Limiting of Version Leaps

[lwbrown42]

While it's important for dependencies to get upgraded to the latest versions for a variety of reasons, it's very difficult to upgrade and comprehensively test upgrades on packages that are very behind.

Is it possible to configure Dependabot to limit the amount a package can be upgraded in a single PR? For example, if I'm on v1.2 of a package that has up to v6.0 available, can I set Dependabot to be limited to 1 major version per PR, leading to five PRs over time:

• 1.2 -> 2.*
• 2.* -> 3.*
• 3.* -> 4.*
• 4.* -> 5.*
• 5.* -> 6.0

This would allow for more comprehensive testing on each PR to make sure that no features are breaking as the package brought up to date.

[trajanovinicius]

A practical way to achieve this today is by controlling the version range directly in your manifest instead of relying on Dependabot to decide the jump size.

For example, if you're on 1.2 and want to upgrade only one major at a time, you can set a range like:

<3

This forces Dependabot to open a PR only up to the next major.
After testing and merging, you update the range again (e.g., <4, then <5, etc.) and Dependabot continues the controlled upgrade path.

It basically works as a “major-by-major rolling upgrade.”
Would definitely be useful to have this natively in Dependabot with something like a max-major-bump option.