Allow/Ignore specific manifests

[amogkam]

Wanted to bring up this issue again: #1629 which got closed due to no response.

Having an option to inspect specific files would make configuration a lot easier. In my case, we have multiple requirements.txt files all in the same directory, but we want to inspect just one of these requirements files.

[jeffwidman]

Users want the ability to configure this differently for security vs version updates:

• Security updates: Allow/Ignore specific manifests #4997

It'd also be more flexible if this could allow/ignore files determined through a regex, not just exact match... similar to:

• For a given package, ignore versions by regex #3746
• Ignore/Allow GitHub Actions workflow files by filename prefix #2857
• Ignore manifests in specific subdirectories #4364

Also related:

• Config file: Support Wildcards in directory #2178

[killthekitten]

ChatGPT offers such a succinct API for this – interval: "never" 😅

[JonathanRenon-EDB]

Hello,
Is there any update regarding this issue ?

[pirate]

In our case requirements.txt is auto-generated from pyproject.toml (by pdm), so I only want dependabot to monitor pyproject.toml and I want it to completely ignore requirements.txt. Is there any way to achieve that at the moment?

[hcoohb]

This would be a must have feature !

In our case requirements.txt is auto-generated from pyproject.toml (by pdm), so I only want dependabot to monitor pyproject.toml and I want it to completely ignore requirements.txt. Is there any way to achieve that at the moment?

I have the exact same workflow/requirements!
Please let us know if you ever find a solution... Thanks

[mg515]

Any update on this? Seems like it should be straightforward to make dependabot observe a single manifest, or let alone not duplicate alerts for every dependency group that exists in the repository.