Dependabot Gem Updates #55496
Replies: 2 comments 1 reply
-
Dependabot's non-security updates feature is designed to automatically update your dependencies to their latest versions, even if the new version does not fall within the version restrictions set up in your Gemfile. This is because Dependabot's goal is to keep all of your dependencies up-to-date and secure. However, it is important to note that Dependabot should not be changing the version restrictions you have set without your knowledge or consent. If you are experiencing issues where your tests are failing due to version conflicts caused by Dependabot updates, it may be worth reviewing your Gemfile and evaluating whether the version restrictions you have set are too narrow or overly specific. If you believe that Dependabot is changing your version restrictions without your consent, you can review its configuration settings in your repository to ensure that it is behaving as expected. You may also want to consider adjusting your settings or disabling the non-security updates feature altogether if it is causing too many issues for your team. |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
A few months ago, we enabled Dependabot's updates for non-security updates. I thought it would update gems within the version restrictions set up in our Gemfile. But there are many available updates and it doesn't usually do them. It does update the Gemfile sometimes to change the version restrictions we have set. This usually just fails our tests, and we can't merge those PRs. Is this intended? Seems bad to change version restrictions we have set.
Beta Was this translation helpful? Give feedback.
All reactions