search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.72k stars 1.02k forks source link

Python versioning-strategy of `increase` does not raise lower version in range #6519

Closed edmorley closed 1 year ago

edmorley commented 1 year ago

Is there an existing issue for this?

Package ecosystem

pip

Package manager version

pip 22.3.1

Language version

Python 3.11

Manifest location and content before the Dependabot update

/tmpl/python/requirements.txt

salesforce-functions>=0.1.0,<1.0.0

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/tmpl/python"
    schedule:
      interval: "monthly"
    versioning-strategy: increase

Updated dependency

No response

What you expected to see, versus what you actually saw

The latest version of the salesforce-functions package currently published to PyPI is 0.3.0.

Therefore, with versioning-strategy: increase I expected Dependabot to update requirements.txt from:

salesforce-functions>=0.1.0,<1.0.0

To:

salesforce-functions>=0.3.0,<1.0.0

ie: To increase the lower bound, per the requested versioning strategy. (Given there is the alternate strategy of increase-if-needed, then the whole point of increase is to increase even if the new version is in-range, surely?)

However, Dependabot reports no update possible:

updater | INFO <job_588818757> Checking if salesforce-functions  needs updating
  proxy | 2023/01/25 12:16:42 [014] GET https://pypi.org:443/simple/salesforce-functions/
  proxy | 2023/01/25 12:16:42 [014] 200 https://pypi.org:443/simple/salesforce-functions/
updater | INFO <job_588818757> Latest version is 0.3.0
  proxy | 2023/01/25 12:16:42 [016] GET https://pypi.org:443/simple/salesforce-functions/
  proxy | 2023/01/25 12:16:42 [016] 200 https://pypi.org:443/simple/salesforce-functions/
updater | INFO <job_588818757> Requirements to unlock update_not_possible
updater | INFO <job_588818757> Requirements update strategy bump_versions
updater | INFO <job_588818757> No update possible for salesforce-functions

(https://github.com/heroku/sf-functions-core/network/updates/588818757)

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

deivid-rodriguez commented 1 year ago

Your reasoning makes sense to me, and the current behavior "no update possible" makes little sense. Feel free to investigate what's going on here, using the dry-run script, or the dependabot CLI this should be easy to reproduce locally.

deivid-rodriguez commented 1 year ago

@edmorley We have recently gained more understanding of the current situation with respect to versioning strategies in Python, and I ended up opening a slightly broader issue about this problem. Let's unify the resolution of this problem at #6631. Please subscribe to that ticket, and of course, feel free to investigate :)