-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid bumping to versions which are not Long Term Support (LTS) version #2247
Comments
Hey Daniel, Interesting question. Is there a particular PR that's getting it wrong? If you link to that (you can email me on support@dependabot.com) then I'll have a think about specially how Dependabot could do better there. |
Sorry @greysteil I didn't follow it up, sent you an email as requested. |
Hi, Cheers, |
@lucas42 Grey is no longer working on Dependabot (he's moved to security in general at GitHub), but I looked back through that support conversation, and I believe this was the conclusion:
That being said, the team is currently pretty swamped scaling Dependabot for GitHub, so it would be some time before we could get to looking into this. Since there is interest in this, I'm going to re-open this issue so we have it on our list. |
Thanks! But if we were to roll it out across various team at work, this would be a must-have feature. Cheers |
Thanks for the feedback, @lucas42! We'll keep that in mind once we're able to turn our attention back to working on enhancements like this. |
Just encountered this issue when dependabot tried to update node from 14.16.0-alpine3.13 to 15.11.0-alpine3.13 |
An implementation of such a feature would be so great |
See dependabot/dependabot-core#2247 for why this is necessary. Closes #197.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #197.
Can you use
I recognize that it's not automatic (e.g. we can't automatically ignore odd versions), but it only requires an update every six months (at most, you could even drop in the first few now...), which feels better than always closing the PR. |
That doesn't work for the six month period (like the one we're in now with Node v16) where an even version is "current" but not yet promoted to "active LTS". |
Closes #220. See dependabot/dependabot-core#2247 for why this is necessary.
Closes #220. See dependabot/dependabot-core#2247 for why this is necessary.
Closes #24. See dependabot/dependabot-core#2247 for why this is necessary.
Closes #24. See dependabot/dependabot-core#2247 for why this is necessary.
@domenic thanks for following up; is there a way to know if a version is LTS purely by looking at it, or would we have to add code to look at https://nodejs.org/en/about/releases/ and add six months (or manually update it every several years)? Seems like that the ignore would technically work, it would just have to be manually removed after the six month period. |
Note that this also upgrades our Debian version! Closes #82. See dependabot/dependabot-core#2247 for why this is necessary.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #357.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #357.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #362.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #362.
See dependabot/dependabot-core#2247 for why this is necessary.
See dependabot/dependabot-core#2247 for why this is necessary.
See dependabot/dependabot-core#2247 for why this is necessary.
See dependabot/dependabot-core#2247 for why this is necessary.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #111.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #111.
See dependabot/dependabot-core#2247 for why this is necessary.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #395.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #395.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #113.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #113.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #402.
See dependabot/dependabot-core#2247 for why this is necessary. Closes #402.
Hi,
Is there a way to avoid dependabot offering non-LTS versions of Node.JS? We don't want to run any non-LTS versions but don't want to miss out on updates to the LTS version.
Regards,
Daniel
The text was updated successfully, but these errors were encountered: