[bundler] Better library support #1805
Labels
F: pull-requests
Issues about Dependabot pull requests
service 💁
Relates to Dependabot features GitHub provides
T: feature-request
Requests for new features
Comments
lseppala
added
F: pull-requests
|
Closing, as we aren't doing native automerge, although there is a workaround you can setup leveraging GitHub actions. |
|
Hei @jeffwidman. My issue was not related to automerge per se, but about detection of development vs production dependencies in the Ruby ecosystem. Even if automerge is no longer a thing, this can still be used for things, for example: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow. That said, I'm not sure whether this is still an issue. If it is, I'll make sure to reopen! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello! 👋
Thanks so much for maintaining dependabot, I use it all the time :)
I just got this PR to my library: deivid-rodriguez/pry-byebug#295.
I would've expected dependabot to detect that it was only a development dependency update, and automerge it.
I think dependabot should be able to detect that it's creating a PR for a library (a criteria could be that there's a
gemspecfile in the root of the project), and in that case consider any update not touching thegemspecfile as a development dependency update.Thanks!
The text was updated successfully, but these errors were encountered: