Dependabot doesn't pin to major version anymore with GitHub Actions #3704
Comments
|
Confirmed, see e.g. godotengine/godot-docs#4908. |
|
Some more examples of undesired/unexpected/incorrect version bumping: |
|
Maybe related to some changes in #3662? This was released two days ago though. |
|
A workaround would be to set |
|
@thepwagner Thanks for the fix! Any ETA? Just want to be sure before closing the PRs thanks! |
|
@crazy-max in QA now, should be live within a few hours (I'll ping here) |
|
Thanks for the quick fix! Once it’s live, will Dependabot close all the PRs automatically on the next check or do we have to close them manually? |
|
Sorry for the noise: the fix has been deployed to the GitHub version of Dependabot as
They won't be closed by the next check for any available updates: Dependabot will see no update available and move on. They will be closed if a rebase of a particular PR is requested, like: #3706 (comment) , in that case Dependabot sees the expected update is no longer possible and closes the PR. |
|
Added to a discussion at community/community#12303 |
Hi,
This morning I have a ton of PRs created by Dependabot although I have pinned to the major version and it does match the latest semver available so I think there's been a recent change in the last few hours that breaks this.
Here is a list of some repos:
Thanks!
The text was updated successfully, but these errors were encountered: