Invalid minor bump in non-main branch when only paths are allows
abelsromero opened this issue · 0 comments
abelsromero commented
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
Gradle
Package manager version
7.6
Language version
Java
Manifest location and content before the Dependabot update
It's a public repo, here are the most recent invalid PRs opened with all details:
dependabot.yml content
We configure multiple branches in the depedabot.yml from the main branch.
Updated dependency
We see minor bumps when these should not me allowed.
ignore:
- dependency-name: "org.springframework.boot:*"
update-types:
- "version-update:semver-major"
- "version-update:semver-minor"
- dependency-name: "spring-cloud-starter-op
What you expected to see, versus what you actually saw
In the case of the spring-cloud/spring-cloud-app-broker#818, a 3.0.9 exists that does not get a PR, instead we get 3.1.2 bump.
Native package manager behavior
Does not apply.
Images of the diff or a link to the PR, issue, or logs
Here are the most recent invalid PRs opened:
Smallest manifest that reproduces the issue
Truth be told, we have similar policies in other repos and we've only seen a repeated error in this repo/branch.