Version 121 is proposed by dependabot

[r0manchak]

[chenrui333]

that might be more like a dependabot issue, I did not see any tag for 121 in the repo

[giarc3]

Dependabot can find both tags and branches, and there is a branch here named v121, so I'm fairly sure that's the source of its confusion. It would be nice for this to be resolved as all the Dependabot PRs are noisy/wrong to merge

[aidan-mundy]

Also running into this issue. Just want to confirm that the cause is the branch, and this is expected behavior from Dependabot, since many actions use a vXXX syntax instead of the more semver-like vXX.YY.XX

[mara004]

I think adding the following ignore rule should help:

  - package-ecosystem: "github-actions"
    # ...
    ignore:
      - dependency-name: "benc-uk/workflow-dispatch"
        versions: ["121"]  # presumably an upstream accident

Related incident: https://github.com/pypdfium2-team/pypdfium2/pull/297

[giarc3]

@benc-uk This issue was closed as completed but branch v121 still exists, so this problem is not yet resolved

[benc-uk]

I've nuked that version, people can use v1.2 or v1 tags Dependabot's logic here baffles me

[giarc3]

Sorry to keep harping on this, but it's the branch v121 that is causing issues, not a tag or release. Dependabot works on both branches and tags, and it obviously feels that (branch) v121 is newer than (tag) v1, so it creates PRs upgrading to that branch. Either deleting the v121 branch or re-pushing it under a non-semver name should fix the issue.

[benc-uk]

Done I didn't even realize there was a v121 branch, it was probably temporary. I don't normally name branches to match versions.

Once again Dependabot proves to be far more trouble than it's worth

[mara004]

Thanks for this and #67 !

Once again Dependabot proves to be far more trouble than it's worth

I disagree -- or what alternatives are there to keep track of updating one's actions?