Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot keeps creating PRs even when disabled and commented out #11057

Open
1 task done
jsattler opened this issue Dec 5, 2024 · 3 comments
Open
1 task done

Dependabot keeps creating PRs even when disabled and commented out #11057

jsattler opened this issue Dec 5, 2024 · 3 comments
Labels
L: java:maven Maven packages via Maven T: bug 🐞 Something isn't working

Comments

@jsattler
Copy link

jsattler commented Dec 5, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

maven

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

# version: 2
# updates:
#   - package-ecosystem: "maven"
#     directory: "/services"
#     schedule:
#       interval: daily

Updated dependency

No response

What you expected to see, versus what you actually saw

I expect that when I comment out the dependabot.yml and disable dependabot in the organization settings, that no further pull requests will be created. However, dependabot still creates pull requests.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@jsattler jsattler added the T: bug 🐞 Something isn't working label Dec 5, 2024
@github-actions github-actions bot added the L: java:maven Maven packages via Maven label Dec 5, 2024
@yeikel
Copy link
Contributor

yeikel commented Dec 6, 2024

I am not sure if comments is a way to disable dependabot

Check out this thread #7072 (comment)

@yeikel
Copy link
Contributor

yeikel commented Dec 6, 2024

Actually, the docs state that commenting out should work

by commenting out the relevant package-ecosystem in the configuration file.

Are the upgrades regular dependency or security updates? The security updates can be disabled from the repository settings

@jsattler
Copy link
Author

jsattler commented Dec 6, 2024
edited
Loading

The upgrades are regular dependency upgrades. I disabled every dependabot configuration (including security updates) for that specific repository, but dependabot keeps creating pull requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: java:maven Maven packages via Maven T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yeikel @jsattler