Let's imaging I have a dependency like:

mavenBom ".springframework:spring-framework-bom:6.2.0-SNAPSHOT"

The Spring Framework has just released 6.2.0 GA and just after that published 6.2.1-SNAPSHOT.

Ideally I would like Dependabot to suggest me an update to 6.2.0, but that's different story.

Right now I just don't want it to update from 6.2.0-SNAPSHOT to 6.2.1-SNAPSHOT.

What kind of config I could apply to skip such a version pattern from updating?

My current one is like this:

ignore:
  - dependency-name: '*'
    update-types:
      - version-update:semver-major
      - version-update:semver-minor 

Doesn't look like versions option can accept something like *-SNAPSHOT: .yml-file#specifying-dependencies-and-versions-to-ignore

UPDATE

Well, apparently there is no way for now. Found this old GH issue:

Let's imaging I have a dependency like:

mavenBom ".springframework:spring-framework-bom:6.2.0-SNAPSHOT"

The Spring Framework has just released 6.2.0 GA and just after that published 6.2.1-SNAPSHOT.

Ideally I would like Dependabot to suggest me an update to 6.2.0, but that's different story.

Right now I just don't want it to update from 6.2.0-SNAPSHOT to 6.2.1-SNAPSHOT.

What kind of config I could apply to skip such a version pattern from updating?

My current one is like this:

ignore:
  - dependency-name: '*'
    update-types:
      - version-update:semver-major
      - version-update:semver-minor 

Doesn't look like versions option can accept something like *-SNAPSHOT: https://docs.github/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore

UPDATE

Well, apparently there is no way for now. Found this old GH issue: https://github/dependabot/dependabot-core/issues/7885

• gradle
• dependabot

Share Improve this question Follow edited Nov 19, 2024 at 18:57 Artem Bilan asked Nov 19, 2024 at 18:02 Artem BilanArtem Bilan 122k1111 gold badges102102 silver badges129129 bronze badges

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

version: 2
updates:
  - package-ecosystem: "maven"  # Use 'maven' or 'gradle' as per your project
    directory: "/"  # Adjust to your project directory if needed
    schedule:
      interval: "weekly"  # Set to 'daily', 'weekly', or 'monthly'
    versioning-strategy: "increase"  # Prevent SNAPSHOT versions from being picked
    ignore:
      - dependency-name: "your-dependency"  # Optional: Ignore specific dependencies
        versions: ["*-SNAPSHOT"]  # Ignore SNAPSHOT versions