Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I change my Dependabot config to exclude major versions

Tags:

config

dependabot

This is my Dependabot config, is there any way to exclude major version updates and just have minor, patch and security updates? If so what would I need to change?

version: 1
update_configs:
  - package_manager: 'javascript'
    commit_message:
      include_scope: true
      prefix: 'chore'
    default_reviewers:
      - someUser
    default_labels:
      - 'dependencies'
    directory: '/'
    target_branch: 'develop'
    update_schedule: 'live'
like image 856
riscos3 Avatar asked Jan 26 '26 16:01

riscos3

1 Answers

This is now possible although you'll need to update to Dependabot version 2. You can then do something like the following:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "*"
        update-types: ["version-update:semver-major"]

See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore for more information on this.

like image 178
Michael Avatar answered Jan 29 '26 13:01

Michael
Sign in to Comment

Related questions

How do you define paths in application?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!