up to version 6. (#3787)
• Enable the resource: protocol for configuration files by default when running on GraalVM. (#3790)
• Fix timestamp formatting concurrency issue, when log4j2.enabledThreadlocals is true. (#3792)
• Fix GraalVM reachability metadata generation for methods with annotated array type parameters, such as @Nullable String[]. (#3796)
• Resolve PropertiesConfiguration compatibility issues with GraalVM and address additional minor reflection-related problems. (#3800)

2.25.0

This minor release introduces bug fixes, behavior improvements, and complete support for GraalVM native image generation.

GraalVM Reachability Metadata

Log4j Core and all extension modules now include embedded
GraalVM reachability metadata,
enabling seamless generation of native images with GraalVM out of the box—no manual configuration required.
For more information, refer to our GraalVM guide.

[!NOTE]
When building third-party Log4j plugins, using the new GraalVmProcessor
introduced in version 2.25.0 will automatically generate the required reachability metadata for GraalVM native images.
However, the processor will fail the build if the required log4j.graalvm.groupId and log4j.graalvm.artifactId parameters are not provided.
For detailed instructions, see Registering plugins.

Exception Handling in Pattern Layout

Exception handling in Pattern Layout has undergone a significant rewrite.
This update resolves several bugs and ensures consistent behavior across all exception converters.
Key improvements include:

• Stack traces are now consistently prefixed with a newline instead of other whitespace.
• The default exception converter has changed from extended to plain, offering better performance.
• Support for the {ansi} option in exception converters has been removed.

Date & Time Formatting

Log4j has historically provided custom date and time formatters for performance, such as FixedDateFormat and FastDateFormat.

... (truncated)

Commits

• See full diff in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.1

Updates org.springframework.boot:spring-boot-dependencies from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-dependencies's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.apache.logging.log4j:log4j-core from 2.25.0 to 2.25.1

Updates org.springframework.boot:spring-boot-maven-plugin from 3.5.3 to 3.5.4

Release notes

Sourced from org.springframework.boot:spring-boot-maven-plugin's releases.

v3.5.4

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #46205
• Hash calculation for uber archive entries that require unpacking is inefficient #46203
• Permissions are applied inconsistently when building uber archives with Gradle #46194
• Environment variables using legacy dash format can no longer be bound #46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #46180
• Executable JAR application class encounters performance issues #46177
• Executable JAR application class encounters performance issues #46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #46170
• SslInfo does not use its Clock when checking certificate validity #46011

📔 Documentation

• Fix description of spring.batch.job.enabled #46247
• Fix broken Kotlin examples in reference documentation #46168
• Add Logback Access Reactor Netty to community starters #46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #46373
• Upgrade to Caffeine 3.2.2 #46432
• Upgrade to Couchbase Client 3.8.2 #46460
• Upgrade to GraphQL Java 24.1 #46395
• Upgrade to Groovy 4.0.28 #46516
• Upgrade to Hibernate 6.6.22.Final #46492
• Upgrade to HikariCP 6.3.1 #46493
• Upgrade to Infinispan 15.2.5.Final #46461
• Upgrade to Jackson Bom 2.19.2 #46494
• Upgrade to Jetty 12.0.23 #46375
• Upgrade to MariaDB 3.5.4 #46376
• Upgrade to Maven Invoker Plugin 3.9.1 #46377
• Upgrade to Micrometer 1.15.2 #46280
• Upgrade to Micrometer Tracing 1.5.2 #46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #46378
• Upgrade to MySQL 9.3.0 #46371
• Upgrade to Neo4j Java Driver 5.28.9 #46434
• Upgrade to Netty 4.1.123.Final #46435
• Upgrade to Prometheus Client 1.3.10 #46379
• Upgrade to Reactor Bom 2024.0.8 #46282
• Upgrade to RxJava3 3.1.11 #46380
• Upgrade to Spring AMQP 3.2.6 #46283

... (truncated)

Commits

• 925f9bc Release v3.5.4
• d82fb35 Merge branch '3.4.x' into 3.5.x
• 4b6064f Next development version (v3.4.9-SNAPSHOT)
• a39c8f0 Merge branch '3.4.x' into 3.5.x
• 99d53de Upgrade to Spring Integration 6.5.1
• 1b4aad5 Upgrade to Groovy 4.0.28
• 3f0f79b Upgrade to Spring Integration 6.4.6
• ff8443c Upgrade to Groovy 4.0.28
• aed8550 Merge branch '3.4.x' into 3.5.x
• 5406976 Apply commercial input consistently
• Additional commits viewable in compare view

Updates org.assertj:assertj-bom from 3.27.3 to 3.27.4

Release notes

Sourced from org.assertj:assertj-bom's releases.

v3.27.4

🚫 Deprecated

Core

• Deprecate org.assertj.core.annotations.Beta in favor of org.assertj.core.annotation.Beta
• Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of org.assertj.core.annotation.CanIgnoreReturnValue
• Deprecate org.assertj.core.util.CheckReturnValue in favor of org.assertj.core.annotation.CheckReturnValue

🐛 Bug Fixes

Core

• Fix thread-safety in AbstractDateAssert #3874

⚡ Improvements

• Migrate to the Central Publisher Portal, enable snapshot publishing #3881

Core

• Annotate fail methods with custom @Contract #3882

❤️ Contributors

Thanks to all the contributors who worked on this release:

@​kelunik

Commits

• 7a64cde [maven-release-plugin] prepare release assertj-build-3.27.4
• feb5f6f Annotate fail methods with custom @Contract (#3882)
• 43e8b65 Deprecate org.assertj.core.util.CheckReturnValue in favor of `org.assertj.c...
• 1bf8cd6 Deprecate org.assertj.core.util.CanIgnoreReturnValue in favor of `org.asser...
• 72d08b2 Deprecate org.assertj.core.annotations.Beta in favor of `org.assertj.core.a...
• 475c2eb Polish
• fdc9bc5 Skip tests during snapshot publishing
• 8f4a1b5 Migrate to the Central Publisher Portal, enable snapshot publishing (#3881)
• 7461b68 Fix thread-safety in AbstractDateAssert (#3874)
• 015f095 Remove EOL Java 23
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions