Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Python package compatible version update when not necessary #5537

Closed
netsandbox opened this issue Aug 15, 2022 · 1 comment · Fixed by #5605
Closed

Python package compatible version update when not necessary #5537

netsandbox opened this issue Aug 15, 2022 · 1 comment · Fixed by #5605
Assignees
Labels
F: version-updates ⬆️ Issues specific to version updates L: python:pip Python packages via pip T: feature-request Requests for new features

Comments

@netsandbox
Copy link

Package ecosystem
pip

Manifest location and content before the Dependabot update
https://github.com/netsandbox/gh_dependabot_python_compatible_version/blob/5ce94f9679ff84b6fa95e831445ee70327f345fe/requirements.txt

dependabot.yml content
https://github.com/netsandbox/gh_dependabot_python_compatible_version/blob/5ce94f9679ff84b6fa95e831445ee70327f345fe/.github/dependabot.yml

Updated dependency
Update example-pkg-cloos requirement from ~=2.0.0 to ~=2.0.2

What you expected to see, versus what you actually saw
No dependabot update because version 2.0.2 is covered by the compatible release version specifier ~=2.0.0

Images of the diff or a link to the PR, issue, or logs
netsandbox/gh_dependabot_python_compatible_version#1

🕹 Bonus points: Smallest manifest that reproduces the issue
https://github.com/netsandbox/gh_dependabot_python_compatible_version

@netsandbox netsandbox added the T: bug 🐞 Something isn't working label Aug 15, 2022
@jeffwidman jeffwidman added the L: python:pip Python packages via pip label Aug 25, 2022
@deivid-rodriguez
Copy link
Contributor

Hi! Thanks for reporting this!

You're asking for the increase-if-necessary versioning strategy, which pip does not yet support. Have a look at the docs for how the different versioning strategies work: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy.

This shouldn't be too hard to support though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
F: version-updates ⬆️ Issues specific to version updates L: python:pip Python packages via pip T: feature-request Requests for new features
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

3 participants