search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

Dependabot is spamming pull requests on my repos #10638

Open ascopes opened 2 months ago

ascopes commented 2 months ago

Is there an existing issue for this?

Package ecosystem

maven

Package manager version

3.9.10

Language version

11

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

I have just received over a dozen PRs being raised and immediately closed on my repository. Seems the bot just reraises the same PR with each new project it affects, and then closes previous PRs, which is extremely spammy.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/ascopes/protobuf-maven-plugin/pull/389

https://github.com/ascopes/protobuf-maven-plugin/pull/388

https://github.com/ascopes/protobuf-maven-plugin/pull/387

https://github.com/ascopes/protobuf-maven-plugin/pull/374

https://github.com/ascopes/protobuf-maven-plugin/pull/375

https://github.com/ascopes/protobuf-maven-plugin/pull/376

https://github.com/ascopes/protobuf-maven-plugin/pull/377

https://github.com/ascopes/protobuf-maven-plugin/pull/378

https://github.com/ascopes/protobuf-maven-plugin/pull/379

https://github.com/ascopes/protobuf-maven-plugin/pull/380

https://github.com/ascopes/protobuf-maven-plugin/pull/381

https://github.com/ascopes/protobuf-maven-plugin/pull/382

https://github.com/ascopes/protobuf-maven-plugin/pull/383

https://github.com/ascopes/protobuf-maven-plugin/pull/384

https://github.com/ascopes/protobuf-maven-plugin/pull/385

https://github.com/ascopes/protobuf-maven-plugin/pull/386

https://github.com/ascopes/protobuf-maven-plugin/pull/387

IMG_20240919_183402 Screenshot_2024-09-19-18-33-05-47_45e686c594768066ad9911d54d96f72b

Smallest manifest that reproduces the issue

No response

ascopes commented 2 months ago

@jmax01 that issue does not appear to mention bulk opening and closing of MRs? Unless I am misunderstanding something here..? This appears to be part of their new bulk grouping mechanism for security updates.

jmax01 commented 2 months ago

@jmax01 that issue does not appear to mention bulk opening and closing of MRs? Unless I am misunderstanding something here..? This appears to be part of their new bulk grouping mechanism for security updates.

You are correct I was sloppy. It should have been a question.