How to ignore all patch versions in Dependabot

492 Views Asked by udo At 20 October 2024 at 21:59

Most packages follow semantic versioning to define major.minor.patch versions.

I would like to configure Dependabot to exclude all patch versions and not create PRs.

From the docs it's not completely clear to me how to do this. The example shows the config for specific packages:

# Use `ignore` to specify dependencies that should not be updated

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "express"
        # For Express, ignore all Dependabot updates for version 4 and 5
        versions: ["4.x", "5.x"]
        # For Lodash, ignore all updates
      - dependency-name: "lodash"
        # For AWS SDK, ignore all patch updates for version updates only
      - dependency-name: "aws-sdk"
        update-types: ["version-update:semver-patch"]

How would I exclude all patch versions from being opened as PR?

Original Q&A

There are 1 best solutions below

udo On 28 August 2023 at 15:44 BEST ANSWER

as jon pointed out, the following config ignores all patch versions:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "*"
        update-types: ["version-update:semver-patch"]

How to ignore all patch versions in Dependabot

There are 1 best solutions below

Related Questions in GITHUB

Related Questions in GITHUB-DEPENDABOT

Trending Questions

Popular # Hahtags

Popular Questions