No PRs due to unclear `update_not_possible`

[amureki]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

npm

Package manager version

10.2.4

Language version

20.11.0

Manifest location and content before the Dependabot update

This is my package.json, located in the root project folder:

{
  "name": "my-project",
  "repository": "my-project-url",
  "license": "UNLICENSED",
  "scripts": {
    "build": "wireit",
    "i18n:build": "wireit",
    "test": "wireit",
    "lint": "wireit",
    "test:ci": "wireit",
    "i18n:extract": "wireit"
  },
  "wireit": {
    "build": {
      "dependencies": [
        "sass",
        "svg",
        "webpack",
        "esm"
      ]
    },
    "webpack": {
      "command": "webpack",
      "files": [
        "frontend/assets/js/**/*.js",
        "frontend/assets/js/**/*.vue",
        "webpack.*"
      ],
      "output": [
        "frontend/static/js/*.min.js"
      ],
      "clean": true,
      "dependencies": [
        "esm",
        "i18n:build"
      ]
    },
    "esm": {
      "command": "esbuild `find frontend/assets/js -iname \"*.js\" -not -path \"*/__tests__/*\" -not -path \"*/__fixture__/*\"` --outdir=frontend/static/js --minify --sourcemap --target=es6 --format=esm",
      "files": [
        "frontend/assets/js/**/*.js"
      ],
      "output": [
        "frontend/static/js/**/*.js"
      ],
      "dependencies": [
        "i18n:build",
        "esm-dists"
      ]
    },
    "esm-dists": {
      "command": "node esm-dists.mjs",
      "files": [
        "node_modules/**/*.js"
      ],
      "output": [
        "frontend/static/dependencies/*.min.mjs"
      ]
    },
    "svg": {
      "command": "svg-sprite --config=svg-sprite.config.json 'frontend/assets/gfx/**/*.svg' 'node_modules/plyr/src/sprite/*.svg'",
      "files": [
        "frontend/assets/gfx/**/*.svg",
        "node_modules/plyr/src/sprite/*.svg"
      ],
      "output": [
        "frontend/static/img/sprite.svg"
      ]
    },
    "sass": {
      "command": "npx sass frontend/assets/scss:frontend/static/css --style=compressed --embed-sources --load-path=node_modules",
      "files": [
        "frontend/assets/scss/**/*.scss"
      ],
      "output": [
        "frontend/static/css"
      ],
      "dependencies": [
        "fonts"
      ]
    },
    "fonts": {
      "command": "node copy-fonts.mjs",
      "files": [
        "frontend/assets/fonts/*.woff2",
        "frontend/assets/fonts/*.woff"
      ],
      "output": [
        "frontend/static/fonts/*.woff2",
        "frontend/static/fonts/*.woff"
      ]
    },
    "i18n:extract": {
      "command": "lit-localize extract",
      "files": [
        "lit-localize.json",
        "frontend/assets/js/**/*.js"
      ]
    },
    "i18n:build": {
      "command": "lit-localize build",
      "files": [
        "lit-localize.json",
        "frontend/assets/js/xliff/*.xlf"
      ],
      "output": [
        "frontend/assets/js/locale/*.js"
      ]
    },
    "lint": {
      "dependencies": [
        "lint:js",
        "lint:sass"
      ]
    },
    "lint:js": {
      "command": "eslint \"**/*.{js,vue}\""
    },
    "lint:sass": {
      "command": "stylelint \"**/*.scss\""
    },
    "test": {
      "command": "jest"
    },
    "test:ci": {
      "command": "jest --ci"
    }
  },
  "version": "0.1.0",
  "engines": {
    "node": "20.*",
    "npm": "10.*"
  },
  "packageManager": "npm",
  "imports": {
    "#js/components/*": "./frontend/static/js/components/*.js",
    "#js/integrations/*": "./frontend/static/js/integrations/*.js",
    "#js/locale/*": "./frontend/static/js/locale/*.js",
    "#js/pages/*": "./frontend/static/js/pages/*.js",
    "#dependencies/*": "./frontend/static/dependencies/*.min.mjs"
  },
  "sasslintConfig": ".sass-lint.yaml",
  "dependencies": {
    "htmx.org": "*",
    "lit": "*"
  },
  "devDependencies": {
    "@algolia/autocomplete-js": "*",
    "@algolia/autocomplete-theme-classic": "*",
    "@easepick/bundle": "*",
    "@lit/localize": "*",
    "@lit/localize-tools": "*",
    "@mapbox/mapbox-gl-geocoder": "*",
    "@pusher/push-notifications-web": "*",
    "@sentry/browser": "*",
    "@sentry/integrations": "*",
    "@testing-library/jest-dom": "*",
    "algoliasearch-helper": "*",
    "chart.js": "*",
    "chartjs-adapter-dayjs-4": "*",
    "chartjs-chart-treemap": "*",
    "chartjs-plugin-annotation": "*",
    "dayjs": "*",
    "esbuild": "*",
    "esbuild-jest": "*",
    "eslint": "*",
    "eslint-config-standard": "*",
    "eslint-plugin-jest": "*",
    "eslint-plugin-jsdoc": "*",
    "eslint-plugin-promise": "*",
    "eslint-plugin-vue": "*",
    "hls.js": "*",
    "identity-obj-proxy": "*",
    "jest": "*",
    "jest-canvas-mock": "*",
    "jest-environment-jsdom": "*",
    "lit-css-loader": "*",
    "lodash": "*",
    "lodash-webpack-plugin": "*",
    "mousetrap": "*",
    "normalize.css": "*",
    "plyr": "*",
    "pusher-js": "*",
    "sass": "*",
    "shepherd.js": "*",
    "standard": "*",
    "stylelint": "*",
    "stylelint-config-standard-scss": "*",
    "stylelint-scss": "*",
    "svg-sprite": "*",
    "svgo": "*",
    "swiper": "9.*",
    "vue": "2.7.16",
    "vue-loader": "15.x",
    "vue-template-compiler": "*",
    "webpack": "*",
    "webpack-cli": "*",
    "wireit": "*"
  }
}

dependabot.yml content

# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: pip
  directory: "/"
  schedule:
    interval: weekly
  groups:
    minor-python-dependencies:
      update-types:
        - "minor"
        - "patch"
    major-python-dependencies:
      update-types:
        - "major"
  versioning-strategy: lockfile-only
  open-pull-requests-limit: 10
- package-ecosystem: npm
  directory: "/"
  schedule:
    interval: weekly
  groups:
    minor-javascript-dependencies:
      update-types:
        - "minor"
        - "patch"
    major-javascript-dependencies:
      update-types:
        - "major"
  versioning-strategy: lockfile-only
  open-pull-requests-limit: 10
- package-ecosystem: github-actions
  directory: "/"
  schedule:
    interval: weekly

Updated dependency

No response

What you expected to see, versus what you actually saw

As of today, I see a list of outdated dependencies, while Dependabot states: No PRs affected. In dependabot logs I see the following:

updater | 2024/04/15 07:05:37 INFO <job_814568055> Checking if hls.js  needs updating
  proxy | 2024/04/15 07:05:37 [315] GET https://registry.npmjs.org:443/hls.js
  proxy | 2024/04/15 07:05:37 [315] 200 https://registry.npmjs.org:443/hls.js
  proxy | 2024/04/15 07:05:40 [317] HEAD https://registry.npmjs.org:443/hls.js/-/hls.js-1.5.8.tgz
  proxy | 2024/04/15 07:05:40 [317] 200 https://registry.npmjs.org:443/hls.js/-/hls.js-1.5.8.tgz
updater | 2024/04/15 07:05:40 INFO <job_814568055> Latest version is 1.5.8
updater | 2024/04/15 07:05:40 INFO <job_814568055> Requirements to unlock update_not_possible
updater | 2024/04/15 07:05:40 INFO <job_814568055> Requirements update strategy lockfile_only
updater | 2024/04/15 07:05:40 INFO <job_814568055> No update possible for hls.js 

This started several months before, without me touching the dependency logic.

Native package manager behavior

❯ npm outdated
Package               Current   Wanted   Latest  Location                         
@sentry/browser       7.109.0  7.110.0  7.110.0  node_modules/@sentry/browser     
@sentry/integrations  7.109.0  7.110.0  7.110.0  node_modules/@sentry/integrations
eslint                 8.57.0    9.0.0    9.0.0  node_modules/eslint              
eslint-plugin-vue      9.24.1   9.25.0   9.25.0  node_modules/eslint-plugin-vue   
hls.js                  1.5.7    1.5.8    1.5.8  node_modules/hls.js              
sass                   1.74.1   1.75.0   1.75.0  node_modules/sass                
swiper                  9.4.1    9.4.1   11.1.1  node_modules/swiper              
vue                    2.7.16   2.7.16   3.4.21  node_modules/vue                 
vue-loader            15.11.1  15.11.1   17.4.2  node_modules/vue-loader          

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[amureki]

@abdulapopoola thank you for adding this to the project! I wonder if it is possible to get information on the process. Is there something to be done, can I help with moving this forward?

The issue here means that right now we cannot rely on dependabot to do the job it is supposed to do - update our dependencies.

[andi34]

Getting same error, seems to be related to NPM V10.

Dependabot can't resolve your JavaScript dependency files
Dependabot failed to update your dependencies because there was an error resolving your JavaScript dependency files.

Dependabot encountered the following error:

Dependabot uses Node.js v20.16.0 and NPM 10.8.1. Due to the engine-strict setting, the update will not succeed.

Curious since it's inside defined range of npm and node versions in package.json:

  "engines": {
    "node": ">=20.15.0",
    "npm": ">=10.7.0"
  },

From log

Dependabot encountered '3' error(s) during execution, please check the logs for more details.
+----------------------------------------------------------------+
|                 Dependencies failed to update                  |
+-------------------------------+--------------------------------+
| @fortawesome/fontawesome-free | dependency_file_not_resolvable |
| tailwindcss                   | dependency_file_not_resolvable |
| eslint-plugin-n               | dependency_file_not_resolvable |
+-------------------------------+--------------------------------+
Failure running container a6c2610781485ad9fc036538ab247374a7a35622deaf45bfbd0c6ae61e469417
Cleaned up container a6c2610781485ad9fc036538ab247374a7a35622deaf45bfbd0c6ae61e469417
  proxy | 2024/07/26 04:05:29 10/92 calls cached (10%)
  proxy | 2024/07/26 04:05:29 Posting metrics to remote API endpoint
Error: Dependabot encountered an error performing the update

Error: The updater encountered one or more errors.

Found someone else with same problem: https://github.com/oaknational/Oak-Web-Application/pull/2484

[andi34]

updater | 2024/07/26 04:05:15 INFO <job_860834412> Checking if @fortawesome/fontawesome-free 6.5.2 needs updating
  proxy | 2024/07/26 04:05:15 [083] GET https://registry.npmjs.org:443/@fortawesome%2Ffontawesome-free
  proxy | 2024/07/26 04:05:15 [083] 200 https://registry.npmjs.org:443/@fortawesome%2Ffontawesome-free
  proxy | 2024/07/26 04:05:15 [085] HEAD https://registry.npmjs.org:443/@fortawesome/fontawesome-free/-/fontawesome-free-6.6.0.tgz
  proxy | 2024/07/26 04:05:15 [085] 200 https://registry.npmjs.org:443/@fortawesome/fontawesome-free/-/fontawesome-free-6.6.0.tgz
updater | 2024/07/26 04:05:15 INFO <job_860834412> Latest version is 6.6.0
  proxy | 2024/07/26 04:05:15 [087] GET https://registry.npmjs.org:443/photobooth
  proxy | 2024/07/26 04:05:15 [087] 200 https://registry.npmjs.org:443/photobooth
  proxy | 2024/07/26 04:05:17 [089] GET https://registry.npmjs.org:443/@fortawesome%2ffontawesome-free
  proxy | 2024/07/26 04:05:17 [089] 200 https://registry.npmjs.org:443/@fortawesome%2ffontawesome-free
  proxy | 2024/07/26 04:05:17 [091] GET https://registry.npmjs.org:443/photobooth
2024/07/26 04:05:17 [091] 200 https://registry.npmjs.org:443/photobooth
updater | 2024/07/26 04:05:17 INFO <job_860834412> Requirements to unlock own
  proxy | 2024/07/26 04:05:17 [093] GET https://registry.npmjs.org:443/photobooth
2024/07/26 04:05:17 [093] 200 https://registry.npmjs.org:443/photobooth
updater | 2024/07/26 04:05:17 INFO <job_860834412> Requirements update strategy bump_versions
updater | 2024/07/26 04:05:17 INFO <job_860834412> Updating @fortawesome/fontawesome-free from 6.5.2 to 6.6.0
  proxy | 2024/07/26 04:05:18 [095] POST /update_jobs/860834412/record_update_job_error
  proxy | 2024/07/26 04:05:18 [095] 204 /update_jobs/860834412/record_update_job_error
updater | 2024/07/26 04:05:18 INFO <job_860834412> Handled error whilst updating @fortawesome/fontawesome-free: dependency_file_not_resolvable {:message=>"Dependabot uses Node.js v20.16.0 and NPM 10.8.1. Due to the engine-strict setting, the update will not succeed."}

Where does https://registry.npmjs.org:443/photobooth come from? The repo is called photobooth having trouble on... but it is not available via npmjs ... That's a different project.