Some dependencies are missed in a group

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.

https://docs.github.com/en/code-security/dependabot

MIT License

4.65k stars 1.01k forks source link

Some dependencies are missed in a group #7822

Open xxchan opened 1 year ago

xxchan commented 1 year ago

Is there an existing issue for this?

[X] I have searched the existing issues

Package ecosystem

cargo

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

https://github.com/risingwavelabs/risingwave/blob/24c25b4e52d4bc04af14c09b1d3e928604853998/.github/dependabot.yml#L16-L18

Updated dependency

No response

What you expected to see, versus what you actually saw

In PR https://github.com/risingwavelabs/risingwave/pull/11679

Part of aws-* are updated. I expect to update all of them.

This also caused multiple versions of the dependencies occuring.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

gu-stav commented 1 year ago

👋🏼

We are running into the same problem in https://github.com/strapi/design-system/pull/1292 The group update did miss @storybook/react, but picked up all other dependencies based on the group patterns.

The config is:

storybook:
  patterns:
    - '@storybook/*'
    - 'storybook-dark-mode'
    - 'storybook'

idaame commented 9 months ago

We also have the same problem in these two repos (navikt/familie-ks-sak-frontend and navikt/familie-ba-sak-frontend) with sentry-updates, missing @sentry/core. In our config-file we have:

sentry:
        patterns:
          - "@sentry/tracing"
          - "@sentry/core"
          - "@sentry/browser"

However, dependabot only detects updates on tracing and browser, and core does not show up in the grouped PR (or even in a separate PR).

Nishnha commented 5 months ago

Hi we have made a lot of improvements to grouped updates since this issue was first reported. Can you confirm whether the issue is still present? One big fix is that groups are correctly order dependent now.

abdulapopoola commented 5 months ago

tagging @idaame and @xxchan and @gu-stav

xxchan commented 5 months ago

Thanks for the work. But I didn’t check it recently. Let’s close the issue first. Will report if there’s still problems.

xxchan commented 5 months ago

I find the problem still exists. @Nishnha @abdulapopoola

The config: https://github.com/risingwavelabs/risingwave/blob/4ba2e667b0f70896ea32e19d86ebe6b3dd763aec/.github/dependabot.yml#L39-L41

The dependabot PR: https://github.com/risingwavelabs/risingwave/pull/16517

From this commit, https://github.com/yoshidan/google-cloud-rust/commit/56a7d262b315f72a65c227b24dd692e0665d3ae3#diff-fd11a88e3e9d445df3f28639d7adc24dce7b710fe07bb689e814465af6a556b6

We can see other dependencies in the group, e.g., google-cloud-pubsub are also updated, but dependabot only updates one of them google-cloud-bigquery.