[Bug]: Applying versioning to Dependabot

Question

[Bug]: Applying versioning to Dependabot

gbowne1 opened this issue a year ago · 3 comments

Describe the Bug

Dependabot could probably use further enhancements to help us. I think it would currently PR when it finds a patch version update..

I think it would be better if we wait for Major and minor versions and ignore patch versions (according to SemVer 2.0.

Some enhancment could be done with a updates: section in the .yml

updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    labels:
      - "dependencies"
    versioning: "widen"
    allow:
      - dependency-type: "direct"
      - dependency-type: "indirect"
        update-type: "patch"
      - dependency-type: "indirect"
        update-type: "minor"

Steps to Reproduce

N/A

Screenshots

No response

Which device are you using?

Linux VM

Which operating system are you using?

Debian Linux

Which browser are you using?

Firefox 118

Additional Context

No response

Contribute

I am willing to contribute and submit a pull request

Answer 1 · 2023-10-17T15:39:49.000Z

@gbowne1 - I can work on this and along with that will add other configuration like assignee and reviewers.

Answer 2 · 2023-10-17T22:41:52.000Z

Ok @balajik, thanks :)

Answer 3 · 2023-10-27T20:31:36.000Z

@balajik I have invited you to be a collaborator on this project.