version-update:semver-major not working with pytest - Githubissues

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.

https://docs.github.com/en/code-security/dependabot

MIT License

4.73k stars 1.02k forks source link

version-update:semver-major not working with pytest #10573

Open Zippy1999 opened 2 months ago

Zippy1999 commented 2 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Package ecosystem

pip

Package manager version

pip

Language version

python

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2 updates:

package-ecosystem: pip directory: / insecure-external-code-execution: allow open-pull-requests-limit: 1 schedule: interval: daily commit-message: prefix: '(dep-update) ' ignore:
- dependency-name: "*" update-types: ["version-update:semver-major"]

Updated dependency

dependencies = [ "pytest>7.0.0,<=7.4.4", ]

What you expected to see, versus what you actually saw

Dependabot should not exceed version 7.4.4 but dependabot actually updates to 8.3.2

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Screenshot 2024-09-10 at 11 05 22

Smallest manifest that reproduces the issue

No response

ferdlestier commented 3 weeks ago

I have reported a similar case, but in my case I suspect that the issue might be related to the way dependabot is calculating the ranges? And therefore is not respecting the ignore condition with version-update:semver-major.