Dependabot not ignoring correctly?

Per my config below, both of these PRs should not have been created

- Bump @angular/cli from 9.1.7 to 9.1.8
- Bump @capacitor/cli from 2.1.2 to 2.2.0
- Bump @angular-devkit/build-angular from 0.901.7 to 0.901.8

For what it’s worth, I previously was not using the wildcard(*) and they were still being opened.

full config:

version: 2
updates:
- package-ecosystem: bundler
  directory: "/"
  schedule:
    interval: monthly
    day: sunday
  open-pull-requests-limit: 50
  ignore:
  - dependency-name: "@angular*"
    versions:
    - ">= 0"
  - dependency-name: "@capacitor*"
    versions:
    - ">= 0"
  - dependency-name: "@fortawesome*"
    versions:
    - ">= 0"
  - dependency-name: "@ionic*"
    versions:
    - ">= 0"
- package-ecosystem: npm
  directory: "/"
  schedule:
    interval: weekly
    day: sunday
    time: '23:00'
    timezone: US/Eastern
  open-pull-requests-limit: 10

Hi there! :wave: Welcome to the Community!

I think this might be failing because you have used a single digit to specify the version number, and bundler requires more precision. See for example this stack overflow answer:

If your aim is to have those dependencies skipped entirely, however, you can just leave the versions: section out entirely!

https://help.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#specifying-dependencies-and-versions-to-ignore

1 Like

Pretty sure I didn’t add those version directives. They came in from the PR that Dependabot itself created to migrate my repo to a config file.

I’ll remove those versions and see what happens… but maybe someone on the Dependabot team should investigate as well. If what you say is correct, the import PR process is broken/misleading.

Nope - still not working correctly.

DB just opened a PR for @ionic-native/core (amongst other matching libs)

Here’s my updated config:

version: 2
updates:
  - package-ecosystem: bundler
    directory: "/"
    schedule:
      interval: monthly
    open-pull-requests-limit: 50
    ignore:
      - dependency-name: "@angular*"
      - dependency-name: "@capacitor*"
      - dependency-name: "@fortawesome*"
      - dependency-name: "@ionic*"
  - package-ecosystem: npm
    directory: "/"
    schedule:
      interval: monthly
    open-pull-requests-limit: 10

Ah, sorry for my incorrect first answer!

I will most likely need to escalate this to the Dependabot team - can you let me know which repository it’s happening on please?