Allow filtering/rejecting specific version (range) of dependency

[remypar5]

• I have searched for similar issues

---

Feature Request

When rejecting (or filtering), I would like to be able to specify a version (or range) of the package. E.g. reject updating a to eslint-config-prettier@9.1.1 which is known to contain malicious code. Or @mui/*@>=5.0.0 because my framework (Backstage) doesn't 5 and higher. The reasons don't really matter for this request.

With the current API this is possible by passing a function to reject but it would help us so much if it were to be handled by ncu itself.

.ncurc:

module.exports = {
  reject: [
    '@backstage/*', // managed in a different process
    'eslint-config-prettier@9.1.1', // Malicious
    '@mui/*@>=5.0.0', // Major version not supported by framework
  ],
}

[raineorshine]

Hi, thanks for the suggestion.

I can see how this would be useful, but since the functionality can be met with a custom reject function, it's not a high priority.

Open to a PR though. Thanks.

[remypar5]

[...] the functionality can be met with a custom reject function [...]

To be precise, it can only be met with a custom filterResults function as it runs after new versions are fetched. I guess there's no way around it. We need to fetch these versions before being able filter based on the version.

I'll see if I can find some time to create a PR for this.

[raineorshine]

Yes, you're right filterResults!