search

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PRs.
https://docs.github.com/en/code-security/dependabot
MIT License
4.7k stars 1.02k forks source link

Dependabot keeps sending in separate PR's instead of grouping them #9677

Closed driesvints closed 3 months ago

driesvints commented 6 months ago

Is there an existing issue for this?

Package ecosystem

Composer

Package manager version

updater_version=41076f97339018d9609e338bdc9c505b58212028-composer

Language version

PHP but specific version isn't found in logs

Manifest location and content before the Dependabot update

It's proprietary software so I can't share all contents unfortunately.

dependabot.yml content

version: 2
updates:
  - package-ecosystem: composer
    directory: "/"
    schedule:
      interval: weekly
      day: monday
    groups:
      php-dependencies:
        update-types:
        - "minor"
        - "patch"
    allow:
      - dependency-type: direct
    versioning-strategy: increase-if-necessary

  - package-ecosystem: npm
    directory: "/"
    schedule:
      interval: weekly
      day: monday
    groups:
      js-dependencies:
        update-types:
        - "minor"
        - "patch"
    allow:
      - dependency-type: direct
    versioning-strategy: increase-if-necessary

Updated dependency

Screenshot 2024-05-06 at 09 47 57

What you expected to see, versus what you actually saw

I've grouped patch and minor version updates but Dependabot continuous to send some as separate PR's. I've seen this happening across multiple repositories. As detailed in the dependabot.yml, I expect all of these to be grouped as a single PR. This only happens with Composer.

Native package manager behavior

$ composer update -W                                                                                  ~/Herd/forge
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 46 updates, 0 removals
  - Upgrading aws/aws-sdk-php (3.305.4 => 3.305.9)
  - Upgrading brick/math (0.11.0 => 0.12.1)
  - Upgrading brick/money (0.8.1 => 0.9.0)
  - Upgrading dompdf/dompdf (v2.0.7 => v2.0.8)
  - Upgrading jaybizzle/crawler-detect (v1.2.117 => v1.2.118)
  - Upgrading laravel/framework (v10.48.9 => v10.48.10)
  - Upgrading laravel/prompts (v0.1.20 => v0.1.21)
  - Upgrading laravel/pulse (v1.0.0-beta16 => v1.0.0)
  - Upgrading livewire/livewire (v3.4.10 => v3.4.12)
  - Upgrading openspout/openspout (v4.23.0 => v4.23.1)
  - Upgrading paragonie/sodium_compat (v1.20.1 => v1.21.1)
  - Upgrading spatie/backtrace (1.5.3 => 1.6.1)
  - Upgrading spatie/flare-client-php (1.4.4 => 1.5.1)
  - Upgrading spatie/ignition (1.13.2 => 1.14.1)
  - Upgrading spatie/image-optimizer (1.7.2 => 1.7.3)
  - Upgrading spatie/laravel-ignition (2.5.2 => 2.7.0)
  - Upgrading spatie/laravel-ray (1.36.1 => 1.36.2)
  - Upgrading spatie/ray (1.41.1 => 1.41.2)
  - Upgrading spatie/robots-txt (2.0.3 => 2.2.0)
  - Upgrading symfony/console (v6.4.6 => v6.4.7)
  - Upgrading symfony/css-selector (v6.4.3 => v6.4.7)
  - Upgrading symfony/deprecation-contracts (v3.4.0 => v3.5.0)
  - Upgrading symfony/dom-crawler (v6.4.4 => v6.4.7)
  - Upgrading symfony/error-handler (v6.4.6 => v6.4.7)
  - Upgrading symfony/event-dispatcher (v6.4.3 => v6.4.7)
  - Upgrading symfony/event-dispatcher-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/finder (v6.4.0 => v6.4.7)
  - Upgrading symfony/http-client (v6.4.6 => v6.4.7)
  - Upgrading symfony/http-client-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/http-foundation (v6.4.4 => v6.4.7)
  - Upgrading symfony/http-kernel (v6.4.6 => v6.4.7)
  - Upgrading symfony/mailer (v6.4.6 => v6.4.7)
  - Upgrading symfony/mime (v6.4.6 => v6.4.7)
  - Upgrading symfony/options-resolver (v6.4.0 => v6.4.7)
  - Upgrading symfony/postmark-mailer (v6.4.4 => v6.4.7)
  - Upgrading symfony/process (v6.4.4 => v6.4.7)
  - Upgrading symfony/psr-http-message-bridge (v6.4.6 => v6.4.7)
  - Upgrading symfony/routing (v6.4.6 => v6.4.7)
  - Upgrading symfony/service-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/stopwatch (v6.4.3 => v6.4.7)
  - Upgrading symfony/string (v6.4.4 => v6.4.7)
  - Upgrading symfony/translation (v6.4.4 => v6.4.7)
  - Upgrading symfony/translation-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/uid (v6.4.3 => v6.4.7)
  - Upgrading symfony/var-dumper (v6.4.6 => v6.4.7)
  - Upgrading zbateson/mail-mime-parser (2.4.0 => 2.4.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 46 updates, 0 removals
  - Downloading dompdf/dompdf (v2.0.8)
  - Downloading symfony/css-selector (v6.4.7)
  - Downloading symfony/uid (v6.4.7)
  - Downloading symfony/routing (v6.4.7)
  - Downloading symfony/mailer (v6.4.7)
  - Downloading laravel/framework (v10.48.10)
  - Downloading jaybizzle/crawler-detect (v1.2.118)
  - Downloading openspout/openspout (v4.23.1)
  - Downloading brick/money (0.9.0)
  - Downloading symfony/psr-http-message-bridge (v6.4.7)
  - Downloading livewire/livewire (v3.4.12)
  - Downloading laravel/pulse (v1.0.0)
  - Downloading aws/aws-sdk-php (3.305.9)
  - Downloading spatie/image-optimizer (1.7.3)
  - Downloading spatie/flare-client-php (1.5.1)
  - Downloading spatie/ignition (1.14.1)
  - Downloading zbateson/mail-mime-parser (2.4.1)
  - Downloading spatie/ray (1.41.2)
  - Downloading spatie/laravel-ray (1.36.2)
  - Downloading symfony/dom-crawler (v6.4.7)
  - Downloading spatie/robots-txt (2.2.0)
  - Downloading symfony/http-client-contracts (v3.5.0)
  - Downloading symfony/http-client (v6.4.7)
  - Downloading symfony/postmark-mailer (v6.4.7)
  - Upgrading symfony/process (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading symfony/string (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading symfony/deprecation-contracts (v3.4.0 => v3.5.0): Extracting archive
  - Upgrading symfony/service-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/console (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading brick/math (0.11.0 => 0.12.1): Extracting archive
  - Upgrading dompdf/dompdf (v2.0.7 => v2.0.8): Extracting archive
  - Upgrading symfony/http-foundation (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading symfony/css-selector (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading symfony/var-dumper (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/uid (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading symfony/routing (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/mime (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/event-dispatcher-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/event-dispatcher (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading symfony/mailer (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/error-handler (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/http-kernel (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/finder (v6.4.0 => v6.4.7): Extracting archive
  - Upgrading symfony/translation-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/translation (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading laravel/framework (v10.48.9 => v10.48.10): Extracting archive
  - Upgrading laravel/prompts (v0.1.20 => v0.1.21): Extracting archive
  - Upgrading jaybizzle/crawler-detect (v1.2.117 => v1.2.118): Extracting archive
  - Upgrading openspout/openspout (v4.23.0 => v4.23.1): Extracting archive
  - Upgrading brick/money (0.8.1 => 0.9.0): Extracting archive
  - Upgrading symfony/psr-http-message-bridge (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading livewire/livewire (v3.4.10 => v3.4.12): Extracting archive
  - Upgrading laravel/pulse (v1.0.0-beta16 => v1.0.0): Extracting archive
  - Upgrading aws/aws-sdk-php (3.305.4 => 3.305.9): Extracting archive
  - Upgrading paragonie/sodium_compat (v1.20.1 => v1.21.1): Extracting archive
  - Upgrading symfony/options-resolver (v6.4.0 => v6.4.7): Extracting archive
  - Upgrading spatie/image-optimizer (1.7.2 => 1.7.3): Extracting archive
  - Upgrading spatie/backtrace (1.5.3 => 1.6.1): Extracting archive
  - Upgrading spatie/flare-client-php (1.4.4 => 1.5.1): Extracting archive
  - Upgrading spatie/ignition (1.13.2 => 1.14.1): Extracting archive
  - Upgrading spatie/laravel-ignition (2.5.2 => 2.7.0): Extracting archive
  - Upgrading zbateson/mail-mime-parser (2.4.0 => 2.4.1): Extracting archive
  - Upgrading symfony/stopwatch (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading spatie/ray (1.41.1 => 1.41.2): Extracting archive
  - Upgrading spatie/laravel-ray (1.36.1 => 1.36.2): Extracting archive
  - Upgrading symfony/dom-crawler (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading spatie/robots-txt (2.0.3 => 2.2.0): Extracting archive
  - Upgrading symfony/http-client-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/http-client (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/postmark-mailer (v6.4.4 => v6.4.7): Extracting archive
Generating optimized autoload files

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

Not sure sorry, I only have the above dependabot.yml config file. I do have the log output of the dependabot update: https://gist.github.com/driesvints/764cc103dcd43e59b073366ef35dc89b

abdulapopoola commented 3 months ago

@driesvints , please does this issue still occur?

p-linnane commented 3 months ago

@abdulapopoola We are still seeing this issue in Homebrew with sorbet: https://github.com/Homebrew/brew/actions/runs/10081437781/job/27873444722

driesvints commented 3 months ago

I have to admit it's been a while now that I saw it but I'll keep monitoring.

abdulapopoola commented 3 months ago

Good to know @driesvints and thanks!

@p-linnane ; we've shipped a couple of fixes this week, could you please file a new issue about this error so we can take a look and investigate?

p-linnane commented 3 months ago

Thanks @abdulapopoola. I've opened https://github.com/dependabot/dependabot-core/issues/10293.

abdulapopoola commented 3 months ago

Closing this out for now based on @driesvints' point