Dependabot update not considering compatibility of python version.

visuman commented 10 months ago

Is there an existing issue for this?

[X] I have searched the existing issues

Package ecosystem

python

Package manager version

No response

Language version

python 3.7

Manifest location and content before the Dependabot update

requirements.txt

zipp==3.15.0 ; python_version=='3.7' zipp==3.17.0 ; python_version>='3.8'

dependabot.yml content

version: 2 updates:

package-ecosystem: pip directory: '/' schedule: interval: weekly day: sunday time: '01:00' timezone: 'Asia/Kolkata' open-pull-requests-limit: 20

Updated dependency

zipp==3.17.0 ; python_version=='3.7' # This got updated but pypi says https://pypi.org/project/zipp/ zipp==3.17 needs py3.8+ zipp==3.17.0 ; python_version>='3.8'

What you expected to see, versus what you actually saw

Expected zipp==3.15.0 ; python_version=='3.7' zipp==3.17.0 ; python_version>='3.8'

Actual zipp==3.17.0 ; python_version=='3.7' zipp==3.17.0 ; python_version>='3.8'

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

This is happening to multiple packages

Smallest manifest that reproduces the issue

No response

domdfcoding commented 6 months ago

Seeing this myself with https://github.com/PyMassSpec/PyMassSpec/pull/50. Matplotlib 3.8.2 requires Python 3.9 but the requirement dependabot is updating has python_version == "3.6"

WilliamBergamin commented 5 months ago

I am experiencing this as well in slackapi/python-slack-sdk

moto==5.0.3; python_version=="3.6"
moto<5; python_version=="3.7"
moto<6

dependabot / dependabot-core