-
Notifications
You must be signed in to change notification settings - Fork 993
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grouped dependencies - Old PR not closing when new PR added by dependabot #7305
Comments
I also noticed that some older normal dependabot PRs were left open. These target a single dependency which I'd have expected to have been superceeded by the defined patterns ie:
|
We encountered this too. For example, groups were enabled in heroku/buildpacks-go#114, which resulted in a new grouped PR being opened (heroku/buildpacks-go#116), however the old PRs for those deps weren't closed: |
Plus when I manually closed the old redundant ungrouped PRs, I got the "ignoring this dependency version" message which is not what I wanted (I expected Dependabot to realise the PR had been replaced instead). |
We encountered this both ways, with: Error group didn't close single PR, but was closed when it merged: serde group closed single PR: |
Hi @edmorley ; please is this resolved? Or are you still running into issues? |
@abdulapopoola I'm still seeing some cases of old PRs not being closed - I've filed a new issue with more details (since I wasn't the OP in this issue, so I don't want to hijack this thread): #8162 |
I just shipped a fix for this. Going forward Dependabot will close older PRs if the dependencies in them are a subset of the new PR's updated dependencies. Thanks for all the reports! |
Is there an existing issue for this?
Package ecosystem
gradle
Package manager version
8.0.2
Language version
Java 17
Manifest location and content before the Dependabot update
https://github.com/odpi/egeria/blob/main/bom/build.gradle
dependabot.yml content
https://github.com/odpi/egeria/blob/main/.github/dependabot.yml
Updated dependency
Handling several groups
What you expected to see, versus what you actually saw
When new updates were available within a dependency group, or the dependency group definition was changed, a new PR should be opened, and the old one closed (or the original updated)
What actually happened is I ended up with multiple PRs for each group
I suspect it was editing of the dependabot.xml that resulted in this behaviour, as I would have added additional wildcards to the group as I started experimenting
(Will close manually)
Native package manager behavior
n/a
Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: