Closed cancan101 closed 3 months ago
If I am reading the code right, it looks to be hitting https://github.com/tinglesoftware/dependabot-azure-devops/blob/48fc66941b8c097c11ef1f0d988517e03d1e5626/updater/bin/update_script.rb#L606 with requirements_to_unlock
= update_not_possible
from https://github.com/tinglesoftware/dependabot-azure-devops/blob/48fc66941b8c097c11ef1f0d988517e03d1e5626/updater/bin/update_script.rb#L592-L603
It is possible that the package cannot be updated because there is a version restriction in the dependabot.yml
file (i.e., ignore
or allow
nodes), or because there is a transitive dependency that blocks the update. A repro would help here. Also, try the same setup in a private repository on GitHub.
Yep, I already tried on GitHub and the Dependabot there was able upgrade fine. Likewise, composer update --dry-run
seems to work as well.
A public repro (AzDO) would help here
This also happens with NPM.
Even when the version constraints use a caret for upward versions.
"foo": "^2.35.0"
will not be updated to version 2.35.1
This started happening with the update to Dependabot 0.244.0
There is a new version of dependabot that was just released, not sure if that fixes issue.
Is there a commit/PR referencing the fix? Please reference it because I couldn't find it in the release notes.
New version updates come on Monday mostly.
I created a public repos on Azure DO demonstrating the issue: https://dev.azure.com/laticrete/Public%20Repos/_build/results?buildId=7836&view=logs&j=12f1170f-54f2-53f3-20dd-22fc7dff55f9&t=1f93c1a3-255b-505a-53c9-c382114aabf5
I tried testing older versions of the dependabot-azure-devops Docker image but they did not work either (i.e. I am not sure this was broken in 0.244.0
).
Just pushed a new version with the new version of dependabot. Could you confirm the issue persists before I start to look into the repro you provided?
What is the new version? Don't think I am seeing it onGH.
That did not look to fix the issue.
If I understand this correctly, this started with dependabot-ominbus@0.244.0
?
If that is so, before I can repro, you can use the following in your pipeline:
steps:
- dependabot@1
inputs:
+ dockerImageTag: '1.26.1'
If I understand this correctly, this started with dependabot-ominbus@0.244.0?
I don't think that is the case. @THETCR indicated it was the case, but I think the issue still exists on older image tags.
Please let me know if there is any additional information that I can provide to help diagnose the issue.
I am still seeing this issue on 1.27.685
: https://dev.azure.com/laticrete/Public%20Repos/_build/results?buildId=8205&view=logs&j=12f1170f-54f2-53f3-20dd-22fc7dff55f9&t=1f93c1a3-255b-505a-53c9-c382114aabf5
I am still observing this issue. The output has changed slightly:
Checking if pimcore/pimcore 10.5.12 needs updating
🌍 --> GET https://repo.packagist.org/p2/pimcore/pimcore.json
🌍 <-- 200 https://repo.packagist.org/p2/pimcore/pimcore.json
Requirements to unlock update_not_possible
Requirements update strategy #<Dependabot::RequirementsUpdateStrategy::BumpVersionsIfNecessary>
Done
Finishing: dependabot
and this is the entirety of the composer.json
file (there should be a new version of pimcore/pimcore
found):
{
"name": "pimcore/test",
"type": "project",
"config": {
"allow-plugins": {
"php-http/discovery": true
}
},
"require": {
"pimcore/pimcore": "^10.5.12"
}
}
I suspect this has been fixed in version 1.29 Kindly check.
Confirmed, this has been fixed with 1.29.
Describe the bug I am seeing this in the logs:
To Reproduce Steps to reproduce the behavior:
Expected behavior Messages in log like: "Latest version is 4.13.2" along with associated PR
Extension (please complete the following information):
Additional context I copied over the composer.json, composer.lock and dependabot.yml to github and it ran fine there.