dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.75k stars 1.03k forks source link

Floating version notation is causing the build to break #10837

Open ts-indikaf opened 1 month ago

ts-indikaf commented 1 month ago

Is there an existing issue for this?

Package ecosystem

Nuget

Package manager version

No response

Language version

.NET 8.0

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "nuget" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"

Updated dependency

No response

What you expected to see, versus what you actually saw

I am using the Floating version notation as described here

<PackageReference Include="Cake.Powershell" Version="3.0.*" />

However, Dependabot failed to build, returning the error:

error : '[3.0.*]' is not a valid version string.

As a result, no bump PR was created."

Expected results:

The build should succeed in all the following scenarios, with the added condition that if version="x.y.*", Dependabot should not create PRs for patch versions. However, it should create PRs if higher minor or major versions are available. It would be ideal if Dependabot behaved as described here.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

~ starting update ~
Fetching job details
Pulling updater images
Starting update process
Created proxy container: cccfb45a[9](https://github.com/ts-indikaf/third-party-package-doctor/runs/31970649925?check_suite_focus=true#step:3:10)2e8d22f622f92c2cff30dfd77ae26ab5d5edbd096bf902009777e59
Created container: 8f507f3611cd4cc50da58957016d946[10](https://github.com/ts-indikaf/third-party-package-doctor/runs/31970649925?check_suite_focus=true#step:3:11)d8b89b5568f4b02506fd81d454b1f33
  proxy | 2024/10/23 19:45:39 proxy starting, commit: 4ff727a3a0f3cf493d1700d4ceec3c6f880b430e
  proxy | 2024/10/23 19:45:39 Listening (:1080)
updater | Updating certificates in /etc/ssl/certs...
updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
updater | 1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
updater | done.
updater | NuGet native updater experiment value: null
updater | 2024/10/23 19:45:43 INFO <job_905649685> Starting job processing
updater | 2024/10/23 19:45:43 INFO <job_905649685> Job definition: {"job":{"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"commit-message-options":{"prefix":null,"prefix-development":null,"include-scope":null},"credentials-metadata":[{"type":"git_source","host":"github.com"}],"debug":null,"dependencies":null,"dependency-groups":[],"dependency-group-to-refresh":null,"existing-pull-requests":[[{"dependency-name":"Cake.Powershell","dependency-version":"4.0.0","directory":"/"}]],"existing-group-pull-requests":[],"experiments":{"record-ecosystem-versions":true,"record-update-job-unknown-error":true,"proxy-cached":true,"move-job-token":true,"dependency-change-validation":true,"composer-v1-deprecation-warning":true,"python-new-version":true,"lead-security-dependency":true},"ignore-conditions":[],"lockfile-only":false,"max-updater-run-time":2700,"package-manager":"nuget","proxy-log-response-body-on-auth-failure":true,"requirements-update-strategy":null,"reject-external-code":false,"security-advisories":[],"security-updates-only":false,"source":{"provider":"github","repo":"ts-indikaf/third-party-package-doctor","branch":null,"directory":"/.","api-endpoint":"https://api.github.com/","hostname":"github.com"},"updating-a-pull-request":false,"update-subdependencies":false,"vendor-dependencies":false,"repo-private":true}}
  proxy | 2024/10/23 19:45:43 [002] GET https://github.com:443/ts-indikaf/third-party-package-doctor/info/refs?service=git-upload-pack
  proxy | 2024/10/23 19:45:43 [002] * authenticating git server request (host: github.com)
  proxy | 2024/10/23 19:45:44 [002] 200 https://github.com:443/ts-indikaf/third-party-package-doctor/info/refs?service=git-upload-pack
  proxy | 2024/10/23 19:45:44 [004] POST https://github.com:443/ts-indikaf/third-party-package-doctor/git-upload-pack
  proxy | 2024/10/23 19:45:44 [004] * authenticating git server request (host: github.com)
  proxy | 2024/10/23 19:45:44 [004] 200 https://github.com:443/ts-indikaf/third-party-package-doctor/git-upload-pack
  proxy | 2024/10/23 19:45:44 [006] POST https://github.com:443/ts-indikaf/third-party-package-doctor/git-upload-pack
2024/10/23 19:45:44 [006] * authenticating git server request (host: github.com)
  proxy | 2024/10/23 19:45:44 [006] 200 https://github.com:443/ts-indikaf/third-party-package-doctor/git-upload-pack
updater | 2024/10/23 19:45:44 INFO <job_905649685> Base commit SHA: e852df1c5263b77f6de19bb553c2370d64af3d12
updater | 2024/10/23 19:45:44 INFO <job_905649685> Finished job processing
updater | NuGet native updater experiment value: null
updater | 2024/10/23 19:45:47 INFO <job_905649685> Starting job processing
updater | running NuGet discovery:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli discover --repo-root /home/dependabot/dependabot-updater/repo --workspace / --output /tmp/.dependabot/discovery.1.json
updater | Discovering build files in workspace [/home/dependabot/dependabot-updater/repo].
  No dotnet-tools.json file found.
  No global.json file found.
  Discovering projects beneath [.].
  No packages.config file found.
dotnet build in GetAllPackageDependenciesAsync failed. STDOUT:   Determining projects to restore...
/usr/local/dotnet/current/sdk/9.0.100-rc.1.24452.12/NuGet.targets(180,5): error : '[3.0.*]' is not a valid version string. [/tmp/package-dependency-resolution_N7DlhG/Project.csproj]

Build FAILED.

/usr/local/dotnet/current/sdk/9.0.100-rc.1.24452.12/NuGet.targets(180,5): error : '[3.0.*]' is not a valid version string. [/tmp/package-dependency-resolution_N7DlhG/Project.csproj]
    0 Warning(s)
    1 Error(s)

Time Elapsed 00:00:00.50

 STDERR: 

  Central Package Management is not enabled.
Discovery complete.
updater | 2024/10/23 19:45:48 INFO <job_905649685> Discovery JSON content: {
  "Path": "",
  "IsSuccess": true,
  "Projects": [
    {
      "FilePath": "PackageDoctor.csproj",
      "Dependencies": [
        {
          "Name": "Cake.Powershell",
          "Version": "3.0.*",
          "Type": "PackageReference",
          "EvaluationResult": {
            "ResultType": "Success",
            "OriginalValue": "3.0.*",
            "EvaluatedValue": "3.0.*",
            "RootPropertyName": null,
            "ErrorMessage": null
          },
          "TargetFrameworks": [
            "net8.0"
          ],
          "IsDevDependency": false,
          "IsDirect": true,
          "IsTransitive": false,
          "IsOverride": false,
          "IsUpdate": false,
          "InfoUrl": null
        },
        {
          "Name": "Microsoft.NET.Sdk",
          "Version": null,
          "Type": "MSBuildSdk",
          "EvaluationResult": null,
          "TargetFrameworks": null,
          "IsDevDependency": false,
          "IsDirect": false,
          "IsTransitive": false,
          "IsOverride": false,
          "IsUpdate": false,
          "InfoUrl": null
        }
      ],
      "IsSuccess": true,
      "Properties": [
        {
          "Name": "ImplicitUsings",
          "Value": "enable",
          "SourceFilePath": "PackageDoctor.csproj"
        },
        {
          "Name": "Nullable",
          "Value": "enable",
          "SourceFilePath": "PackageDoctor.csproj"
        },
        {
          "Name": "OutputType",
          "Value": "Exe",
          "SourceFilePath": "PackageDoctor.csproj"
        },
        {
          "Name": "TargetFramework",
          "Value": "net8.0",
          "SourceFilePath": "PackageDoctor.csproj"
        }
      ],
      "TargetFrameworks": [
        "net8.0"
      ],
      "ReferencedProjectPaths": []
    }
  ],
  "DirectoryPackagesProps": null,
  "GlobalJson": null,
  "DotNetToolsJson": null,
  "ErrorType": null,
  "ErrorDetails": null
}
  proxy | 2024/10/23 19:45:48 [008] POST /update_jobs/905649685/update_dependency_list
  proxy | 2024/10/23 19:45:48 [008] 204 /update_jobs/905649685/update_dependency_list
  proxy | 2024/10/23 19:45:48 [010] POST /update_jobs/905649685/increment_metric
  proxy | 2024/10/23 19:45:48 [010] 204 /update_jobs/905649685/increment_metric
  proxy | 2024/10/23 19:45:49 [012] PATCH /update_jobs/905649685/mark_as_processed
  proxy | 2024/10/23 19:45:49 [012] 204 /update_jobs/905649685/mark_as_processed
updater | 2024/10/23 19:45:49 INFO <job_905649685> Finished job processing
Cleaned up container 8f507f3611cd4cc50da589570[16](https://github.com/ts-indikaf/third-party-package-doctor/runs/31970649925?check_suite_focus=true#step:3:18)d94610d8b89b5568f4b02506fd81d454b1f33
  proxy | 2024/10/23 19:45:49 0/6 calls cached (0%)
  proxy | 2024/10/23 19:45:49 Posting metrics to remote API endpoint
🤖 ~ finished ~

Smallest manifest that reproduces the issue

No response

brettfo commented 1 month ago

This appears to be the same underlying issue as #9442.