Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Dependabot yml config ignore (nuget) doesn't work
See original GitHub issueDescribe the bug When trying to use the dependabot config ignore pattern, the ignore pattern is not used
To Reproduce Steps to reproduce the behavior:
- add a dependabot.yml file in the root
- use the nuget package eg:
# dotnet
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "weekly"
day: "sunday"
rebase-strategy: "auto"
open-pull-requests-limit: 99
target-branch: "master"
versioning-strategy: auto
ignore:
- dependency-name: "Microsoft.Extensions.*"
update-types: ["semver-major"]
- dependency-name: "Microsoft.EntityFrameworkCore.*"
update-types: ["semver-major"]
- run the azure devops pipeline.
- PR’s are being made with Microsoft.Extensions.* from 6.0 to 7.0 -> error:
Updating Microsoft.Extensions.Configuration from 6.0.1 to 7.0.0
Submitting Microsoft.Extensions.Configuration pull request for creation.
Expected behavior
To have dependencies with wildcards being ignored. I tried using the update-types and the - version option
Environment:
- Pipeline builder: Azure Devops Pipelines
- tingle docker version 0.10.1
Issue Analytics
- State:
- Created 10 months ago
- Comments:30 (12 by maintainers)
Top Results From Across the Web
Dependabot doesn't seem to ignore NuGet versions #6873
I have searched the existing issues Package ecosystem NuGet Package manager version ... Changing my .github/dependabot.yml ignore config to:.
Read more >Dependabot - Ignoring NuGet package versions
I'm trying to get dependabot up and and running with C# projects that have NuGet dependencies, and configure it to ignore certain versions ......
Read more >Dependabot version updates can now ignore major/minor ...
Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies.
Read more >Integrating Dependabot into your .NET Core project on ...
You can ignore the 'workflows' folder for this example. All we care about is dependabot! Dependabot.yml. This ...
Read more >Moving from Dependabot-Preview to Dependabot Native
A common scenario for configuration in the NuGet ecosystem would be to configure Dependabot to ignore updates for .
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Possibly the reason why no one offered a repro is this not being a major/blocking issue. When it is, I always get a repro.
This works in the latest/preview bits as evidenced in the pipeline run below: https://dev.azure.com/tingle/dependabot/_build/results?buildId=53032&view=logs&j=12f1170f-54f2-53f3-20dd-22fc7dff55f9&t=1f93c1a3-255b-505a-53c9-c382114aabf5
A release is due in the course of the week. If by change you want to be on the bleeding edge, you can use a specify the input
dockerImageTag: latestordockerImageTag: '0.11.3-ci.13'so long as you can remove that later to avoid issues.@BoreasMun and @wcunningham1966 , thanks for posting out different behaviors based on root vs non-root directories.
Investigating this, it appears the core library fetches the configuration file relative to the passed directory and this is meant to work for both remote and locally cached update behaviors.
I took so much more time to get to understand this without a reproduction one. Arg! ADO people and their secrets!!! I created a repro https://dev.azure.com/tingle/dependabot/_git/repro-399 to help out and a fix is on the way within the hour.