Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore is a list for dependabot #5127

Merged
merged 2 commits into from
Dec 16, 2020
Merged

Ignore is a list for dependabot #5127

merged 2 commits into from
Dec 16, 2020

Conversation

timja
Copy link
Member

@timja timja commented Dec 16, 2020
edited
Loading

@timja timja requested review from batmat and a team December 16, 2020 20:29
@timja timja mentioned this pull request Dec 16, 2020
Merged
10 tasks
MarkEWaite
MarkEWaite approved these changes Dec 16, 2020
View reviewed changes
Copy link
Contributor

@MarkEWaite MarkEWaite left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional addition to include commons-beanutils in the exclusion list.

See #5124 and the recommendation from @basil

.github/dependabot.yml Show resolved Hide resolved
jglick
jglick approved these changes Dec 16, 2020
View reviewed changes
Copy link
Member

@jglick jglick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like GitHub had some way of checking syntax of dependabot.yml automatically in PRs touching it?

@timja
Copy link
Member Author

timja commented Dec 16, 2020

I feel like GitHub had some way of checking syntax of dependabot.yml automatically in PRs touching it?

yeah normally you get a check run but I don't see it atm

@timja
Copy link
Member Author

timja commented Dec 16, 2020

o it's there now

@timja timja merged commit 6a2d37d into master Dec 16, 2020
@timja timja deleted the fix-dependabot branch December 16, 2020 21:04
jglick
jglick reviewed Dec 16, 2020
View reviewed changes
.github/dependabot.yml
@@ -9,4 +9,5 @@ updates:
schedule:
interval: "daily"
ignore:
dependency-name: "org.codehaus.groovy:groovy-all"
- dependency-name: "org.codehaus.groovy:groovy-all"
- dependency-name: "commons-beanutils:commons-beanutils"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW we should be including comments referring to written reasons for avoiding certain updates. For Groovy it is pretty well-known but for BeanUtils the issues in #4928 and #4328 were pretty technical.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just wanted to fix dependabot in this PR,

comments added in #5130 feel free to debate / suggest phrasing

@MarkEWaite MarkEWaite added the dependencies Pull requests that update a dependency file label Dec 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jglick jglick jglick approved these changes

@basil basil basil approved these changes

@MarkEWaite MarkEWaite MarkEWaite approved these changes

@batmat batmat Awaiting requested review from batmat

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@timja @basil @jglick @MarkEWaite