Dependabot encountered an unknown error

[LiorHen9]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

NuGet

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="UiPath.System.Activities" version="21.4.1" />
</packages>

dependabot.yml content

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
registries:
  nuget-azure-devops:
    type: nuget-feed
    url: https://pkgs.dev.azure.com/HMSRPA/Public.Feeds/_packaging/HMS_RPA/nuget/v3/index.json

  nuget-public:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json

  UiPathMarketplace:
    type: nuget-feed
    url: https://gallery.uipath.com/api/v3/index.json

  UiPathOfficial:
    type: nuget-feed
    url: https://pkgs.dev.azure.com/uipath/Public.Feeds/_packaging/UiPath-Official/nuget/v3/index.json
updates:
- package-ecosystem: nuget
  directory: "/"
  registries: "*"
  schedule:
    interval: daily
  open-pull-requests-limit: 25

Updated dependency

UiPath.System.Activities

What you expected to see, versus what you actually saw

I expect to get a PR from dependabot but I get an error of updating the dependency

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[brettfo]

Can you share the contents of the log? There should be more information in there to help figure out what went wrong.

[probitdavid]

We are having the same or a similar issue. We have use the public and a private repo and although dependabot finds updates it fails when checking the updates on the public repo as it can't access the private packages. The private repo update check runs fine.

ater | 2024/01/03 14:18:54 INFO <job_769538804> Latest version is 3.5.0.2 updater | 2024/01/03 14:18:54 INFO <job_769538804> No update needed for Antlr 3.5.0.2 updater | 2024/01/03 14:18:54 INFO <job_769538804> Finished job processing updater | 2024/01/03 14:18:54 INFO Results: updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details. updater | +----------------------------------------+ updater | | Dependencies failed to update | updater | +------------------------+---------------+ updater | | DocumentFormat.OpenXml | unknown_error | updater | +------------------------+---------------+ updater | time="2024-01-03T14:18:54Z" level=info msg="task complete" container_id=job-769538804-updater exit_code=0 job_id=769538804 step=updater

Ill see if its ok for me to share some more of our logs.

[mburumaxwell]

Possibly a duplicate of #8597 and caused by #8179 or subsequent changes. Basically private feeds no longer working.

[abdulapopoola]

@mburumaxwell ; does this still repro? We've shipped a couple of fixes and apologize for the break.

[mburumaxwell]

@abdulapopoola private feeds (Azure Repos) still not working as of 9eee7bf

[gushill-ls]

@abdulapopoola, my company has also been hitting this issue since at least the beginning of 2024, perhaps earlier. Do you have any updates or progress on finding a solution? Here are snippets of our logs:

updater | Dependabot encountered '5' error(s) during execution, please check the logs for more details.
updater | +----------------------------------------------+
updater | |        Dependencies failed to update         |
updater | +------------------------------+---------------+
updater | | coverlet.collector           | unknown_error |
updater | | Products.Services.Utilities  | unknown_error |
updater | | Products.Provisioner.Library | unknown_error |
updater | | Atlas.Service.Base           | unknown_error |
updater | | Products.ResourceStore.Data  | unknown_error |
updater | +------------------------------+---------------+

There are tons of 404's for all of the common NuGet packages. Is there other information I can bring to the table?

~Gus

[abdulapopoola]

Tagging @brettfo

[brettfo]

Just yesterday a change was made to better handle some of these cases and I'm actively working on others right now. What's the status of the latest run?

[gushill-ls]

@brettfo I just tried three repositories and still see the same failures. Let me know if there's any additional information I can provide for you.

[brettfo]

@gushill-ls Can you give me the job ID so I can pull the logs? There will be several instances of text like INFO <job_123456> and I can go from there.

[gushill-ls]

updater | 2024/04/25 19:12:59 INFO Starting job processing updater | 2024/04/25 19:09:36 INFO Starting job processing updater | 2024/04/25 18:28:17 INFO Starting job processing There you go :)

[brettfo]

@gushill-ls Thank you, that was very helpful. Looking through the logs I see a common theme, mainly that only a NuGet package source named github is being checked for packages, so when attempting to do an actual update for something like xunit the job fails.

I suspect the issue is in one of two places:

1. Is there a NuGet.Config either next to a .csproj or anywhere up to the root of the repo? I'm curious to see if that lists the default feed of https://api.nuget.org/v3/index.json.
2. How are package sources defined in your dependabot.yml? The regular NuGet feed needs to be explicitly added there; something like this:

.github/dependabot.yml:

...
registries:
  # I suspect you already have an entry like this
  github:
    type: nuget-feed
    url: https://nuget.pkg.github.com/MY-GITHUB-ORG/index.json
    username: MY-GITHUB-USER
    password: ${{ secrets.MY_GITHUB_PASSWORD }}
  # and this needs to be present, too:
  public-nuget:
    type: nuget-feed
    url: https://api.nuget.org/v3/index.json
...
updates:
  - package-ecosystem: nuget
    directory: "/"
    registries:
      - public-nuget # this needs to be added
      - github # this is probably already present

[gushill-ls]

@brettfo Thank you! That was indeed the issue: our dependabot.yml (several hundred of them) has never explicitly listed the NuGet feed. I suppose that changed last year, and we didn't see the notice.