Major version upgrade was merged for a repository configured for minor and patch upgrades
darora opened this issue · comments
Great product-been working flawlessy for us for a few months now. However, earlier today, a couple of major version bumps were merged even though our (private) repository is configured for minor and patch version auto-merges only. Any ideas what might've happened here?
Full configuration in use:
version = 1
[update]
autoupdate_label = "dependencies"
[approve]
auto_approve_usernames = ["dependabot"]
[merge.automerge_dependencies]
versions = ["minor", "patch"]
[merge]
automerge_label = "pr/automerge"
delete_branch_on_merge = true
method = "rebase"
notify_on_conflict = false
blacklist_title_regex = ".*(aws-sdk|sentry).*"
Example PR that was merged:
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Fri Mar 25 12:53:20 2022 +0000
Commit: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
CommitDate: Fri Mar 25 13:00:01 2022 +0000
chore(deps): bump serialize-error from 8.1.0 to 9.1.1 in [elided]
Bumps [serialize-error](https://github.com/sindresorhus/serialize-error) from 8.1.0 to 9.1.1.
- [Release notes](https://github.com/sindresorhus/serialize-error/releases)
- [Commits](https://github.com/sindresorhus/serialize-error/compare/v8.1.0...v9.1.1)
---
updated-dependencies:
- dependency-name: serialize-error
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Hey @darora, thanks for reporting this issue.
I did some testing and Kodiak and it seems like Kodiak considers that PR to be a major
version change.
from kodiak.dependencies import dep_version_from_title
dep_version_from_title('chore(deps): bump serialize-error from 8.1.0 to 9.1.1 in [elided]')
# 'major'
Is it possible someone added the automerge label?
I tried your configuration in a test repository, using my name instead of dependabot
and wasn't able to get Kodiak to merge the pull request.
Are you able to replicate the issue?
Ahh I think this is a misunderstanding on my part; I expected automerge_label and automerge_dependencies.versions to be conjunctive, rather than disjunctive. Thanks for the prompt response!