Dependabot yml config ignore (nuget) doesn't work
See original GitHub issueDescribe the bug When trying to use the dependabot config ignore pattern, the ignore pattern is not used
To Reproduce Steps to reproduce the behavior:
- add a dependabot.yml file in the root
- use the nuget package eg:
# dotnet
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "weekly"
day: "sunday"
rebase-strategy: "auto"
open-pull-requests-limit: 99
target-branch: "master"
versioning-strategy: auto
ignore:
- dependency-name: "Microsoft.Extensions.*"
update-types: ["semver-major"]
- dependency-name: "Microsoft.EntityFrameworkCore.*"
update-types: ["semver-major"]
- run the azure devops pipeline.
- PR’s are being made with Microsoft.Extensions.* from 6.0 to 7.0 -> error:
Updating Microsoft.Extensions.Configuration from 6.0.1 to 7.0.0
Submitting Microsoft.Extensions.Configuration pull request for creation.
Expected behavior
To have dependencies with wildcards being ignored. I tried using the update-types
and the - version
option
Environment:
- Pipeline builder: Azure Devops Pipelines
- tingle docker version 0.10.1
Issue Analytics
- State:
- Created 10 months ago
- Comments:30 (12 by maintainers)
Top Results From Across the Web
Dependabot doesn't seem to ignore NuGet versions #6873
I have searched the existing issues Package ecosystem NuGet Package manager version ... Changing my .github/dependabot.yml ignore config to:.
Read more >Dependabot - Ignoring NuGet package versions
I'm trying to get dependabot up and and running with C# projects that have NuGet dependencies, and configure it to ignore certain versions ......
Read more >Dependabot version updates can now ignore major/minor ...
Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies.
Read more >Integrating Dependabot into your .NET Core project on ...
You can ignore the 'workflows' folder for this example. All we care about is dependabot! Dependabot.yml. This ...
Read more >Moving from Dependabot-Preview to Dependabot Native
A common scenario for configuration in the NuGet ecosystem would be to configure Dependabot to ignore updates for .
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Possibly the reason why no one offered a repro is this not being a major/blocking issue. When it is, I always get a repro.
This works in the latest/preview bits as evidenced in the pipeline run below: https://dev.azure.com/tingle/dependabot/_build/results?buildId=53032&view=logs&j=12f1170f-54f2-53f3-20dd-22fc7dff55f9&t=1f93c1a3-255b-505a-53c9-c382114aabf5
A release is due in the course of the week. If by change you want to be on the bleeding edge, you can use a specify the input
dockerImageTag: latest
ordockerImageTag: '0.11.3-ci.13'
so long as you can remove that later to avoid issues.@BoreasMun and @wcunningham1966 , thanks for posting out different behaviors based on root vs non-root directories.
Investigating this, it appears the core library fetches the configuration file relative to the passed directory and this is meant to work for both remote and locally cached update behaviors.
I took so much more time to get to understand this without a reproduction one. Arg! ADO people and their secrets!!! I created a repro https://dev.azure.com/tingle/dependabot/_git/repro-399 to help out and a fix is on the way within the hour.