-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Ignoring Specific Versions #375
Comments
I don't think a .dependabot/config.yml is supported, unfortunately. We've tried that but it didn't work. |
No plans for supporting |
If I had a clue about Ruby I probably would, unfortunately, I'm not a massive Ruby fan so wouldn't know where to begin. I hope someone can find the time to implement this. |
@greysteil I'm on github enterprise at the moment and might not have access to the official dependabot goodness for some time. If I can free up some bandwidth for a PR, is there any preference as far as yaml format? Also, given other features here might also want to leverage a config.yml, does the dependabot team have any asks regarding implementation? |
I'd go for compatibility with the format the main application uses - docs for that are at https://dependabot.com/docs/config-file/. Maybe start with just the bits you need and leave it to others to extend further |
I am running dependabot-script against https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-stream-dependencies . The problem I am running into is that this repository began being versioned like this:
Then transitioned to being versioned like this:
Consequently, the dependabot-script ends up thinking that I should update from Fishtown.SR2 (released March 2019) to 1.0.3 (released September 2016) which is incorrect.
I was wondering if there was any current or planned way to pass a list of ignored versions to dependabot-script so we could clean up this confusion manually.
The text was updated successfully, but these errors were encountered: