PyUp opens PR using wrong version

pyupio / pyup

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

https://pyup.io

MIT License

448 stars 67 forks source link

PyUp opens PR using wrong version #363

Closed duckinator closed 4 years ago

duckinator commented 5 years ago

I managed to get a PR from PyUp to update to the second-newest version, today.

https://github.com/duckinator/bork was using pep517 v0.5.0, which was actually version out-of-date, but never corrected by PyUp because I'd explicitly pinned it.
At 7:30AM EST today (2019-09-27 07:30 EST), v0.7.0 of the pep517 library was released.
At 7:33AM EST today (2019-09-27 07:33 EST), PyUp opened https://github.com/duckinator/bork/pull/35, to update pep517 to v0.6.0, which was released over a month ago.

My suspicion is that there's probably a cache involved, somewhere, but I have nothing concrete to back that up.

rafaelpivato commented 4 years ago

Good thing you did report this, @duckinator

Were you using an API key or the public pyupio/safety-db database?

The point is that the public database gets updated once a month, so that behavior would be expected.

duckinator commented 4 years ago

I enabled https://pyup.io/ for my repo. So I'm assuming probably the public one?

rafaelpivato commented 4 years ago

My bad @duckinator -- that was not a Safety CI update. In that case, only PyPi store information is used. What I saw in the logs is that our bot commit was made on the same day of the release of version 0.7. So, maybe there was a race condition or a bug electing next version to be used. Hard to say now.

If you get that happening again, please let me know. I will try to check logs ASAP then.