I am trying to update dependencies using Renovatebot for a Poetry Python project. I have configured the root configuration file to update only the selected packages and added an option to exclude the remaining packages from being updated. However, the bot is still updating all packages.
Could you please help me resolve this issue?
module.exports = {
"platform": "azure",
"onboardingPrTitle": `Renovate PR ${process.env.BUILDNUMBER}`,
"prBody": "This PR updates dependencies to their latest versions.",
"prTitle": `Renovatebot Update: ${process.env.BUILDNUMBER}`,
"branchPrefix": "feature/",
"endpoint": ";,
"token": process.env.RENOVATE_TOKEN,
"hostRules": [
{
"matchHost": "pypi/simple",
"hostType": "pypi",
"enabled": true
},
{
"matchHost": "pkgs.dev.azure/Test/_packaging/example/pypi/simple/",
"hostType": "pypi",
"enabled": true,
"username": "[email protected]",
"password": process.env.PYPI_PASSWORD
}
],
"packageRules": [
{
"updateTypes": ["major", "minor", "patch", "security"],
"groupName": "all non-major and major updates"
},
{
"matchPackageNames": [
"python-multipart",
"starlette",
"aiohttp",
"cryptography",
"langchain-community",
"setuptools"
],
"enabled": true
//"managers": ["poetry"]
},
{
"matchPackagePatterns": ["*"],
"enabled": false
}
],
//"enabledManagers": ["poetry"],
//"poetry": {
// "fileMatch": ["(^|/)pyproject.toml$"],
// "enabled": true
//},
"lockFileMaintenance": {
"enabled": true
},
"osvVulnerabilityAlerts" : "true",
"onboarding": true,
"onboardingConfig": {
"extends": ["config:base"]
},
"branchPrefix": "feature/renovatebot-update/",
"separateMajorMinor": false,
"separateMinorPatch": false,
"labels": ["dependencies"],
"prConcurrentLimit": 5,
"prHourlyLimit": 5,
"schedule": ["at any time"],
"rangeStrategy": "bump",
"repositories": ["***/renovate-test-***"]
};
I am trying to update dependencies using Renovatebot for a Poetry Python project. I have configured the root configuration file to update only the selected packages and added an option to exclude the remaining packages from being updated. However, the bot is still updating all packages.
Could you please help me resolve this issue?
module.exports = {
"platform": "azure",
"onboardingPrTitle": `Renovate PR ${process.env.BUILDNUMBER}`,
"prBody": "This PR updates dependencies to their latest versions.",
"prTitle": `Renovatebot Update: ${process.env.BUILDNUMBER}`,
"branchPrefix": "feature/",
"endpoint": "https://dev.azure/Test",
"token": process.env.RENOVATE_TOKEN,
"hostRules": [
{
"matchHost": "pypi./simple",
"hostType": "pypi",
"enabled": true
},
{
"matchHost": "pkgs.dev.azure/Test/_packaging/example/pypi/simple/",
"hostType": "pypi",
"enabled": true,
"username": "[email protected]",
"password": process.env.PYPI_PASSWORD
}
],
"packageRules": [
{
"updateTypes": ["major", "minor", "patch", "security"],
"groupName": "all non-major and major updates"
},
{
"matchPackageNames": [
"python-multipart",
"starlette",
"aiohttp",
"cryptography",
"langchain-community",
"setuptools"
],
"enabled": true
//"managers": ["poetry"]
},
{
"matchPackagePatterns": ["*"],
"enabled": false
}
],
//"enabledManagers": ["poetry"],
//"poetry": {
// "fileMatch": ["(^|/)pyproject.toml$"],
// "enabled": true
//},
"lockFileMaintenance": {
"enabled": true
},
"osvVulnerabilityAlerts" : "true",
"onboarding": true,
"onboardingConfig": {
"extends": ["config:base"]
},
"branchPrefix": "feature/renovatebot-update/",
"separateMajorMinor": false,
"separateMinorPatch": false,
"labels": ["dependencies"],
"prConcurrentLimit": 5,
"prHourlyLimit": 5,
"schedule": ["at any time"],
"rangeStrategy": "bump",
"repositories": ["***/renovate-test-***"]
};
1 Answer
Reset to default 0In the renovate.json file, you can try like as below:
Use the
ignoreDepsoption to define a list of dependency names to be ignored by Renovate. This option can only accept exact dependency names, and cannot accept any glob patterns or regex patterns.Within a
packageRulesobject, use thematchPackageNames(ormatchDepNames) option, and"enabled"=true, to define a list of package (or dependency) names to be used.
See below example as reference:
{
. . .
"ignoreDeps" : [
// A list of exact dependency names to be ignored.
],
"packageRules": [
{
"matchUpdateTypes": ["major", "minor", "patch"],
"groupName": "all non-major and major updates"
},
{
"matchPackageNames": [
// A list of patterns or exact names to match the packages to be used.
"python-multipart",
"starlette",
"aiohttp",
"cryptography",
"langchain-community",
"setuptools"
],
"enabled": true
}
],
. . .
}