Fix allow update-types filtering for individual dependency updates#14598
Fix allow update-types filtering for individual dependency updates#14598
Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes allow.update-types filtering for individual (non-grouped) dependency updates by moving semver filtering out of Job#allowed_update? (which runs pre-resolution without previous_version) and into Job#ignore_conditions_for, reusing the existing “ignore by version range” mechanism.
Changes:
- Removes the (pre-resolution)
update-typesgate fromJob#allowed_update?and derives semver filtering via implicit ignore ranges inignore_conditions_for. - Adds semver label/constants + mapping in
Updater::UpdateTypeHelperas a shared source of truth. - Adds/update specs and fixtures to assert the correct
ignored_versionsare passed into update checkers for allow update-types scenarios.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
updater/lib/dependabot/job.rb |
Moves allow update-types enforcement into ignore_conditions_for by generating implicit ignore version ranges. |
updater/lib/dependabot/updater/update_type_helper.rb |
Adds semver constants and a mapping to config update-type strings. |
updater/spec/dependabot/job_spec.rb |
Updates allowed_update? expectations and adds focused ignore_conditions_for coverage for allow-derived ranges. |
updater/spec/dependabot/updater/operations/update_all_versions_spec.rb |
Verifies UpdateChecker receives the expected ignored_versions when allow update-types are present. |
updater/spec/fixtures/job_definitions/bundler/version_updates/allow_update_types_patch_only.yaml |
New job definition fixture to exercise patch-only allow update-types. |
updater/spec/fixtures/job_definitions/bundler/version_updates/allow_update_types_minor_and_patch.yaml |
New job definition fixture to exercise minor+patch allow update-types. |
updater/spec/fixtures/bundler_allow_update_types/original/Gemfile |
Adds a minimal bundler fixture project for allow update-types scenarios. |
updater/spec/fixtures/bundler_allow_update_types/original/Gemfile.lock |
Adds the corresponding lockfile fixture. |
| config_type = "version-update:semver-#{dep_update_type}" if dep_update_type | ||
| normalized_types = allowed_update_types.filter_map { |t| t.is_a?(String) ? t.downcase.strip : nil } | ||
| next false if config_type && !normalized_types.include?(config_type) | ||
| end |
There was a problem hiding this comment.
Review Tip: For allow update types we need previous and current versions to ignore updates that are not allowed for the dependency name or dependency-type. We can only apply this in post resolution to see if update is necessary or not. It is different then ignore conditions where we are adding range versions conditions and using this to filter out the other versions.
There was a problem hiding this comment.
We moved the allow update-types check here https://github.com/dependabot/dependabot-core/pull/14598/changes#diff-34dc1223111daeab5d87bd29022531c9516f20494e99e1363ef537f6de549595R447
| end | ||
|
|
||
| it { is_expected.to be(true) } | ||
| end |
There was a problem hiding this comment.
Review tip: All tests are moved in the new section, ignore_conditions_for
| "update-types" => ["version-update:semver-minor"] | ||
| } | ||
| ] | ||
| end |
There was a problem hiding this comment.
Review tip: All tests are moved in the new section, ignore_conditions_for
| "dependency-name" => "business" | ||
| } | ||
| ] | ||
| end |
There was a problem hiding this comment.
Review tip: All tests are moved in the new section, ignore_conditions_for
kbukum1
force-pushed
the
kbukum1/fix-allow-update-types-filtering
branch
from
aed17bc to
68be912
Compare
What are you trying to accomplish?
Fixes #12668
Follow-up to #12925. The
update-typescheck inallowed_update?runs pre-resolution whenprevious_versionis nil, so the filter is silently skipped for individual updates.This moves
update-typesfiltering toignore_conditions_for, converting allowed types into inverse ignore version ranges — the same mechanismignoreupdate-types already uses, which only needs the current version.Related: #12925, API #8052, CLI #605
Anything you want to highlight for special attention from reviewers?
allowed_update?is a dependency-level gate (name, type) that runs pre-resolution. Version-level filtering belongs inignore_conditions_forwhich only needs the current installed version to compute ranges.Test repo: https://github.com/dsp-testing/dependabot-allow-update-types
How will you know you have accomplished your goal?
update-typesfiltersChecklist