search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.64k stars 995 forks source link

Dependabot PR doesn't list what packages were updated but the commit message does #9314

Open xt0rted opened 6 months ago

xt0rted commented 6 months ago

Is there an existing issue for this?

Package ecosystem

npm

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/xt0rted/dotnet-sdk-updater/blob/cbb5ab188ac13d464cf19bf5ac4f892f6f836934/package.json

{
  "name": "dotnet-sdk-updater",
  "version": "1.0.0",
  "private": true,
  "description": "Update global.json files with the latest SDK version",
  "main": "dist/index.js",
  "type": "module",
  "scripts": {
    "build": "tsc --project ./tsconfig.build.json",
    "clean": "rimraf coverage dist lib",
    "eslint": "eslint . --ext .js,.cjs,.ts",
    "eslint:fix": "npm run eslint -- --fix",
    "lint": "tsc --noEmit && npm run eslint",
    "local": "ncc run src/main.ts",
    "package": "ncc build ./src/main.ts --source-map --license license.txt",
    "readme": "actions-toolkit update-readme --include-example",
    "prerelease": "npm run clean && npm run lint && npm test && npm run build",
    "release": "npm run package && git add -f dist/",
    "postrelease": "node --loader ts-node/esm ./scripts/prepare-release.ts && git add action.yml",
    "test": "cross-env NODE_OPTIONS=--experimental-vm-modules jest --coverage --config=jest.config.cjs"
  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/xt0rted/dotnet-sdk-updater.git"
  },
  "keywords": [
    "actions",
    "github",
    "dependabot",
    "dependencies",
    "dotnet",
    "dotnet-core",
    "dotnet-sdk"
  ],
  "author": "xt0rted",
  "license": "MIT",
  "dependencies": {
    "@actions/core": "^1.10.1",
    "json5": "^2.2.3",
    "node-fetch": "^3.3.2",
    "semver": "^7.6.0",
    "xregexp": "^5.1.1"
  },
  "devDependencies": {
    "@types/eslint": "^8.56.2",
    "@types/jest": "^29.5.12",
    "@types/node": "^20.11.25",
    "@types/semver": "^7.5.8",
    "@typescript-eslint/eslint-plugin": "^6.20.0",
    "@typescript-eslint/parser": "^6.20.0",
    "@vercel/ncc": "^0.38.1",
    "@xt0rted/actions-toolkit": "^0.0.1",
    "cross-env": "^7.0.3",
    "dotenv": "^16.4.5",
    "eslint": "^8.56.0",
    "eslint-plugin-import": "^2.29.1",
    "eslint-plugin-jest": "^27.6.3",
    "eslint-plugin-sort-destructure-keys": "^1.5.0",
    "eslint-plugin-typescript-sort-keys": "^3.1.0",
    "eslint-plugin-unicorn": "^50.0.1",
    "jest": "^29.7.0",
    "jest-circus": "^29.6.1",
    "nock": "^13.5.4",
    "rimraf": "^5.0.5",
    "ts-jest": "^29.1.2",
    "ts-node": "^10.9.2",
    "tslib": "^2.6.2",
    "typescript": "^5.4.2"
  }
}

dependabot.yml content

https://github.com/xt0rted/dotnet-sdk-updater/blob/cbb5ab188ac13d464cf19bf5ac4f892f6f836934/.github/dependabot.yml

version: 2
updates:

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      github-actions:
        patterns:
          - "actions/*"
      my-actions:
        patterns:
          - "xt0rted/*"

  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    groups:
      eslint:
        patterns:
          - "@types/eslint"
          - "@typescript-eslint/*"
          - "eslint"
          - "eslint-*"
      jest:
        patterns:
          - "@types/jest"
          - "jest"
          - "jest-*"
          - "ts-jest"
      semver:
        patterns:
          - "@types/semver"
          - "semver"
      typescript:
        patterns:
          - "ts-node"
          - "tslib"
          - "typescript"

Updated dependency

Package From To
@typescript-eslint/eslint-plugin 6.20.0 6.21.0
@typescript-eslint/parser 6.20.0 6.21.0
eslint 8.56.0 8.57.0
@types/eslint 8.56.2 8.56.5
eslint-plugin-jest 27.6.3 27.9.0
eslint-plugin-typescript-sort-keys 3.1.0 3.2.0
eslint-plugin-unicorn 50.0.1 51.0.1

What you expected to see, versus what you actually saw

The commit message has the list of packages updated, but the PR body doesn't for some reason.

https://github.com/xt0rted/dotnet-sdk-updater/pull/605

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

xt0rted commented 5 months ago

I got 2 more PRs like this in a private repo. All they say is:

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

While the commit message says:

Bumps the dotnet group with 4 updates: [Microsoft.AspNetCore.Identity.EntityFrameworkCore](https://github.com/dotnet/aspnetcore), [Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore](https://github.com/dotnet/aspnetcore), [Microsoft.AspNetCore.Identity.UI](https://github.com/dotnet/aspnetcore) and [Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation](https://github.com/dotnet/aspnetcore).

Updates `Microsoft.AspNetCore.Identity.EntityFrameworkCore` from 6.0.24 to 6.0.28
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](https://github.com/dotnet/aspnetcore/compare/v6.0.24...v6.0.28)

Updates `Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore` from 6.0.24 to 6.0.28
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](https://github.com/dotnet/aspnetcore/compare/v6.0.24...v6.0.28)

Updates `Microsoft.AspNetCore.Identity.UI` from 6.0.24 to 6.0.28
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](https://github.com/dotnet/aspnetcore/compare/v6.0.24...v6.0.28)

Updates `Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation` from 6.0.26 to 6.0.28
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](https://github.com/dotnet/aspnetcore/compare/v6.0.26...v6.0.28)

---
updated-dependencies:
- dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.AspNetCore.Identity.UI
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <support@github.com>

And

Bumps the entity-framework group with 4 updates: [Microsoft.EntityFrameworkCore.Design](https://github.com/dotnet/efcore), [Microsoft.EntityFrameworkCore.SqlServer](https://github.com/dotnet/efcore), [Microsoft.EntityFrameworkCore.Tools](https://github.com/dotnet/efcore) and [dotnet-ef](https://github.com/dotnet/efcore).

Updates `Microsoft.EntityFrameworkCore.Design` from 6.0.24 to 6.0.28
- [Release notes](https://github.com/dotnet/efcore/releases)
- [Commits](https://github.com/dotnet/efcore/compare/v6.0.24...v6.0.28)

Updates `Microsoft.EntityFrameworkCore.SqlServer` from 6.0.24 to 6.0.28
- [Release notes](https://github.com/dotnet/efcore/releases)
- [Commits](https://github.com/dotnet/efcore/compare/v6.0.24...v6.0.28)

Updates `Microsoft.EntityFrameworkCore.Tools` from 6.0.24 to 6.0.28
- [Release notes](https://github.com/dotnet/efcore/releases)
- [Commits](https://github.com/dotnet/efcore/compare/v6.0.24...v6.0.28)

Updates `dotnet-ef` from 7.0.13 to 8.0.3
- [Release notes](https://github.com/dotnet/efcore/releases)
- [Commits](https://github.com/dotnet/efcore/compare/v7.0.13...v8.0.3)

---
updated-dependencies:
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: entity-framework
- dependency-name: Microsoft.EntityFrameworkCore.SqlServer
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: entity-framework
- dependency-name: Microsoft.EntityFrameworkCore.Tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: entity-framework
- dependency-name: dotnet-ef
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: entity-framework
...

Signed-off-by: dependabot[bot] <support@github.com>
xt0rted commented 5 months ago

I had this happen in a public repo this week https://github.com/xt0rted/dotnet-rimraf/pull/313

The dependabot log for this PR is linked to two others, one of which ran into the issue in #9288 so the update job completed with errors. That seems to be a common thing with all of the PRs that lack a full description, there's another PR with errors.