Dependabot version updates now have the ability to ignore major, minor, or patch updates for a specific dependency or set of dependencies. For instance, you can use this feature to quiet noisy dependencies or easily avoid major version bumps across multiple dependencies.
You can ignore semver updates by modifying the
ignore configuration option to ignore one or more
version: 2 updates: - package-ecosystem: "npm" directory: "/" schedule: interval: "daily" ignore: # ignore all GitHub linguist patch updates - dependency-name: "github-linguist" update-types: ["version-update:semver-patch"]
Note: this feature only applies to version updates. If you have security updates enabled, you will still get pull requests updating you to the minimum patched version.