dependabot is trying to update from 0.0.27 to 0.2.31 after version scheme change

[lucasrangit]

Take a look at https://github.com/berlin-hack-and-tell/berlinhackandtell.rocks/pull/320 and you'll see @dependabot tying to merge the update from 0.0.27 to 0.2.31.

It is confused by the version scheme change.

Since you cannot remove "old" version, I suggest changing the version scheme again. Since you want to match URLchecker, then you should use major.minor versions only. e.g. 0.0.27 becomes 0.27.

That will fix the issue since 0.27 > 0.2.31 > 0.0.27.

[vsoch]

Can you not just ignore the suggested update?

[lucasrangit]

Yeah we can ignore it. I also think there's a way to configure the @dependabot to ignore some versions with .github/dependabot.yml so I don't have to disable auto-update completely.

- version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
    ignore:
      - dependency-name: "urlchecker-action"
        # Ignore old version scheme
        versions: ["0.2.x", "0.1.x"]

I am reporting this because you made the change to make our lives easier :wink:

[vsoch]

Yeah! I'm really sorry. Hmm - if there is a way to check (and update) where the action is being used (and make sure the older versions aren't being used) we could potentially delete the old releases.

[vsoch]

Oh my that's quite a few! https://github.com/urlstechie/urlchecker-action/network/dependents

[lucasrangit]

Yeah I was just about to post that "Used by" link. Pretty handy.

[vsoch]

Okay I got through... one page! There were about 3-4 repos that used a pinned (to be deprecated version). I'm worried if dependabot is opening up PRs that more might switch to an older version so maybe it would be best to delete them before that happens and then hope to catch all the repos that use it.

[vsoch]

okay this should be addressed! Hopefully I didn't miss too many and people won't be angry with me. Thanks for bringing this to my attention! https://github.com/urlstechie/urlchecker-action/issues/89

[lucasrangit]

Thanks! I think this is the right solution as long as it's clear what is wrong when it breaks.

Often whoever set this up is gone or has forgotten how it was set up in the first place so getting back up and running quickly is all that matters.

[vsoch]

I totally agree! It would get worse as time went on. And I’ve definitely learned my lesson and am not going to violate semver in the future!