Add option to always update to latest prerelease version

[jongio]

I have a project that I want to always have the latest prerelease versions. I know this is not the norm, but I would like a dependabot option that allows me to specify that I always want the latest version even prerelease regardless of what version is in csproj file.

Here's an example:

This line: https://github.com/jongio/azidext/pull/19/files#diff-62758d857fe8e73c3416a9341ff6127aL15

Has this:

<PackageReference Include="Azure.Identity" Version="1.1.0" />

I would like it to be update to the latest preview version, which is this:

<PackageReference Include="Azure.Identity" Version="1.2.0-preview.4" />

But dependabot is only bumping it to 1.1.1.

According to issue #1842 dependabot will only bump to preview if the version is the same minor version.

As mentioned in #1842, it is common to push "preview" moniker before the production version is ready.

I was expecting this "always get the latest preview version option" in the config.yml file, under "allowed_updates", maybe have a "always_prerelease" option.

Based on comments in #1842, I thought a good workaround would be to manually set the version to "1.2.0-preview.1", so that it picks up all new preview versions of 1.2, but that is not working. I have filed #1928 to track that issue.

Even if that worked as a stopgap, it would not be sustainable, as I will have to also manually update to 1.3.0-preview.1, when that preview is available.

Thanks! Jon

azsdke2e

[robertcoltheart]

Is there any movement on this issue? I too would like the ability to always update to a pre-release, as I want to use it as a canary to let me know when there is a major update coming for an external nuget package, so that I can update my code.

Updates for the external lib follow:

1.0, followed by 1.1-preview.1 and then 1.1. Right now, I'm only getting a Dependabot PR when 1.1 arrives, which means there is a lag in updating my code to work in the latest version.

Tagging @jurre

[jurre]

Hey hey, yeah I think it makes sense as an optional feature.

Unfortunately our team is spread pretty thin currently and we won't be able to look into this in the foreseeable future.

[robertcoltheart]

Will you accept a pull request? Sorry, I haven't looked at the contributor guidelines yet.

[jurre]

We would, but unfortunately this change also requires work on our internal services that run dependabot in order to allow for the option to be configured etc. So with just such a contribution users could still not use the feature.

[robertcoltheart]

Disappointing. Let me know if the above changes, I'd be happy to contribute.

[hugovk]

+1

Is this a duplicate of https://github.com/dependabot/dependabot-core/issues/2250?

[cbardini]

Hi, I think that I am running into the same issue. My application is currently using version 4.0.4-prerelease-20211013.2 of the OSIsoft.OCSClients NugetPackage. I would have expected dependabot to update to the latest prerelease version (5.0.1-prerelease-20220705.1), but it did not. When I look at the update logs it shows that it did not find a newer version:

updater | INFO <job_430568916> Checking if OSIsoft.OCSClients 4.0.4-prerelease-20211013.2 needs updating proxy | 2022/07/29 18:38:38 [026] GET https://azuresearch-usnc.nuget.org:443/query?q=osisoft.ocsclients&prerelease=true&semVerLevel=2.0.0 proxy | 2022/07/29 18:38:38 [026] 200 https://azuresearch-usnc.nuget.org:443/query?q=osisoft.ocsclients&prerelease=true&semVerLevel=2.0.0 updater | INFO <job_430568916> Latest version is 4.0.4-prerelease-20211013.2 updater | INFO <job_430568916> No update needed for OSIsoft.OCSClients 4.0.4-prerelease-20211013.2

Has there been any movement on this issue?

[jeffwidman]

Closing as a dupe of #2250 .

I realize this ticket came first, but that one seems to have more traction and a more complete description from a product/feature perspective, so let's use that one.