search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.67k stars 1.01k forks source link

Dependabot Update Error #10744

Open hitensam opened 1 week ago

hitensam commented 1 week ago

Is there an existing issue for this?

Package ecosystem

nuget

Package manager version

No response

Language version

net8.0

Manifest location and content before the Dependabot update

No response

dependabot.yml content

Updated dependency

No response

What you expected to see, versus what you actually saw

+--------------------------------------------------------------------------------------------------+ | Changes to Dependabot Pull Requests | +---------+----------------------------------------------------------------------------------------+ | created | Microsoft.Azure.Functions.Worker.Extensions.Timer ( from 4.1.0 to 4.3.1 ) | | created | Microsoft.Azure.Functions.Worker.Sdk ( from 1.17.0 to 1.18.0 ) | | created | Microsoft.Azure.Functions.Worker.Extensions.Http ( from 3.1.0 to 3.2.0 ) | | created | Azure.Storage.Blobs ( from 12.21.2 to 12.22.1 ) | | created | Microsoft.Azure.Functions.Worker.ApplicationInsights ( from 1.2.0 to 1.4.0 ) | | created | Microsoft.Azure.Functions.Worker ( from 1.21.0 to 1.23.0 ) | | created | Microsoft.Azure.Functions.Worker.Extensions.ServiceBus ( from 5.16.0 to 5.22.0 ) | | created | Microsoft.Azure.Functions.Worker.Extensions.Storage.Blobs ( from 6.3.0 to 6.6.0 ) | | created | ClosedXML ( from 0.102.3 to 0.104.1 ), DocumentFormat.OpenXml ( from 2.16.0 to 3.0.1 ) | +---------+----------------------------------------------------------------------------------------+ | Dependencies failed to update | +------------------------+---------------------+ | DocumentFormat.OpenXml | update_not_possible | +------------------------+---------------------+ Failure running container [container-id]

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

brettfo commented 1 week ago

Could you provide some more information about what you're expecting to see? Along with that, do you have a full log you could share?

hitensam commented 5 days ago

I was not expecting to see something like this:

image

I think there must be some dependencies among the modules.

Logs: 0_Dependabot.txt

baynezy commented 4 days ago

@hitensam are you using <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile> to create package.lock.json files?

hitensam commented 4 days ago

@baynezy Thanks for your response!!

<RestorePackagesWithLockFile>true</RestorePackagesWithLockFile> is no where specified in my .csproj.

brettfo commented 2 days ago

Thank you for attaching the log. Line 2904 reports the following:

Package [DocumentFormat.OpenXml] could not be updated in [/home/dependabot/dependabot-updater/repo/<Project-Name>/<Project-Name>/Utility/Utility.csproj] because it would cause a dependency conflict.

The issue is commonly with transitive dependencies and/or shared dependencies with other packages that would need to be updated in parallel. We've been experimenting with how to properly solve these, but there's still more progress to be made.

hitensam commented 2 days ago

@brettfo Thanks for your response!!