Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot doesn't ignore an ignored dependency #10620

Open
1 task done
provegard opened this issue Sep 17, 2024 · 1 comment
Open
1 task done

Dependabot doesn't ignore an ignored dependency #10620

provegard opened this issue Sep 17, 2024 · 1 comment
Labels
L: javascript T: bug 🐞 Something isn't working

Comments

@provegard
Copy link

provegard commented Sep 17, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

npm

Package manager version

npm 8

Language version

Node.js 18

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "nuget"
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"
    open-pull-requests-limit: 5
    target-branch: "dependabot-updates"
  - package-ecosystem: "npm"
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"
    open-pull-requests-limit: 5
    target-branch: "dependabot-updates"
    ignore:
      # Vue 2.7.16 has a regression, stay on 2.7.15
      - dependency-name: "vue"
      - dependency-name: "vue-template-compiler"
      - dependency-name: "@vue/compiler-sfc"

Updated dependency

vue-template-compiler 2.7.15 -> 2.7.16

What you expected to see, versus what you actually saw

I expect dependabot to ignore vue-template-compiler 2.7.16, since it's ignored in the dependabot.yaml file. I have also tried various ways of specifying a version in dependabot.yaml, but nothing works.

Actual result: Dependabot tries to upgrade vue-template-compiler from 2.7.15 to 2.7.16.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

The PR is in a private repository.

image

Smallest manifest that reproduces the issue

No response
@provegard provegard added the T: bug 🐞 Something isn't working label Sep 17, 2024
@github-actions github-actions bot added L: dotnet:nuget NuGet packages via nuget or dotnet L: javascript labels Sep 17, 2024
@provegard
Copy link
Author

The dotnet:nuget label is wrong. Nuget is in the dependabot.yaml file, but so is npm, and the issue is about the npm ecosystem.

@msschambach msschambach mentioned this issue Sep 24, 2024
Open
1 task
@brettfo brettfo removed the L: dotnet:nuget NuGet packages via nuget or dotnet label Sep 25, 2024
@cpovirk cpovirk mentioned this issue Oct 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: javascript T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@provegard @brettfo