docs-bot
@@ -366,6 +366,15 @@ You can also manage pull requests for grouped version updates using comment comm
|
||||
|
||||
Dependencies can be ignored either by adding them to `ignore` or by using the `@dependabot ignore` command on a pull request opened by {% data variables.product.prodname_dependabot %}.
|
||||
|
||||
{% warning %}
|
||||
|
||||
**Warning**:
|
||||
- We recommend you do _not_ use `ignore` to prevent {% data variables.product.prodname_dependabot %} from accessing private registries. This may work for some ecosystems but we have no means of knowing whether package managers require access to all dependencies to be able to successfully perform updates, which makes this method unreliable. The supported way to handle private dependencies is to give {% data variables.product.prodname_dependabot %} access to private registries or private repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot)."
|
||||
|
||||
- For {% data variables.product.prodname_actions %} and Docker, you may use `ignore` to prevent {% data variables.product.prodname_dependabot %} from accessing private registries.
|
||||
|
||||
{% endwarning %}
|
||||
|
||||
#### Creating `ignore` conditions from `@dependabot ignore`
|
||||
|
||||
Dependencies ignored by using the `@dependabot ignore` command are stored centrally for each package manager. If you start ignoring dependencies in the `dependabot.yml` file, these existing preferences are considered alongside the `ignore` dependencies in the configuration.
|
||||
|
||||
Reference in New Issue
Block a user