Alfred Mazimbe

icon indicating a website link http://www.404-digital.co.uk icon indicating an email [email protected]

icon company 404 Digital icon location United Kingdom icon location Software Developer with 12+ years experience building Ruby and JavaScript apps.

Results 16 comments of Alfred Mazimbe

Stop running Bundler v1

> Yes, that's correct. Currently Dependabot never updates the Bundler version, and that's what will create issues here. Dependabot will upgrade the lockfile to "v2 format" but will keep "BUNDLED...

Stop running Bundler v1

I've had a call with @jurre regarding this PR and some of what I wrote earlier has turns out to be incorrect. To avoid confusion, I'll summarise the current state...

Stop running Bundler v1

On hold awaiting input from product about how we would like to proceed.

Dependabot ignores dependencies even if they have a higher version than the ignored version.

> I am faced with the same issue as @na1307. I maintain a relatively big set of Java-based projects that are updated weekly by dependabot in grouped pull requests. As...

Dependabot ignores dependencies even if they have a higher version than the ignored version.

> Thanks for the quick response, @amazimbe! So, if I follow you and the linked description correctly, the fact the Mockito 5.0.0 release is added to my Dependabot PRs, is...

Dependabot ignores dependencies even if they have a higher version than the ignored version.

@smcvb here is the maven issue ticket: https://github.com/dependabot/dependabot-core/issues/10798. It's unrelated to this nuget issue.