-
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specifying allow-conditions disallows all updates #652
Comments
It seems like all allow-conditions require a I modified my dependabot.yml to this, where I added version: 2
updates:
- package-ecosystem: nuget
directory: '/'
schedule:
interval: daily
allow:
- dependency-name: Newtonsoft.Json
dependency-type: all This works. However, the allow section in the dependabot docs on GitHub clearly show examples where only Is there a discrepancy here, where this extension mistakenly behaves differently from dependabot core? Or is this by design? |
Thanks for reporting this |
Just pushed release 0.19.0. It'd be great if you could test and report back. |
Sorry for the late reply, was on vacation @mburumaxwell I haven't had time to test removing Here is my updates:
- package-ecosystem: nuget
directory: /ProjectName
schedule:
interval: daily
allow:
- dependency-name: Newtonsoft.Json
dependency-type: all
- dependency-name: MudBlazor
dependency-type: all
- dependency-name: Microsoft.NET.Test.Sdk
dependency-type: all
- dependency-name: xunit.*
dependency-type: all
- dependency-name: Moq
dependency-type: all
- dependency-name: coverlet.collector
dependency-type: all
- dependency-name: Amazon.*
dependency-type: all
- dependency-name: Polly.*
dependency-type: all
- dependency-name: Dapper
dependency-type: all
- dependency-name: Npgsql
dependency-type: all
- dependency-name: System.IdentityModel.Tokens.Jwt
dependency-type: all
- dependency-name: Microsoft.IdentityModel.Protocols.OpenIdConnect
dependency-type: all
- dependency-name: Google.Protobuf
dependency-type: all Yet I've been getting PRs for e.g. |
In this case it is easier to use |
The list would be three times as long if I used |
Recently we made a major change to an image per ecosystem. Since #711 happened before it, you cannot rollback effectively. I will try and reproduce your issue but I cannot guarantee when that will be. |
I understand. Thank you for the help! I'll see if we can work around this for now then. |
When configuring dependabot with an allow-section in dependabot.yml, all updates are disallowed, even those that match.
dependabot-pipeline.yml:
dependabot.yml
DependabotSandbox.csproj
Both
Newtonsoft.Json
andSerilog
have newer versions available. I am expectingNewtonsoft.Json
to be updated, but notSerilog
.Log excerpt:
However, removing the allow-section altogether makes both versions update as expected. Is is as if dependabot can't understand the conditions provided with
DEPENDABOT_ALLOW_CONDITIONS
, and so interprets the allow-section as empty, effectively disallowing all updates. But that's just a guess.Is there anything that I've simply overlooked here? Is it a known problem?
The text was updated successfully, but these errors were encountered: