search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

Allow ignoring dependency in group where major version is zero #8685

Open garryod opened 11 months ago

garryod commented 11 months ago

Is there an existing issue for this?

Feature description

Often times we make use of dependencies which are still in the 'initial development' stage, section 4 of the semver spec specifies that these should be given a major version of zero (i.e. 0.y.z). As such packages are allowed to break their public API at any point it would be useful to be able to filter these out of groups. E.g.:

- package-ecosystem: caargo
  groups:
    minor:
      update-types:
        - minor
        - patch
      exclude-update-types:
        - initial-development
OJFord commented 10 months ago

IMO this is a bug: 0.1.x -> 0.2.y should be treated as major, not minor.