search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.74k stars 1.03k forks source link

Dependabot not updating the gradle dependencies #5260

Open abhiwatt opened 2 years ago

abhiwatt commented 2 years ago

I have an Android module called "dependencies" in my app. That's how the Gradle file looks like.

Screen Shot 2022-06-14 at 9 59 36 AM 
dependencies {
    implementation 'androidx.core:core-ktx:1.7.0'
    implementation 'androidx.appcompat:appcompat:1.4.1'
    implementation 'com.google.android.material:material:1.6.0'
    implementation 'com.google.android.exoplayer:exoplayer:2.17.0'
    testImplementation 'junit:junit:4.13.1'
    androidTestImplementation 'androidx.test.ext:junit:1.1.2'
}

and that's how my dependabot.yml looks like 

version: 2
updates:
# Updates for Gradle dependencies used in the app      
    - package-ecosystem: gradle
      directory: "/dependencies/"
      schedule:
        interval: "daily"
      open-pull-requests-limit: 10

All the dependencies above have a higher version available but somehow the dependabot, is only creating the pull request for testImplementation 'junit:junit:4.13.1' and not for any other dependency. What's wrong with my setup here.

dineshsmm commented 2 years ago

Having the same issue sharing some more logs for more clarity proxy | time="2022-08-31T15:40:21Z" level=info msg="proxy starting" commit=b031647dc5f52d8120800fc16337727989cb9be0 proxy | 2022/08/31 15:40:21 Listening (:1080) updater | 2022-08-31T15:40:21.290103728 [anonymous-instance:main:WARN:src/firecracker/src/main.rs:370] You are using a deprecated parameter: --seccomp-level 2, that will be removed in a future version. updater | 2022-08-31T15:40:21.319968120 [450146743:main:WARN:src/devices/src/legacy/serial.rs:432] Detached the serial input due to peer close/error. updater | time="2022-08-31T15:40:23Z" level=info msg="guest starting" commit=0931ecfa48adac108cb4bf710199a8678d658cd9 updater | time="2022-08-31T15:40:23Z" level=info msg="starting job..." fetcher_timeout=5m0s job_id=450146743 updater_timeout=45m0s updater_version=0.211.0-e840d98a92564b79bbc00560d45866cf26b509b8 updater | I, [2022-08-31T15:40:24.135339 #7] INFO -- sentry: ** [Raven] Raven 3.1.2 ready to catch errors updater | To use retry middleware with Faraday v2.0+, installfaraday-retrygem updater | INFO <job_450146743> Starting job processing proxy | 2022/08/31 15:40:26 [002] GET https://api.github.com:443/repos/dineshsmm/TestRepo proxy | 2022/08/31 15:40:26 [002] * authenticating github api request proxy | 2022/08/31 15:40:26 [002] 200 https://api.github.com:443/repos/dineshsmm/TestRepo proxy | 2022/08/31 15:40:26 [004] GET https://api.github.com:443/repos/dineshsmm/TestRepo/git/refs/heads/intial_code proxy | 2022/08/31 15:40:26 [004] * authenticating github api request proxy | 2022/08/31 15:40:26 [004] 200 https://api.github.com:443/repos/dineshsmm/TestRepo/git/refs/heads/intial_code proxy | 2022/08/31 15:40:26 [006] GET https://api.github.com:443/repos/dineshsmm/TestRepo/contents/?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [006] * authenticating github api request proxy | 2022/08/31 15:40:26 [006] 200 https://api.github.com:443/repos/dineshsmm/TestRepo/contents/?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [008] GET https://api.github.com:443/repos/dineshsmm/TestRepo/contents/build.gradle?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [008] * authenticating github api request proxy | 2022/08/31 15:40:26 [008] 200 https://api.github.com:443/repos/dineshsmm/TestRepo/contents/build.gradle?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [010] GET https://api.github.com:443/repos/dineshsmm/TestRepo/contents/settings.gradle?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [010] * authenticating github api request proxy | 2022/08/31 15:40:26 [010] 200 https://api.github.com:443/repos/dineshsmm/TestRepo/contents/settings.gradle?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [012] GET https://api.github.com:443/repos/dineshsmm/TestRepo/contents/app/build.gradle?ref=8687039dc175052a574136c255729694adb85b19 proxy | 2022/08/31 15:40:26 [012] * authenticating github api request proxy | 2022/08/31 15:40:26 [012] 200 https://api.github.com:443/repos/dineshsmm/TestRepo/contents/app/build.gradle?ref=8687039dc175052a574136c255729694adb85b19 updater | INFO <job_450146743> Finished job processing updater | time="2022-08-31T15:40:26Z" level=info msg="task complete" container_id=job-450146743-file-fetcher exit_code=0 job_id=450146743 step=fetcher updater | I, [2022-08-31T15:40:27.646007 #8] INFO -- sentry: ** [Raven] Raven 3.1.2 ready to catch errors updater | To use retry middleware with Faraday v2.0+, installfaraday-retrygem updater | INFO <job_450146743> Starting job processing updater | INFO <job_450146743> Starting update job for dineshsmm/TestRepo updater | INFO <job_450146743> Checking if androidx.test.ext:junit 1.1.3 needs updating proxy | 2022/08/31 15:40:29 [016] GET https://repo.maven.apache.org:443/maven2/androidx/test/ext/junit/maven-metadata.xml proxy | 2022/08/31 15:40:29 [016] 404 https://repo.maven.apache.org:443/maven2/androidx/test/ext/junit/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for androidx.test.ext:junit 1.1.3 updater | INFO <job_450146743> Checking if androidx.appcompat:appcompat 1.4.0 needs updating proxy | 2022/08/31 15:40:29 [018] GET https://repo.maven.apache.org:443/maven2/androidx/appcompat/appcompat/maven-metadata.xml proxy | 2022/08/31 15:40:29 [018] 404 https://repo.maven.apache.org:443/maven2/androidx/appcompat/appcompat/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for androidx.appcompat:appcompat 1.4.0 updater | INFO <job_450146743> Checking if androidx.core:core-ktx 1.7.0 needs updating proxy | 2022/08/31 15:40:29 [020] GET https://repo.maven.apache.org:443/maven2/androidx/core/core-ktx/maven-metadata.xml proxy | 2022/08/31 15:40:29 [020] 404 https://repo.maven.apache.org:443/maven2/androidx/core/core-ktx/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for androidx.core:core-ktx 1.7.0 updater | INFO <job_450146743> Checking if androidx.test.espresso:espresso-core 3.4.0 needs updating proxy | 2022/08/31 15:40:30 [022] GET https://repo.maven.apache.org:443/maven2/androidx/test/espresso/espresso-core/maven-metadata.xml proxy | 2022/08/31 15:40:30 [022] 404 https://repo.maven.apache.org:443/maven2/androidx/test/espresso/espresso-core/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for androidx.test.espresso:espresso-core 3.4.0 updater | INFO <job_450146743> Checking if com.android.library 7.2.1 needs updating proxy | 2022/08/31 15:40:30 [024] GET https://plugins.gradle.org:443/m2/com/android/library/com.android.library.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [024] 303 https://plugins.gradle.org:443/m2/com/android/library/com.android.library.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [026] GET https://repo.gradle.org:443/artifactory/jcenter/com/android/library/com.android.library.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [026] 404 https://repo.gradle.org:443/artifactory/jcenter/com/android/library/com.android.library.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [028] GET https://repo.maven.apache.org:443/maven2/com/android/library/com.android.library.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [028] 404 https://repo.maven.apache.org:443/maven2/com/android/library/com.android.library.gradle.plugin/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for com.android.library 7.2.1 updater | INFO <job_450146743> Checking if junit:junit 4.13.2 needs updating proxy | 2022/08/31 15:40:30 [030] GET https://repo.maven.apache.org:443/maven2/junit/junit/maven-metadata.xml proxy | 2022/08/31 15:40:30 [030] 200 https://repo.maven.apache.org:443/maven2/junit/junit/maven-metadata.xml updater | INFO <job_450146743> Latest version is 4.13.2 updater | INFO <job_450146743> No update needed for junit:junit 4.13.2 updater | INFO <job_450146743> Checking if org.jetbrains.kotlin.android 1.6.10 needs updating proxy | 2022/08/31 15:40:30 [032] GET https://plugins.gradle.org:443/m2/org/jetbrains/kotlin/android/org.jetbrains.kotlin.android.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [032] 200 https://plugins.gradle.org:443/m2/org/jetbrains/kotlin/android/org.jetbrains.kotlin.android.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [034] GET https://repo.maven.apache.org:443/maven2/org/jetbrains/kotlin/android/org.jetbrains.kotlin.android.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:30 [034] 200 https://repo.maven.apache.org:443/maven2/org/jetbrains/kotlin/android/org.jetbrains.kotlin.android.gradle.plugin/maven-metadata.xml updater | INFO <job_450146743> Latest version is 1.7.10 updater | INFO <job_450146743> Pull request already exists for org.jetbrains.kotlin.android with latest version 1.7.10 updater | INFO <job_450146743> Checking if com.google.android.material:material 1.5.1 needs updating proxy | 2022/08/31 15:40:31 [036] GET https://repo.maven.apache.org:443/maven2/com/google/android/material/material/maven-metadata.xml proxy | 2022/08/31 15:40:31 [036] 404 https://repo.maven.apache.org:443/maven2/com/google/android/material/material/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for com.google.android.material:material 1.5.1 updater | INFO <job_450146743> Checking if com.android.application 7.2.1 needs updating proxy | 2022/08/31 15:40:31 [038] GET https://plugins.gradle.org:443/m2/com/android/application/com.android.application.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:31 [038] 303 https://plugins.gradle.org:443/m2/com/android/application/com.android.application.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:31 [040] GET https://repo.gradle.org:443/artifactory/jcenter/com/android/application/com.android.application.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:31 [040] 404 https://repo.gradle.org:443/artifactory/jcenter/com/android/application/com.android.application.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:31 [042] GET https://repo.maven.apache.org:443/maven2/com/android/application/com.android.application.gradle.plugin/maven-metadata.xml proxy | 2022/08/31 15:40:31 [042] 404 https://repo.maven.apache.org:443/maven2/com/android/application/com.android.application.gradle.plugin/maven-metadata.xml updater | INFO <job_450146743> Latest version is updater | INFO <job_450146743> Requirements to unlock update_not_possible updater | INFO <job_450146743> Requirements update strategy updater | INFO <job_450146743> No update possible for com.android.application 7.2.1 updater | INFO <job_450146743> Finished job processing updater | time="2022-08-31T15:40:31Z" level=info msg="task complete" container_id=job-450146743-updater exit_code=0 job_id=450146743 step=updater

alvindizon commented 2 years ago

I have encountered this as well. Inspecting the update logs, I've noticed several 404s when dependabot is checking for Android dependency updates. My settings.gradle looks like this:

pluginManagement {
    repositories {
        gradlePluginPortal()
        google()
        mavenCentral()
    }
}
dependencyResolutionManagement {
    repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
    repositories {
        google()
        mavenCentral()
        maven {
            url "https://androidx.dev/storage/compose-compiler/repository/"
        }
        maven {
            url "https://dl.google.com/dl/android/maven2"
        }
    }
}
alvindizon commented 2 years ago

Also, this issue seems to be similar--dependabot is ignoring settings.gradle. This is a big issue for Android projects that use dependabot, I'm not sure why this hasn't been solved. Maybe time to move to renovatebot?

abdulapopoola commented 9 months ago

I just deployed @eikes' PR ; can you verify if this is now fixed please?