Open
Description
Description
Observed Behavior:
Every time that we make a release in sigs.k8s.io/karpenter, we keep seeing dependabot try to create a PR to try and bump the version to the "latest" version like here. This shouldn't be happening because we are currently pinning to pseudo-versions so that we can take later changes into the AWS provider. This may change later, but this is how we have it configured right now.
To avoid getting these auto-bumps, we added exclude-patterns to dependabot.yaml here and here. It seems like dependabot is still ignoring this directive though. We should look into why this is occurring to avoid these auto-bumps.
Expected Behavior:
GH dependabot shouldn't raise a PR when we release a new version of sigs.k8s.io/karpenter
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Activity