search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.69k stars 1.01k forks source link

Missing Dependabot PR for org.springframework.cloud:spring-cloud-dependencies #8673

Open scordio opened 10 months ago

scordio commented 10 months ago

Is there an existing issue for this?

Package ecosystem

Maven

Package manager version

3.9.3

Language version

Java 17

Manifest location and content before the Dependabot update

https://github.com/scordio/spring-batch-notion/blob/main/pom.xml

dependabot.yml content

https://github.com/scordio/spring-batch-notion/blob/main/.github/dependabot.yml

Updated dependency

Dependency: https://github.com/scordio/spring-batch-notion/blob/16f512bdf63b74dc6952c66f0b351555900a1a34/pom.xml#L48-L54

<dependency>
  <groupId>org.springframework.cloud</groupId>
  <artifactId>spring-cloud-dependencies</artifactId>
  <version>2022.0.4</version>
  <type>pom</type>
  <scope>import</scope>
</dependency>

From: https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-dependencies/2022.0.4

To: https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-dependencies/2023.0.0

What you expected to see, versus what you actually saw

No PR was raised by Dependabot although the new dependency version was released on December 6th.

Might be related to #2926.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>org.example</groupId>
  <artifactId>maven-example</artifactId>
  <version>0.1.0-SNAPSHOT</version>

  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-dependencies</artifactId>
        <version>2022.0.4</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
  </dependencyManagement>
  <dependencies>
    <!-- Test -->
    <dependency>
      <groupId>org.springframework.cloud</groupId>
      <artifactId>spring-cloud-contract-wiremock</artifactId>
      <scope>test</scope>
    </dependency>
  </dependencies>

</project>
scordio commented 9 months ago

Dependabot might have skipped also a PR for:

<parent>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-parent</artifactId>
  <version>3.2.2</version>
  <relativePath/>
</parent>

The new version was released yesterday (https://github.com/spring-projects/spring-boot/releases/tag/v3.2.2) and I did a manual upgrade today (scordio/spring-batch-notion@769846f03f18dc312ef5af6a2c9b4cdd3235ee55).

As I've done the upgrade less than 24 hours from the release, I'm not sure if the daily execution of Dependabot already happened.