Skip to content

Dependabot PRs unexpectedly labeled with 'Major' despite custom label config #13230

New issue
New issue
Open
#13573
Open
Dependabot PRs unexpectedly labeled with 'Major' despite custom label config#13230
#13573
Assignees
copilot-swe-agenta-schur
Labels
EpicL: github:actionsGitHub ActionsL: javascriptT: bug 🐞Something isn't working
@MariusStorhaug

Description

@MariusStorhaug
MariusStorhaug
opened on Oct 5, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

github-actions

Package manager version

n/a

Language version

n/a

Manifest location and content before the Dependabot update

n/a

dependabot.yml content

version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    labels:
      - dependencies
      - github-actions
    schedule:
      interval: weekly

Updated dependency

  • actions/checkout
  • actions/download-artifact

What you expected to see, versus what you actually saw

Dependabot PRs for major version bumps (e.g., actions/checkout from 4 to 5) are being opened with a Major label, even though only dependencies and github-actions are specified in the labels config. In my repository, I have pre-existing labels named Major, Minor, and Patch that i use for my own release logic, but I'm not expecting Dependabot to use them unless explicitly listed in labels:.

Expected behavior

Dependabot should only add the labels listed in the labels: array from the configuration file. Semantic version labels like Major, Minor, and Patch should not be added unless specified, regardless of whether labels with those names exist in the repository.

Docs aligning with the expectation:

Actual behavior

Dependabot PRs for major version updates are being opened with the Major label, which is not expected based on the documented behavior.

GitHub Copilot Chat:

https://github.com/copilot/c/7210a339-18dc-41e1-9a93-08b94a751443

Native package manager behavior

n/aw

Images of the diff or a link to the PR, issue, or logs

PSModule/Download-CIArtifact#5
PSModule/Download-CIArtifact#6

Image

Smallest manifest that reproduces the issue

  1. Have a repo with pre-existing label named Major.

    • Do not add labels for dependencies or github-actions.

  2. Have a workflow file:

    on: push
jobs:
  checkout:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

  3. PR this file for .github/dependabot.yml:

    version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly

Metadata

Metadata

Assignees

Labels

EpicL: github:actionsGitHub ActionsL: javascriptT: bug 🐞Something isn't working

Type

No type

Projects

Dependabot

Status

On Hold

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions