For manifest updates (package.json, composer.json, requirements.txt, etc.), “filters” allow you to specify exactly which updates you want, and for which dependencies. This gives you the ability to restrict some dependencies to only patches and bug fixes, while still taking advantage of major feature releases for other dependencies.
filters field under
manifest_updates to decide which updates you
version: 2 dependencies: - type: js manifest_updates: filters: # any packages with "react" in the name will only get minor and patch updates - name: '.*react.*' versions: L.Y.Y # everything else will get major, minor, and patch updates - name: ".*" versions: Y.Y.Y
For each dependency with available updates, we go through the
order, choosing the first that matches the
name regular expression.
You can also use filters to completely disable updates for certain dependencies
by using the
version: 2 dependencies: - type: js manifest_updates: filters: # completely disable react updates - name: '.*react.*' enabled: false # everything else will get major, minor, and patch updates - name: ".*" versions: Y.Y.Y
Non-semver compliant versions can use
versions_regex instead of
filtering. Read on for more details.
With a custom version-filtering syntax, you can flexibly decide exactly which versions you want to be acted on.
For SemVer compliant versioning, you can use our semver filtering, and for anything else you can use regular expressions.
L (version lock) syntax allows you to filter versions based on what you
currently have installed. This makes it easy to get all patches to your
installed version of every dependency (e.g.
L.L.Y), whereas with most semver
syntaxes you’d have to manually enter the major and minor range for each
In some semver libraries (ex.
node-semver), everything after a
wildcard range will match. This makes it impossible to get all minor updates
without also getting their patches. Our
Y (yes) syntax defaults to
everything after it. So to get minor updates without also getting patches, just
L.Y.0. Combine that with OR and you can now get notified about new minor
updates to your version, as well as patches to your minor version:
Lock this “slot” (major/minor/patch/prerelease) to what you have installed. Lets you quickly filter down to updates to your installed version.
Anything in this “slot” (major/minor/patch/prerelease) will match. Slots after it
Not everything follows semantic versioning. If that’s the case, you can still
filter the versions that you want by using regular expressions. Just use the
versions_regex field instead of
versions in your dependencies.yml.
versions: "L.Y" # or versions: "L.Y.0"
versions: "L.Y.0 || L.L.Y"
versions: "Y" # which is the same as versions: "Y.0.0"