Configure dependabot to ignore 'idna' #1259
Conversation
| @@ -6,3 +6,8 @@ updates: | |||
| interval: daily | |||
| time: "10:00" | |||
| open-pull-requests-limit: 10 | |||
| ignore: | |||
There was a problem hiding this comment.
The docs you linked to earlier suggest this should be ignored_updates? Did this change when Dependabot was integrated into GitHub?
There was a problem hiding this comment.
Did this change when Dependabot was integrated into GitHub?
Exactly. I used the "Dependabot Preview" (legacy non-native version) web interface to PR the initial dependabot.yml (#1258), which also did the migration to GitHub-native, which seems to have a slightly different config syntax: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-and-disabling-version-updates#disabling-dependabot-version-updates
.github/dependabot.yml
Outdated
| # New 'idna' (see 'requests') releases break Python 2.7 builds. Ignore here | ||
| # to avoid listing/pinning transitive dependencies in requirements.txt. | ||
| # FIXME: Un-ignore when dropping Python 2.7 or resolving #1249 | ||
| - dependency-name: "idna" |
There was a problem hiding this comment.
Nit:
| - dependency-name: "idna" | |
| - dependency-name: "idna" | |
|
Thanks for the quick review, @joshuagl! Just force-pushed an updated commit that adds the newline and the relevant docs in the commit message. |
New releases of the transitive (via 'requests') dependency 'idna' break Python 2.7 builds. To fix this we configure dependabot to not bump 'idna' in requirements-pinned.txt, which lists and auto-updates all immediate and transitive dependencies for CI/CD testing. An alternative would be to add and restrict 'idna' in 'requirements.txt' but this is less preferable because 'requirements.txt' should only have direct dependencies. For consulted dependabot config docs see: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/enabling-and-disabling-version-updates#disabling-dependabot-version-updates Signed-off-by: Lukas Puehringer <[email protected]>
Sorry, forgot to stage the change. 🤦 Now the newline is indeed included. |
Fixes -
Related to #1256
Description of the changes being introduced by the pull request:
New releases of the transitive (via 'requests') dependency 'idna' break Python 2.7 builds. To fix this we configure dependabot to not bump 'idna' in requirements-pinned.txt, which lists and auto-updates all immediate and transitive dependencies for CI/CD testing.
An alternative would be to add and restrict 'idna' in 'requirements.txt' but this is less preferable because 'requirements.txt' should only have direct dependencies.
Please verify and check that the pull request fulfills the following
requirements: