dependabot-core
dependabot-core copied to clipboard
Add option to always update to latest prerelease version
I have a project that I want to always have the latest prerelease versions. I know this is not the norm, but I would like a dependabot option that allows me to specify that I always want the latest version even prerelease regardless of what version is in csproj file.
Here's an example:
This line: https://github.com/jongio/azidext/pull/19/files#diff-62758d857fe8e73c3416a9341ff6127aL15
Has this:
<PackageReference Include="Azure.Identity" Version="1.1.0" />
I would like it to be update to the latest preview version, which is this:
<PackageReference Include="Azure.Identity" Version="1.2.0-preview.4" />
But dependabot is only bumping it to 1.1.1.
According to issue #1842 dependabot will only bump to preview if the version is the same minor version.
As mentioned in #1842, it is common to push "preview" moniker before the production version is ready.
I was expecting this "always get the latest preview version option" in the config.yml file, under "allowed_updates", maybe have a "always_prerelease" option.
Based on comments in #1842, I thought a good workaround would be to manually set the version to "1.2.0-preview.1", so that it picks up all new preview versions of 1.2, but that is not working. I have filed #1928 to track that issue.
Even if that worked as a stopgap, it would not be sustainable, as I will have to also manually update to 1.3.0-preview.1, when that preview is available.
Thanks! Jon
azsdke2e
Is there any movement on this issue? I too would like the ability to always update to a pre-release, as I want to use it as a canary to let me know when there is a major update coming for an external nuget package, so that I can update my code.
Updates for the external lib follow:
1.0
, followed by 1.1-preview.1
and then 1.1
. Right now, I'm only getting a Dependabot PR when 1.1
arrives, which means there is a lag in updating my code to work in the latest version.
Tagging @jurre
Hey hey, yeah I think it makes sense as an optional feature.
Unfortunately our team is spread pretty thin currently and we won't be able to look into this in the foreseeable future.
Will you accept a pull request? Sorry, I haven't looked at the contributor guidelines yet.
We would, but unfortunately this change also requires work on our internal services that run dependabot in order to allow for the option to be configured etc. So with just such a contribution users could still not use the feature.
Disappointing. Let me know if the above changes, I'd be happy to contribute.
+1
Is this a duplicate of https://github.com/dependabot/dependabot-core/issues/2250?
Hi, I think that I am running into the same issue. My application is currently using version 4.0.4-prerelease-20211013.2 of the OSIsoft.OCSClients NugetPackage. I would have expected dependabot to update to the latest prerelease version (5.0.1-prerelease-20220705.1), but it did not. When I look at the update logs it shows that it did not find a newer version:
updater | INFO <job_430568916> Checking if OSIsoft.OCSClients 4.0.4-prerelease-20211013.2 needs updating proxy | 2022/07/29 18:38:38 [026] GET https://azuresearch-usnc.nuget.org:443/query?q=osisoft.ocsclients&prerelease=true&semVerLevel=2.0.0 proxy | 2022/07/29 18:38:38 [026] 200 https://azuresearch-usnc.nuget.org:443/query?q=osisoft.ocsclients&prerelease=true&semVerLevel=2.0.0 updater | INFO <job_430568916> Latest version is 4.0.4-prerelease-20211013.2 updater | INFO <job_430568916> No update needed for OSIsoft.OCSClients 4.0.4-prerelease-20211013.2
Has there been any movement on this issue?
Closing as a dupe of #2250 .
I realize this ticket came first, but that one seems to have more traction and a more complete description from a product/feature perspective, so let's use that one.