Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependabot config to ignore specific dependencies' major versions #16949

Open
2 tasks done
jpandersen87 opened this issue Jan 3, 2025 · 0 comments · May be fixed by #16950
Open
2 tasks done

Update dependabot config to ignore specific dependencies' major versions #16949

jpandersen87 opened this issue Jan 3, 2025 · 0 comments · May be fixed by #16950
Assignees
@jpandersen87
Labels
experience Team label to flag issues owned by the Experience Team tech-debt Anything that is purely a technical issue and does not affect functionality

Comments

@jpandersen87
Copy link
Collaborator

jpandersen87 commented Jan 3, 2025
edited
Loading

By default dependabot, regardless of semver syntax on dependencies, will attempt to update across major versions. Unfortunately this means needing to periodically update the dependabot config to ignore major versions for dependencies that need manual migration (though not ideal as we want to keep edits to the dependabot config to a minimum).

Acceptance Criteria

  • Current list of libraries with incompatible major updates added to dependabot frontend ignore list (specifying to ignore major updates only)
  • Aforementioned libraries' entries in package.json reverted back to ^ semver syntax rather than ~
@jpandersen87 jpandersen87 added experience Team label to flag issues owned by the Experience Team tech-debt Anything that is purely a technical issue and does not affect functionality labels Jan 3, 2025
@jpandersen87 jpandersen87 self-assigned this Jan 3, 2025
jpandersen87 added a commit that referenced this issue Jan 3, 2025
@jpandersen87
Update dependabot config to ignore specific dependencies' major versions
38016a9 
Fixes #16949
@jpandersen87 jpandersen87 linked a pull request Jan 3, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpandersen87 jpandersen87

Labels
experience Team label to flag issues owned by the Experience Team tech-debt Anything that is purely a technical issue and does not affect functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update dependabot config to ignore specific dependencies' major versions CDCgov/prime-reportstream
1 participant
@jpandersen87