sgabler-solytic
commented
1 week ago Same for us. We are in the nuget ecosystem. 1 PR should be created, but 25 got created.
run-dependabot.yml
# Docs: https://marketplace.visualstudio.com/items?itemName=tingle-software.dependabot
# - also check out the related file in .azuredevops/dependabot.yml
trigger: none # Disable CI trigger
schedules:
- cron: '30 6 * * 1-5'
always: true
branches:
include:
- develop
batch: true
displayName: Run dependabot every weekday
jobs:
- job: dependabotUpdate
displayName: Dependabot Update Job
timeoutInMinutes: 180 # 60 minutes was previously not enough in some cases
pool:
vmImage: 'ubuntu-latest' # requires macos or ubuntu (windows is not supported)
steps:
- task: dependabot@2
inputs:
setAutoComplete: false # "true" failed with "403 Forbidden", could maybe be fixed by changing some permissionsdependabot.yml
# Docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
# - this file is expected to be located at /.azuredevops/dependabot.yml
# - also check out the related file in /pipelines/run-dependabot.yml
version: 2
updates:
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "daily"
target-branch: "develop"
open-pull-requests-limit: 1 # let's start low, we can increase this later
commit-message:
prefix: "🤖"
ignore:
- dependency-name: "*"
update-types: [ "version-update:semver-major" ] # Ignore major version updates
groups:
# Define groups that should be updated together
application-insights:
patterns:
- "Microsoft.ApplicationInsights*"
ef-core:
patterns:
- "Microsoft.EntityFrameworkCore*"
event-hubs:
patterns:
- "Azure.Messaging.EventHubs*"
hot-chocolate:
patterns:
- "HotChocolate*"
nsubstitute:
patterns:
- "NSubstitute*"
xunit:
patterns:
- "xunit*"
rhyskoedijk
We upgraded from Dependabot version 1 to version 2. Since then, Dependabot does not respect the
for npm ecosystem and created yesterday 135 PRs.