Wrong dependency get its version increased

[foitco]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

Gradle

Package manager version

No response

Language version

Java

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "gradle"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "tuesday"
      time: "09:00"

Updated dependency

name com.graphql-java:graphql-java to 20.2 from 20.0

What you expected to see, versus what you actually saw

I expected to see:

-    implementation 'com.graphql-java:graphql-java:20.0'
+   implementation 'com.graphql-java:graphql-java:20.2'

But I actually saw:

-    implementation 'com.graphql-java:graphql-java-extended-scalars:20.0'
-    implementation 'com.graphql-java:graphql-java:20.0'
+    implementation 'com.graphql-java:graphql-java-extended-scalars:20.2'
+   implementation 'com.graphql-java:graphql-java:20.2'

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

Smallest manifest that reproduces the issue

plugins { id 'war' }

compileJava { sourceCompatibility = 1.8 targetCompatibility = 1.8 }

tasks.withType(JavaCompile) { options.encoding = 'UTF-8' }

repositories { google() mavenCentral() mavenLocal() }

dependencies { implementation 'com.graphql-java:graphql-java-extended-scalars:20.0' implementation 'com.graphql-java:graphql-java:20.0' }

[deivid-rodriguez]

This seems a "regexp matching too much" issue, thanks for reporting!

You can try figure out the issue by using the dry-run.rb script as explained in the README. I suspect the problem lies in the file updater class here: https://github.com/dependabot/dependabot-core/blob/17dca4bcd23b141bca552862e5c4c64e8b003325/gradle/lib/dependabot/gradle/file_updater.rb.

[yeikel]

I was able to reproduce this

Build file : https://github.com/yeikel/dependabot-playground/blob/main/build.gradle

Pull request : https://github.com/yeikel/dependabot-playground/pull/64

  proxy | 2023/04/21 04:42:00 proxy starting, commit: d7dcd5b938d3a555f3a197631d3de2abe3853c50
  proxy | 2023/04/21 04:42:00 Listening (:1080)
updater | 2023-04-21T04:42:00.570955589 [649099116:main:WARN:src/devices/src/legacy/serial.rs:222] Detached the serial input due to peer close/error.
updater | time="2023-04-21T04:42:02Z" level=info msg="guest starting" commit=04202779bad4a51eea4fbe8ee8e698ced65ccbe7
updater | time="2023-04-21T04:42:02Z" level=info msg="starting job..." fetcher_timeout=10m0s job_id=649099116 updater_timeout=45m0s updater_version=6142a76e76d7e50b624fa442454dffea6f903d47-gradle
updater | 2023/04/21 04:42:03 INFO Raven 3.1.2 ready to catch errors
updater | 2023/04/21 04:42:04 INFO <job_649099116> Starting job processing
  proxy | 2023/04/21 04:42:04 [002] GET https://api.github.com:443/repos/yeikel/dependabot-playground
  proxy | 2023/04/21 04:42:04 [002] * authenticating github api request
  proxy | 2023/04/21 04:42:05 [002] 200 https://api.github.com:443/repos/yeikel/dependabot-playground
  proxy | 2023/04/21 04:42:05 [004] GET https://api.github.com:443/repos/yeikel/dependabot-playground/git/refs/heads/main
  proxy | 2023/04/21 04:42:05 [004] * authenticating github api request
  proxy | 2023/04/21 04:42:05 [004] 200 https://api.github.com:443/repos/yeikel/dependabot-playground/git/refs/heads/main
  proxy | 2023/04/21 04:42:05 [006] GET https://api.github.com:443/repos/yeikel/dependabot-playground/contents/?ref=328a959a03f2bddcd8b3acac33a8a6241031a866
  proxy | 2023/04/21 04:42:05 [006] * authenticating github api request
  proxy | 2023/04/21 04:42:05 [006] 200 https://api.github.com:443/repos/yeikel/dependabot-playground/contents/?ref=328a959a03f2bddcd8b3acac33a8a6241031a866
  proxy | 2023/04/21 04:42:05 [008] GET https://api.github.com:443/repos/yeikel/dependabot-playground/contents/build.gradle?ref=328a959a03f2bddcd8b3acac33a8a6241031a866
  proxy | 2023/04/21 04:42:05 [008] * authenticating github api request
  proxy | 2023/04/21 04:42:05 [008] 200 https://api.github.com:443/repos/yeikel/dependabot-playground/contents/build.gradle?ref=328a959a03f2bddcd8b3acac33a8a6241031a866
  proxy | 2023/04/21 04:42:05 [010] GET https://api.github.com:443/repos/yeikel/dependabot-playground/contents/gradle?ref=328a959a03f2bddcd8b3acac33a8a6241031a866
  proxy | 2023/04/21 04:42:05 [010] * authenticating github api request
  proxy | 2023/04/21 04:42:05 [010] 404 https://api.github.com:443/repos/yeikel/dependabot-playground/contents/gradle?ref=328a959a03f2bddcd8b3acac33a8a6241031a866
updater | 2023/04/21 04:42:05 INFO <job_649099116> Finished job processing
updater | time="2023-04-21T04:42:05Z" level=info msg="task complete" container_id=job-649099116-file-fetcher exit_code=0 job_id=649099116 step=fetcher
updater | 2023/04/21 04:42:06 INFO Raven 3.1.2 ready to catch errors
updater | 2023/04/21 04:42:07 INFO <job_649099116> Starting job processing
updater | 2023/04/21 04:42:07 INFO <job_649099116> Starting update job for yeikel/dependabot-playground
updater | 2023/04/21 04:42:07 INFO <job_649099116> Checking all dependencies for version updates...
updater | 2023/04/21 04:42:07 INFO <job_649099116> Checking if com.graphql-java:graphql-java 20.0 needs updating
  proxy | 2023/04/21 04:42:07 [016] GET https://maven.google.com:443/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:07 [016] 301 https://maven.google.com:443/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:08 [018] GET https://dl.google.com:443/dl/android/maven2/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:08 [018] 404 https://dl.google.com:443/dl/android/maven2/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:08 [020] GET https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java/maven-metadata.xml
  proxy | 2023/04/21 04:42:08 [020] 200 https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java/maven-metadata.xml
updater | 2023/04/21 04:42:09 INFO <job_649099116> Latest version is 20.2
updater | 2023/04/21 04:42:09 INFO <job_649099116> Requirements to unlock own
updater | 2023/04/21 04:42:09 INFO <job_649099116> Requirements update strategy 
updater | 2023/04/21 04:42:09 INFO <job_649099116> Updating com.graphql-java:graphql-java from 20.0 to 20.2
updater | 2023/04/21 04:42:09 INFO <job_649099116> Submitting com.graphql-java:graphql-java pull request for creation
  proxy | 2023/04/21 04:42:09 [022] GET https://api.github.com:443/repos/yeikel/dependabot-playground/commits?per_page=100
  proxy | 2023/04/21 04:42:09 [022] * authenticating github api request
  proxy | 2023/04/21 04:42:10 [022] 200 https://api.github.com:443/repos/yeikel/dependabot-playground/commits?per_page=100
  proxy | 2023/04/21 04:42:10 [024] GET https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java/20.2/graphql-java-20.2.pom
  proxy | 2023/04/21 04:42:10 [024] 200 https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java/20.2/graphql-java-20.2.pom
  proxy | 2023/04/21 04:42:10 [026] GET https://api.github.com:443/repos/graphql-java/graphql-java/releases?per_page=100
  proxy | 2023/04/21 04:42:10 [026] * authenticating github api request
  proxy | 2023/04/21 04:42:10 [026] 200 https://api.github.com:443/repos/graphql-java/graphql-java/releases?per_page=100
  proxy | 2023/04/21 04:42:10 [028] GET https://api.github.com:443/repos/graphql-java/graphql-java/contents/
  proxy | 2023/04/21 04:42:10 [028] * authenticating github api request
  proxy | 2023/04/21 04:42:11 [028] 200 https://api.github.com:443/repos/graphql-java/graphql-java/contents/
  proxy | 2023/04/21 04:42:11 [030] GET https://github.com:443/graphql-java/graphql-java.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:11 [030] * authenticating git server request (host: github.com)
  proxy | 2023/04/21 04:42:11 [030] 200 https://github.com:443/graphql-java/graphql-java.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:11 [032] GET https://api.github.com:443/repos/graphql-java/graphql-java/contents/?ref=v20.2
  proxy | 2023/04/21 04:42:11 [032] * authenticating github api request
  proxy | 2023/04/21 04:42:11 [032] 200 https://api.github.com:443/repos/graphql-java/graphql-java/contents/?ref=v20.2
  proxy | 2023/04/21 04:42:11 [034] GET https://github.com:443/graphql-java/graphql-java.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:11 [034] * authenticating git server request (host: github.com)
  proxy | 2023/04/21 04:42:11 [034] 200 https://github.com:443/graphql-java/graphql-java.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:11 [036] GET https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.0
  proxy | 2023/04/21 04:42:11 [036] * authenticating github api request
  proxy | 2023/04/21 04:42:11 [036] 200 https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.0
  proxy | 2023/04/21 04:42:11 [038] GET https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.2
  proxy | 2023/04/21 04:42:11 [038] * authenticating github api request
  proxy | 2023/04/21 04:42:11 [038] 200 https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.2
  proxy | 2023/04/21 04:42:12 [040] GET https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.0
  proxy | 2023/04/21 04:42:12 [040] * authenticating github api request
  proxy | 2023/04/21 04:42:12 [040] 200 https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.0
  proxy | 2023/04/21 04:42:12 [042] GET https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.2
  proxy | 2023/04/21 04:42:12 [042] * authenticating github api request
  proxy | 2023/04/21 04:42:12 [042] 200 https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.2
  proxy | 2023/04/21 04:42:12 [044] GET https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.0
  proxy | 2023/04/21 04:42:12 [044] * authenticating github api request
  proxy | 2023/04/21 04:42:12 [044] 200 https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.0
  proxy | 2023/04/21 04:42:12 [046] GET https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.2
  proxy | 2023/04/21 04:42:12 [046] * authenticating github api request
  proxy | 2023/04/21 04:42:12 [046] 200 https://api.github.com:443/repos/graphql-java/graphql-java/commits?sha=v20.2
updater | 2023/04/21 04:42:13 INFO <job_649099116> Checking if com.graphql-java:graphql-java-extended-scalars 20.0 needs updating
  proxy | 2023/04/21 04:42:13 [050] GET https://maven.google.com:443/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:13 [050] 301 https://maven.google.com:443/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:13 [052] GET https://dl.google.com:443/dl/android/maven2/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:13 [052] 404 https://dl.google.com:443/dl/android/maven2/com/graphql-java/group-index.xml
  proxy | 2023/04/21 04:42:13 [054] GET https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java-extended-scalars/maven-metadata.xml
  proxy | 2023/04/21 04:42:13 [054] 200 https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java-extended-scalars/maven-metadata.xml
updater | 2023/04/21 04:42:13 INFO <job_649099116> Latest version is 20.2
updater | 2023/04/21 04:42:13 INFO <job_649099116> Requirements to unlock own
updater | 2023/04/21 04:42:13 INFO <job_649099116> Requirements update strategy 
updater | 2023/04/21 04:42:13 INFO <job_649099116> Updating com.graphql-java:graphql-java-extended-scalars from 20.0 to 20.2
updater | 2023/04/21 04:42:13 INFO <job_649099116> Submitting com.graphql-java:graphql-java-extended-scalars pull request for creation
  proxy | 2023/04/21 04:42:13 [056] GET https://api.github.com:443/repos/yeikel/dependabot-playground/commits?per_page=100
  proxy | 2023/04/21 04:42:13 [056] * authenticating github api request
  proxy | 2023/04/21 04:42:13 [056] 200 https://api.github.com:443/repos/yeikel/dependabot-playground/commits?per_page=100
  proxy | 2023/04/21 04:42:13 [058] GET https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java-extended-scalars/20.2/graphql-java-extended-scalars-20.2.pom
  proxy | 2023/04/21 04:42:13 [058] 200 https://repo.maven.apache.org:443/maven2/com/graphql-java/graphql-java-extended-scalars/20.2/graphql-java-extended-scalars-20.2.pom
  proxy | 2023/04/21 04:42:13 [060] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/releases?per_page=100
  proxy | 2023/04/21 04:42:13 [060] * authenticating github api request
  proxy | 2023/04/21 04:42:14 [060] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/releases?per_page=100
  proxy | 2023/04/21 04:42:14 [062] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/contents/
  proxy | 2023/04/21 04:42:14 [062] * authenticating github api request
  proxy | 2023/04/21 04:42:14 [062] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/contents/
  proxy | 2023/04/21 04:42:14 [064] GET https://github.com:443/graphql-java/graphql-java-extended-scalars.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:14 [064] * authenticating git server request (host: github.com)
  proxy | 2023/04/21 04:42:14 [064] 200 https://github.com:443/graphql-java/graphql-java-extended-scalars.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:14 [066] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/contents/?ref=20.2
  proxy | 2023/04/21 04:42:14 [066] * authenticating github api request
  proxy | 2023/04/21 04:42:14 [066] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/contents/?ref=20.2
  proxy | 2023/04/21 04:42:14 [068] GET https://github.com:443/graphql-java/graphql-java-extended-scalars.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:14 [068] * authenticating git server request (host: github.com)
  proxy | 2023/04/21 04:42:14 [068] 200 https://github.com:443/graphql-java/graphql-java-extended-scalars.git/info/refs?service=git-upload-pack
  proxy | 2023/04/21 04:42:14 [070] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.0
  proxy | 2023/04/21 04:42:14 [070] * authenticating github api request
  proxy | 2023/04/21 04:42:14 [070] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.0
  proxy | 2023/04/21 04:42:14 [072] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.2
  proxy | 2023/04/21 04:42:14 [072] * authenticating github api request
  proxy | 2023/04/21 04:42:14 [072] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.2
  proxy | 2023/04/21 04:42:14 [074] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.0
  proxy | 2023/04/21 04:42:14 [074] * authenticating github api request
  proxy | 2023/04/21 04:42:15 [074] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.0
  proxy | 2023/04/21 04:42:15 [076] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.2
  proxy | 2023/04/21 04:42:15 [076] * authenticating github api request
  proxy | 2023/04/21 04:42:15 [076] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.2
  proxy | 2023/04/21 04:42:15 [078] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.0
  proxy | 2023/04/21 04:42:15 [078] * authenticating github api request
  proxy | 2023/04/21 04:42:15 [078] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.0
  proxy | 2023/04/21 04:42:15 [080] GET https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.2
  proxy | 2023/04/21 04:42:15 [080] * authenticating github api request
  proxy | 2023/04/21 04:42:15 [080] 200 https://api.github.com:443/repos/graphql-java/graphql-java-extended-scalars/commits?sha=20.2
updater | 2023/04/21 04:42:16 INFO <job_649099116> Finished job processing
updater | 2023/04/21 04:42:16 INFO Results:
updater | +--------------------------------------------------------------------------------+
updater | |                      Changes to Dependabot Pull Requests                       |
updater | +---------+----------------------------------------------------------------------+
updater | | created | com.graphql-java:graphql-java ( from 20.0 to 20.2 )                  |
updater | | created | com.graphql-java:graphql-java-extended-scalars ( from 20.0 to 20.2 ) |
updater | +---------+----------------------------------------------------------------------+
updater | time="2023-04-21T04:42:16Z" level=info msg="task complete" container_id=job-649099116-updater exit_code=0 job_id=649099116 step=updater

[yeikel]

@deivid-rodriguez Please re-open this issue if you can

[deivid-rodriguez]

Good catch, reopened!