Reputation: 121177
How to make Dependabot to not update from SNAPSHOT?
Let's imaging I have a dependency like:
mavenBom "org.springframework:spring-framework-bom:6.2.0-SNAPSHOT"
The Spring Framework has just released 6.2.0 GA and just after that published 6.2.1-SNAPSHOT.
Ideally I would like Dependabot to suggest me an update to 6.2.0, but that's different story.
Right now I just don't want it to update from 6.2.0-SNAPSHOT to 6.2.1-SNAPSHOT.
What kind of config I could apply to skip such a version pattern from updating?
My current one is like this:
ignore:
- dependency-name: '*'
update-types:
- version-update:semver-major
- version-update:semver-minor
Doesn't look like versions option can accept something like *-SNAPSHOT: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore
UPDATE
Well, apparently there is no way for now. Found this old GH issue: https://github.com/dependabot/dependabot-core/issues/7885
Upvotes: 1
Views: 82
Answers (1)
Reputation: 1
version: 2
updates:
- package-ecosystem: "maven" # Use 'maven' or 'gradle' as per your project
directory: "/" # Adjust to your project directory if needed
schedule:
interval: "weekly" # Set to 'daily', 'weekly', or 'monthly'
versioning-strategy: "increase" # Prevent SNAPSHOT versions from being picked
ignore:
- dependency-name: "your-dependency" # Optional: Ignore specific dependencies
versions: ["*-SNAPSHOT"] # Ignore SNAPSHOT versions
Upvotes: 0
Related Questions
- How to update Gradle in Android Studio?
- Azure devops NPM Authentication in dependabot.yml
- Exclude codeowners from dependabot PR
- Is it possible to ask dependabot to ignore updates that requires a certain .NET version?
- How to use Gradle "platforms" to align dependency versions in a multi-project setup?
- Dependabot not upgrading major versions of Maven SNAPSHOT dependencies
- Github dependabot v2 update on push
- Gradle manage transitive dependencies