[pip] using same .in file for 2 .txt (hashed and default) only 1 .txt file is updated

[JonathanRenon-EDB]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

pip

Package manager version

No response

Language version

python

Manifest location and content before the Dependabot update

at project root requirements.in generates both requirements.txt (--generate-hashes) requirements-aap.txt

dependabot.yml content

updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "sunday"
    labels:
      - "dependabot"
      - "pip dependencies"
    open-pull-requests-limit: 5
    pull-request-branch-name:
      separator: "/"

Updated dependency

PR: Bumps boto3 from 1.34.64 to 1.34.75. only bumps in requirements-app.txt leaves requirements.txt at 1.34.64

no other PR opened for requirements.txt.

What you expected to see, versus what you actually saw

PR: Bumps boto3 from 1.34.64 to 1.34.75. should update both requirements files

the PR only bump requirements-aap.txt and leaves requirements.txt alone probably due to some lexical order priority ?

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/EnterpriseDB/tpa/pull/163

Smallest manifest that reproduces the issue

requirements.in

boto3

requirements.txt

boto3==1.34.64 \
    --hash=sha256:8c6fbd3d45399a4e4685010117fb2dc52fc6afdab5a9460957d463ae0c2cc55d \
    --hash=sha256:e5d681f443645e6953ed0727bf756bf16d85efefcb69cf051d04a070ce65e545
    # via -r requirements.in

requirements-aap.txt

boto3==1.34.64
    # via -r requirements.in

[JonathanRenon-EDB]

any update on this ticket ?

[JonathanRenon-EDB]

Issue is still present, any update on a review for this issue ? thank you.

[JonathanRenon-EDB]

still having the issue