GitHub user ongdisheng added a comment to the discussion: Enable Dependabot?
Hi! I looked into this and found below is probably the reason why. Looking at yesterday's `Dependabot` scheduled run [logs](https://github.com/apache/fesod/actions/runs/19925662219/job/57124694135), `Dependabot` is checking POI correctly. The version used by fesod is 5.4.1 at that time while the latest available version is 5.5.1, which is a minor version update from 5.4 to 5.5. However, I believe the current [.github/dependabot.yml](https://github.com/apache/fesod/blob/945b54303d012386f687d100ed7e990d5346d0ab/.github/dependabot.yml#L29) configuration only allows patch updates and ignores minor and major version updates: ```yaml ignore: - dependency-name: "*" update-types: [ "version-update:semver-major", "version-update:semver-minor" ] ``` GitHub link: https://github.com/apache/fesod/discussions/728#discussioncomment-15173203 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
