Open blimmer opened 1 month ago
We are seeing the same issue with dependencies of the same kind.
This is our Dependabot config:
version: 2
updates:
- package-ecosystem: npm
directories:
- "/"
labels: [ ]
schedule:
interval: daily
versioning-strategy: increase
ignore:
- dependency-name: "@middy/core"
update-types: [ "version-update:semver-major" ]
groups:
aws-sdk-v3:
patterns:
- "@aws-sdk/*"
- "@smithy/*"
- "aws-sdk-client-mock"
- "aws-sdk-client-mock-jest"
aws-cdk:
patterns:
- "@aws-cdk/cli-lib-alpha"
- "aws-cdk-lib"
- "aws-cdk"
typedoc:
patterns:
- "typedoc"
- "typedoc-plugin-*"
Which doesn't pick up the pre-release packages. Here are the Dependabot logs
In all cases the @aws-cdk/cli-lib-alpha
package is always left behind.
I am not familiar with the codebase at all, but looking at the tests, there seems to be one that says that this should not be happening and that tests pre-release updates explicitly: https://github.com/dependabot/dependabot-core/blob/ddb9722dd9ed00daf54b5115ccfe033c6bb910b7/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/requirements_updater_spec.rb#L320-L342
Is there an existing issue for this?
Package ecosystem
Yarn
Package manager version
yarn 4.4.0
Language version
No response
Manifest location and content before the Dependabot update
https://github.com/blimmer/dependabot-bug-report/blob/main/package.json
https://github.com/blimmer/dependabot-bug-report/blob/main/yarn.lock
dependabot.yml content
https://github.com/blimmer/dependabot-bug-report/blob/main/.github/dependabot.yml
Updated dependency
This should update the following:
aws-cdk from 2.149.0 -> 2.152.0 aws-cdk-lib from 2.149.0 -> 2.152.0 @aws-cdk/aws-scheduler-alpha from 2.149.0-alpha.0 -> 2.152.0-alpha.0 @aws-cdk/aws-scheduler-targets-alpha from 2.149.0-alpha.0 -> 2.152.0-alpha.0
What you expected to see, versus what you actually saw
Dependabot successfully figures out the
aws-cdk
andaws-cdk-lib
updates, but not the alpha packages.GitHub actions run: https://github.com/blimmer/dependabot-bug-report/actions/runs/10427035923/job/28881042089
Log archive: 3_Run Dependabot.txt
Relevant part of logs:
Native package manager behavior
yarn upgrade-interactive
allows the upgrade.Images of the diff or a link to the PR, issue, or logs
See above.
Smallest manifest that reproduces the issue
I have a simple repro repository here: https://github.com/blimmer/dependabot-bug-report