-
Notifications
You must be signed in to change notification settings - Fork 919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot not ignoring major semver changes #5758
Comments
Background context here: #5728 (comment) Your config looks correct to me to ignore major semver changes, so this looks like a bug, but unrelated to #5734. Unfortunately this one doesn't have a lot of impacted users, so probably will take a bit to get to it. If you want to help, try running the dry-run script locally (I highly suggest running within the docker container as explained in the readme section just above that). And then add some Anything you can do to make it quicker for us to fix increases the chance we'll get to it. Also, feel free to put together a PR with a failing test case--you can see an example of how to create one for the docker ecosystem in #5734. |
Hi @jeffwidman I would love to help as much as I can but forgive me I have no prior experience in Ruby. However I have tried to add in a couple of puts statement where I think it's running an if statement to determine if any ignore conditions are set (in this block) This resulted in the message outputting saying there are no ignore conditions present (log at the bottom).
|
Hei @lcooper01! Nice start of the investigation. Your conclusion is correct,
Happily using your sample repository I was able to identify the problem and I will open a PR shortly 🎉. |
Great news, thanks @deivid-rodriguez |
I completely forgot about this 🙏! Opened a PR to fix this now at #6115. |
@deivid-rodriguez |
I still want to try tweak it a bit to make it less invasive, will make it as ready after that and once it gets approved I'll merge it. |
just facing this same issue, any update you can give us @deivid-rodriguez? |
Hei @guilhemferr. The PR was rebased and I decided that the original approach was good enough. It also got a review from @Nishnha, so I hope to ship it very soon! |
@deivid-rodriguez Is this still on the radar? We really appreciate the work you did in #6115, but it is quiet for about a month now. |
Yes @Bert-R, sorry for the delay there, it was a busy month for me. Trying to catch up now and shipping improvements like that one. |
Finally got around shipping this. Please let me know if something unexpected comes up! |
@deivid-rodriguez Thanks a lot! When can we expect to see this in production? |
It already is! |
Tested it and it works |
Now that dependabot/dependabot-core#5758 is closed, it's possible to instruct Dependabot to ignore major version updates for Java
Now that dependabot/dependabot-core#5758 is closed, it's possible to instruct Dependabot to ignore major version updates for Java
I tested it and it works if you have one FROM statement in the dockerfile. If you have the config for two images in the Dockerfile it will only pickup the first FROM and creates only one pr for the repo rather than 2. |
@lcooper01 So Dependabot was creating two PRs to an incorrect version, while now it is creating just one PR to a correct version, is that it? Could you open a separate issue about this? If you can also create a sample repository, that'd be even more awesome! |
I'll do that and link it here so anyone can track it whos interested |
@deivid-rodriguez I've put together another issue and tried a few different scenarios that I've tried to document. If any of them aren't clear or need reproducing to show any additional logs etc then please let me know. |
Is there an existing issue for this?
Package ecosystem
Docker
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
Updated dependency
eclipse-temurin
from11.0.14.1_1-jre-alpine
to11.0.16.1_1-jre-alpine
What you expected to see, versus what you actually saw
Expected
eclipse-temurin
from11.0.14.1_1-jre-alpine
to11.0.16.1_1-jre-alpine
Actual
eclipse-temurin
from11.0.14.1_1-jre-alpine
to17.0.4_8-jre-alpine
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
The text was updated successfully, but these errors were encountered: