-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Undo ignore this dependency #6489
Comments
This seems like a bug. There's also other person that reported the same thing here: #1384. Apparently the "or update it yourself" part is not really working :( |
can we have new command |
I checked and we no longer have the feature to automatically unignore dependencies when manually updated independently. I guess it was a feature of the old Dependabot that was not native to GitHub, and it got lost in the migration. We realized about this some time ago and at least we should no longer be creating false expectations with the "or update it yourself" part since Dependabot no longer comments about that, just says "Reopen the PR". That feature is hard to get right anyways, since I imagine cases where someone manually updates an ignored dependency and may not want it to be unignored. An explicit comment would be the way to go, I agree. |
a side note: you can't reopen merged pr, so the second suggestion will not work either all the time. |
@deivid-rodriguez are there any workarounds to try until the new command is implemented and deployed? |
Something you can try is to explicit ignore the dependency through configuration, commit that to your main branch, and then remove it again. Not sure if it will work, but it sounds like it should. |
TL;DR: I don't want to keep track a list of PRs of depencencies I marked as ignored, and manually un-ignore one by one. It should be either a) automatic (manual update of the dep un-ignores it), or b) provide a centralized place to list my ignored deps, and a way to easily choose which to un-ignore en-masse. I don't believe the explicit comment solution (e.g. The original way the feature was implemented is ideal (when manually updated, the dependency gets un-ignored). If the only problem there is the case where someone manually updated a dependency they ignored in the past and want to keep it ignored, then they can do so in dependabot.yml. So the config file will always have precedence over PR comment commands. If for whatever reason that is not possible to be implemented (which I doubt), then there are plenty of ways of providing a centralized place to easily list all your ignored dependencies, and choose which ones you want to unignore. It could be:
|
This comment was marked as duplicate.
This comment was marked as duplicate.
we've ignored php8 when running php7, now that we've updated to php8 we don't get any dependabot alerts still that ignore should be invalidated automatically once updated IMHO, and is a rather annoying bug currently |
Any news on when this fix is planned for? We are currently stuck, because:
This means that right now there is no way to unignore any of the dependencies we had marked as ignored in the past. |
@ro0NL I think you're actually hitting: @nikosmoum yeah, for your case you're truly stuck, please file a support ticket and someone on the team can manually run an internal command to remove your ignores. I suggest including a link directly to this comment + direct links to the repos you want the the ignores rules removed from. Basically the prioritization of this feature will depend on how painful it is for us because while we'd love to do it, there's a lot of other things we'd love to build out too... and it's unclear how often users are hitting this... If you want this, be sure to 👍 the original comment on this issue as we use that as one signal of impact/value. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Can at least some support unignore my case manually? |
Can this be labeled as a bug? It is near impossible / very tedious to remove a comment ignore right now (and fully impossible in certain cases), except for grouped dependencies (c.f. #8382). That is a blocker IMO, comment ignores just become permanent and unchangeable in many cases.
Also agreed with this longer term. Even if comment unignores are properly supported, it is still very difficult to manage these as-is. Related: It would be great if there were a setting in |
Given that #7654 is an attempt at solving the general issue of being able to see what has been ignored, it still seems that there is an "internal feature flag" active. The documentation at managing-dependabot-pull-requests-with-comment-commands and If one has used a "@ dependabot " ignore command (of some sort) in a PR comment, what is the current way of figuring out what ignores are active? There is mention of looking in "logs", what logs are those? Are they under "Insights" -> "Dependency graph" -> "Dependabot" -> "Recent update jobs" for example? |
I've blocked updating a dependency with
@dependabot ignore this dependency
:dependabot responded:
but I can't reopen the pr, because it's already merged:
and I've definitely updated the dependency myself after that (which I created manually as dependabot didn't update):
there's 0.9.8 out now:
but version still at 0.9.7 and no dependabot update pull request:
how to rectify the problem, I want dependabot start updating that dependency again :)
The text was updated successfully, but these errors were encountered: