Ignore settings not respected with Azure DevOps

[SeanFeldman]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

NuGet

Language version

C# .NET 6

Manifest location and content before the Dependabot update

The configuration file at .github/dependabot.yml

version: 2

updates:
- package-ecosystem: nuget
  target-branch: trunk
  directory: /
  versioning-strategy: auto
  schedule:
    interval: weekly
    day: sunday
  open-pull-requests-limit: 1000
  ignore:
    - dependency-name: 'Microsoft.Extensions.Http.Polly'
      versions: ['7.*']
      update-types: ['version-update:semver-major']
    - dependency-name: 'Microsoft.Extensions.Hosting.Abstractions'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Logging'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Caching.Abstractions'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Caching.StackExchangeRedis'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Caching.Memory'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Options.DataAnnotations'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Options'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Configuration.Binder'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Hosting'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.DependencyInjection'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Options.ConfigurationExtensions'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Logging.Abstractions'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.DependencyInjection.Abstractions'
      versions: ['7.*']
    - dependency-name: 'Microsoft.Extensions.Configuration.Abstractions'
      versions: ['7.*']

The pipeline

schedules:
  - cron: "0 4 * * 1"
    displayName: 'Weekly Run'
    always: true 
    branches:
      include:
        - master
    batch: true

trigger: none # Disable CI trigger

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: dependabot@1
    displayName: 'Run Dependabot'
    inputs:
      useConfigFile: true

The solution is targeting .NET 6 and I want to skip .NET (non-LTS) upgrade. I've tried dependency-name with versions, but the PRs are raised. Also tried update-types: ['version-update:semver-major'] with no avail. Here's the output for one of the packages that should have been ignored, according to this issue.

Checking if Microsoft.Extensions.Http.Polly 6.0.16 needs updating
🌍 --> GET https://azuresearch-usnc.nuget.org/query?q=microsoft.extensions.http.polly&prerelease=true&semVerLevel=2.0.0
🌍 <-- 200 https://azuresearch-usnc.nuget.org/query?q=microsoft.extensions.http.polly&prerelease=true&semVerLevel=2.0.0
Requirements to unlock own
Requirements update strategy auto
Updating Microsoft.Extensions.Http.Polly from 6.0.16 to 7.0.5
Submitting Microsoft.Extensions.Http.Polly pull request for creation.
🌍 --> GET https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/commits
🌍 <-- 200 https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/commits
🌍 --> GET https://api.nuget.org/v3-flatcontainer/microsoft.extensions.http.polly/7.0.5/microsoft.extensions.http.polly.nuspec
🌍 <-- 200 https://api.nuget.org/v3-flatcontainer/microsoft.extensions.http.polly/7.0.5/microsoft.extensions.http.polly.nuspec
E, [2023-05-29T22:51:23.219341 #1] ERROR -- : Error while generating commit message: GET https://api.github.com/repos/dotnet/aspnetcore/releases?per_page=100: 403 - API rate limit exceeded for 23.102.138.49. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) // See: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting
E, [2023-05-29T22:51:23.347040 #1] ERROR -- : Error while generating PR message: GET https://api.github.com/repos/dotnet/aspnetcore/releases?per_page=100: 403 - API rate limit exceeded for 23.102.138.49. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.) // See: https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting
🌍 --> GET https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/refs?filter=heads/dependabot/nuget/trunk/Microsoft.Extensions.Http.Polly-7.0.5
🌍 <-- 200 https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/refs?filter=heads/dependabot/nuget/trunk/Microsoft.Extensions.Http.Polly-7.0.5
🌍 --> POST https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/pushes?api-version=5.0
🌍 <-- 201 https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/pushes?api-version=5.0
🌍 --> POST https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/pullrequests?api-version=5.0
🌍 <-- 201 https://dev.azure.com/cudirect/Origence/_apis/git/repositories/CUDC.LoanAccount/pullrequests?api-version=5.0
Created pull request for Microsoft.Extensions.Http.Polly (#40333).

Note: I'm using centralized package management with Directory.Packages.config file.

[SeanFeldman]

@jakecoffman, was the issue triaged, or the label applied is based on the issue raised and yet to be triaged? Thank you.

[Bafff]

Hi, any news on this? @jakecoffman

@SeanFeldman were you able to find any workaround to this?

[jakecoffman]

It works for me: dsp-testing/nuget-ignores#1

How are you running it in Azure DevOps? We only provide support for running Dependabot on github.com but if you can show it's a bug in dependabot-core we're happy to fix it or accept a PR.

[SeanFeldman]

I'm not sure why it didn't work when I've added Dependabot ignore options.
I'll close this issue and will re-open it if it happens again. Thank you for looking into this.