Dependabot Nuget with Lockfiles fails to update lockfiles in other dependent projects

[a-jackson]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

Nuget

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

Project b has an outdated reference: https://github.com/a-jackson/dependabot-lockfiles-transitive/blob/master/b/b.csproj Project a depends on b https://github.com/a-jackson/dependabot-lockfiles-transitive/blob/master/a/a.csproj

dependabot.yml content

https://github.com/a-jackson/dependabot-lockfiles-transitive/blob/master/.github/dependabot.yml

Updated dependency

No response

What you expected to see, versus what you actually saw

The PR that was generated, https://github.com/a-jackson/dependabot-lockfiles-transitive/pulls/1 has updated the lockfile in b, but a also needs an update as it references the package as a transitive dependency and therefore the build fails.

Native package manager behavior

a/packages.lock.json is also updated

Images of the diff or a link to the PR, issue, or logs

Logs: https://github.com/a-jackson/dependabot-lockfiles-transitive/actions/runs/11569295575/job/32202734864 PR: https://github.com/a-jackson/dependabot-lockfiles-transitive/pull/1

Smallest manifest that reproduces the issue

Minimal reproduction here https://github.com/a-jackson/dependabot-lockfiles-transitive

We're using central package management so I've included that as well but I'm not sure if that's necessary for this issue.

[vitor-baptista-vfx]

I've done a fork of @a-jackson repro repository without central package, and this same issue occurs: https://github.com/vitor-baptista-vfx/dependabot-lockfiles-transitive/pull/1