search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.53k stars 945 forks source link

Dependabot timed out during its update #10083

Open huehnerlady opened 1 week ago

huehnerlady commented 1 week ago

Is there an existing issue for this?

Package ecosystem

npm

Package manager version

npm

Language version

Nodejs 20.14

Manifest location and content before the Dependabot update

/package.json package.json

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    groups:
      angular: # group angular dependencies together
        patterns:
          - "@angular*"
      all: # group all minor/patch updates
        patterns:
          - "*"
        update-types:
          - minor
          - patch

Updated dependency

No response

What you expected to see, versus what you actually saw

I expect dependabot to run through

What I get is an error saying Dependabot timed out during its update

Native package manager behavior

➜  app git:(main) ✗ npm outdated
Package                           Current   Wanted   Latest  Location                                       Depended by
@ngneat/spectator                  18.0.2   18.0.2   19.0.0  node_modules/@ngneat/spectator                 app
@types/node                       20.14.6  20.14.9  20.14.9  node_modules/@types/node                       app
@typescript-eslint/eslint-plugin   7.13.1   7.13.1   7.14.1  node_modules/@typescript-eslint/eslint-plugin  app
@typescript-eslint/parser          7.13.1   7.13.1   7.14.1  node_modules/@typescript-eslint/parser         app
eslint                             8.57.0   8.57.0    9.5.0  node_modules/eslint                            app
typescript                          5.4.5    5.4.5    5.5.2  node_modules/typescript                        app

Images of the diff or a link to the PR, issue, or logs

dependabot.log

Smallest manifest that reproduces the issue

No response

huehnerlady commented 1 week ago

I found the same issue with other ecosystems: https://github.com/dependabot/dependabot-core/issues/4634 https://github.com/dependabot/dependabot-core/issues/2416

vincentbernat commented 1 week ago

Got the same issue. I have ignored eslint to workaround it.

huehnerlady commented 1 week ago

We somehow seem to have fixed that issue now by running dependabot on GitHub Actions runners 🤔