jeffwidman
commented
1 year ago If it's something you'd like to see fixed and willing to submit a PR, I'm happy to give you pointers on how to debug further to pinpoint what code needs to change within dependabot-core.
However, I doubt the core team will spend much time on this as the python ecosystem seems to be moving away from setup.py in favor of pyproject.toml.
TL:DR; Dependabot seems ignore the setup.py file and not updating dependencies in setup.py Package ecosystem pip Package manager version the latest pip Language version python 3.8 Manifest location and content prior to update setup.py is located at the root repo, see https://github.com/aws/aws-elastic-beanstalk-cli/blob/master/setup.py dependabot.yml content https://github.com/aws/aws-elastic-beanstalk-cli/blob/master/.github/dependabot.yml Updated dependency the botocore version in setup.py is botocore<1.24.0 which have a newer version 1.24.11 What you expected to see, versus what you actually saw I am expected to see it creates a PR that bump to 1.24.11 What actually see is that no PR created and it seems dependabot not examing setup.py file see https://github.com/aws/aws-elastic-beanstalk-cli/network/updates/308838348
Native package manager behavior Not applicable, what output do you see when you update the dependency using the native package manager (e.g., bundler, npm, Images of the diff or a link to the PR, issue or logs No PR, but logs here https://github.com/aws/aws-elastic-beanstalk-cli/network/updates/308838348 🕹 Bonus points: Smallest manifest that reproduces the issue
Any setup.py file should reproduce the issue