Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NPM alpha/prerelease dependencies don't update as expected #10458

Open
1 task done
blimmer opened this issue Aug 16, 2024 · 1 comment
Open
1 task done

NPM alpha/prerelease dependencies don't update as expected #10458

blimmer opened this issue Aug 16, 2024 · 1 comment
Labels
L: github:actions GitHub Actions L: javascript T: bug 🐞 Something isn't working

Comments

@blimmer
Copy link

blimmer commented Aug 16, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Yarn

Package manager version

yarn 4.4.0

Language version

No response

Manifest location and content before the Dependabot update

https://github.com/blimmer/dependabot-bug-report/blob/main/package.json

{
  "name": "dependabot-bug-report",
  "version": "0.1.0",
  "bin": "bin/dependabot-bug-report.js",
  "scripts": {
    "build": "tsc",
    "watch": "tsc -w",
    "test": "jest",
    "cdk": "cdk"
  },
  "devDependencies": {
    "@aws-cdk/aws-scheduler-alpha": "2.149.0-alpha.0",
    "@aws-cdk/aws-scheduler-targets-alpha": "2.149.0-alpha.0",
    "@types/jest": "^29.5.12",
    "@types/node": "20.14.9",
    "aws-cdk": "2.149.0",
    "jest": "^29.7.0",
    "ts-jest": "^29.1.5",
    "ts-node": "^10.9.2",
    "typescript": "~5.5.3"
  },
  "dependencies": {
    "aws-cdk-lib": "2.149.0",
    "constructs": "^10.0.0",
    "source-map-support": "^0.5.21"
  },
  "packageManager": "yarn@4.4.0"
}

https://github.com/blimmer/dependabot-bug-report/blob/main/yarn.lock

dependabot.yml content

https://github.com/blimmer/dependabot-bug-report/blob/main/.github/dependabot.yml

version: 2
updates:
  - package-ecosystem: 'npm'
    directory: '/'
    schedule:
      interval: 'daily'
    commit-message:
      prefix: 'chore(deps): '
    groups:
      cdk-updates:
        applies-to: version-updates
        patterns:
          - '@aws-cdk/*'
          - 'aws-cdk'
          - 'aws-cdk-lib'
        update-types:
          - patch
          - minor
          - major
      security-updates:
        applies-to: security-updates
        update-types:
          - patch
          - minor
          - major
      safe-updates:
        applies-to: version-updates
        update-types:
          - patch
          - minor
        exclude-patterns:
          - '@types/node'
      major-updates:
        applies-to: version-updates
        exclude-patterns:
          - '@types/node'
        update-types:
          - major

Updated dependency

This should update the following:

aws-cdk from 2.149.0 -> 2.152.0
aws-cdk-lib from 2.149.0 -> 2.152.0
@aws-cdk/aws-scheduler-alpha from 2.149.0-alpha.0 -> 2.152.0-alpha.0
@aws-cdk/aws-scheduler-targets-alpha from 2.149.0-alpha.0 -> 2.152.0-alpha.0

What you expected to see, versus what you actually saw

Dependabot successfully figures out the aws-cdk and aws-cdk-lib updates, but not the alpha packages.

GitHub actions run: https://github.com/blimmer/dependabot-bug-report/actions/runs/10427035923/job/28881042089

Log archive: 3_Run Dependabot.txt

Relevant part of logs:

updater | 2024/08/16 22:28:25 INFO <job_870468449> Checking if @aws-cdk/aws-scheduler-alpha 2.149.0-alpha.0 needs updating
  proxy | 2024/08/16 22:28:25 [120] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-alpha)
2024/08/16 22:28:25 [120] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-alpha)
  proxy | 2024/08/16 22:28:25 [122] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz)
2024/08/16 22:28:25 [122] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz)
updater | 2024/08/16 22:28:25 INFO <job_870468449> Latest version is 2.149.0-alpha.0
updater | 2024/08/16 22:28:25 INFO <job_870468449> Checking if @aws-cdk/aws-scheduler-targets-alpha 2.149.0-alpha.0 needs updating
  proxy | 2024/08/16 22:28:25 [124] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-targets-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-targets-alpha)
2024/08/16 22:28:25 [124] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-targets-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-targets-alpha)
  proxy | 2024/08/16 22:28:26 [126] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz)
2024/08/16 22:28:26 [126] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz)
updater | 2024/08/16 22:28:26 INFO <job_870468449> Latest version is 2.149.0-alpha.0

Native package manager behavior

> yarn upgrade-interactive
 Press <up>/<down> to select packages.            Press <enter> to install.
 Press <left>/<right> to select versions.         Press <ctrl+c> to abort.

? Pick the packages you want to upgrade.          Current          Range            Latest

   @aws-cdk/aws-scheduler-alpha ---------------- ◯ 2.149.0-alpha…                  ◉ 2.152.0 ------
   @aws-cdk/aws-scheduler-targets-alpha -------- ◯ 2.149.0-alpha…                  ◉ 2.152.0 ------
   @types/node --------------------------------- ◉ 20.14.9 ------ ◯ 20.15.0 ------ ◯ 22.4.0 -------
   aws-cdk-lib --------------------------------- ◯ 2.149.0 ------ ◉ 2.152.0 ------
 > aws-cdk ------------------------------------- ◯ 2.149.0 ------ ◉ 2.152.0 ------
   constructs ---------------------------------- ◉ ^10.0.0 ------ ◯ ^10.3.0 ------
   ts-jest ------------------------------------- ◉ ^29.1.5 ------ ◯ ^29.2.4 ------
   typescript ---------------------------------- ◉ ~5.5.3 ------- ◯ ~5.5.4 -------
➤ YN0000: · Yarn 4.4.0
➤ YN0000: ┌ Resolution step
➤ YN0085: │ + @aws-cdk/aws-scheduler-alpha@npm:2.152.0-alpha.0, @aws-cdk/aws-scheduler-targets-alpha@npm:2.152.0-alpha.0, aws-cdk-lib@npm:2.152.0, aws-cdk@npm:2.152.0
➤ YN0085: │ - @aws-cdk/aws-scheduler-alpha@npm:2.149.0-alpha.0, @aws-cdk/aws-scheduler-targets-alpha@npm:2.149.0-alpha.0, aws-cdk-lib@npm:2.149.0, aws-cdk@npm:2.149.0
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step
➤ YN0000: └ Completed in 0s 294ms
➤ YN0000: ┌ Link step
➤ YN0000: └ Completed in 1s 914ms
➤ YN0000: · Done in 2s 324ms

yarn upgrade-interactive allows the upgrade.

Images of the diff or a link to the PR, issue, or logs

See above.

Smallest manifest that reproduces the issue

I have a simple repro repository here: https://github.com/blimmer/dependabot-bug-report
@blimmer blimmer added the T: bug 🐞 Something isn't working label Aug 16, 2024
@blimmer blimmer mentioned this issue Aug 16, 2024
Closed
1 task
@dreamorosi
Copy link

We are seeing the same issue with dependencies of the same kind.

This is our Dependabot config:

version: 2
updates:
  - package-ecosystem: npm
    directories:
      - "/"
    labels: [ ]
    schedule:
      interval: daily
    versioning-strategy: increase
    ignore:
      - dependency-name: "@middy/core"
        update-types: [ "version-update:semver-major" ]
    groups:
      aws-sdk-v3:
        patterns:
        - "@aws-sdk/*"
        - "@smithy/*"
        - "aws-sdk-client-mock"
        - "aws-sdk-client-mock-jest"
      aws-cdk:
        patterns:
        - "@aws-cdk/cli-lib-alpha"
        - "aws-cdk-lib"
        - "aws-cdk"
      typedoc:
        patterns:
        - "typedoc"
        - "typedoc-plugin-*"

Which doesn't pick up the pre-release packages. Here are the Dependabot logs

image

In all cases the @aws-cdk/cli-lib-alpha package is always left behind.

I am not familiar with the codebase at all, but looking at the tests, there seems to be one that says that this should not be happening and that tests pre-release updates explicitly:

dependabot-core/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/requirements_updater_spec.rb

Lines 320 to 342 in ddb9722

context "when one of them is a pre-release" do
let(:package_json_req_string) { "0.4.5" }
let(:other_requirement_string) { "1.1.0-alpha.1" }
context "when the version is new pre-release version" do
let(:latest_resolvable_version) do
Dependabot::NpmAndYarn::Version.new("1.1.0-alpha.1")
end
it "updates the non-prerelease requirement" do
expect(updater.updated_requirements).to contain_exactly({
file: "package.json",
requirement: "1.1.0-alpha.1",
groups: [],
source: nil
}, {
file: "another/package.json",
requirement: "1.1.0-alpha.1",
groups: [],
source: nil
})
end
end

This was referenced Sep 26, 2024
Open
Open
@blimmer blimmer mentioned this issue Sep 28, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: github:actions GitHub Actions L: javascript T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@blimmer @dreamorosi