Dependabot - Ignoring NuGet package versions

Question

I'm trying to get dependabot up and and running with C# projects that have NuGet dependencies, and configure it to ignore certain versions of packages, such as .NET 7 packages.

Things I have tried:

Various variations of the .github/dependabot.yml file, example below.

version: 2
registries:
  nuget-private:
    type: nuget-feed
    url: https://pkgs.dev.azure.com/{teamName}/_packaging/{teamName}/nuget/v3/index.json
    token: ':{patToken}'
  nuget-public:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json
updates:
  - package-ecosystem: nuget
    directory: '/'
    registries: '*'
    schedule:
      interval: weekly
    open-pull-requests-limit: 50
    ignore:
      - dependency-name: 'Microsoft.EntityFrameworkCore'
        versions: ['7.x']
      - dependency-name: 'Microsoft.EntityFrameworkCore.Relational'
        versions: ['7.x']

Specifying versions in the project.csproj file.

<ItemGroup>
   <PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.14" allowedVersions="[6,7)" />
   <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="6.0.14" allowedVersions="[6,7)" />
   <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
</ItemGroup>

Nothing I try seems to work, and I get PRs for .NET 7 package versions. If this were working as expected, I would expect a PR for version 6.0.15.

Have searched for hours but can't seem to come across anyone having similar issues. Any help would be appreciated.

score 0 · Accepted Answer · answered Mar 20 '23 at 18:50

0

Right, the solution was simple.

versions: ['7.*']

Job done.

answered Mar 20 '23 at 18:50

dalemac

355
1
4
15

Dependabot - Ignoring NuGet package versions

1 Answers1