Dependabot version updates can now ignore major/minor/patch releases

Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to quiet noisy dependencies or easily avoid major version bumps across multiple dependencies.

You can ignore semver updates by modifying the ignore configuration option to ignore one or more update-types:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    ignore:
      # ignore all GitHub linguist patch updates
      - dependency-name: "github-linguist"
        update-types: ["version-update:semver-patch"]

Note: this feature only applies to version updates. If you have security updates enabled, you will still get pull requests updating you to the minimum patched version.

Learn more about Dependabot ignore conditions.

To see what's next for Dependabot, visit the public roadmap.