search

dependabot / feedback

The old feedback repository for Dependabot. Click below for the new repository.
https://github.com/dependabot/dependabot-core
93 stars 28 forks source link

PR that did totally override my pom.xml dependency versions #28

Closed adriens closed 6 years ago

adriens commented 6 years ago

See https://github.com/adriens/schemacrawler-deb/commit/ad8ad1c958553f407a56c5aed7a119980a915270

see https://github.com/adriens/schemacrawler-deb/pull/16

Dependabot did replace all properties with the project.version properties, injecting a value instead of a variable...and not the good one :

selection_016

The pom dependencies version have been totally messed-up.

greysteil commented 6 years ago

Oh dear, sorry about that! The underlying issue here was that Dependabot's file-updating code was too permissive - it was trying to update the ${project.version} code, but instead picked up all <version> nodes. I've fixed that in https://github.com/dependabot/dependabot-core/commit/e7468e4b6211a647394c5330e7f335905229c326, which is being released now.

Apologies for the bug, and thanks for reporting it!

adriens commented 6 years ago

great, for now we are evualating dependabot which seems to cover our needs.

happy to have contributed to a bug finding :smile_cat:

By chance, Travis Ci did tell it to me on the PR :+1: