All grouped dependencies not updated

[nicou]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

npm

Package manager version

10.0.0

Language version

18.17.1

Manifest location and content before the Dependabot update

package.json

{
  "name": "aws-cdk-dependabot",
  "version": "0.1.0",
  "bin": {
    "aws-cdk-dependabot": "bin/aws-cdk-dependabot.js"
  },
  "scripts": {
    "build": "tsc",
  },
  "devDependencies": {
    "@types/jest": "^29.5.5",
    "@types/node": "20.6.3",
    "aws-cdk": "2.99.1",
    "jest": "^29.7.0",
    "ts-jest": "^29.1.1",
    "ts-node": "^10.9.1",
    "typescript": "~5.2.2"
  },
  "dependencies": {
    "@aws-cdk/aws-apigatewayv2-alpha": "2.99.1-alpha.0",
    "@aws-cdk/aws-apigatewayv2-integrations-alpha": "2.99.1-alpha.0",
    "aws-cdk-lib": "2.99.1",
    "constructs": "10.0.0",
    "source-map-support": "0.5.21"
  }
}

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "06:00"
      timezone: "Europe/Helsinki"
    groups:
      aws-cdk:
        patterns:
          - "aws-cdk"
          - "aws-cdk-lib"
          - "constructs"
          - "@aws-cdk/aws-apigatewayv2-alpha"
          - "@aws-cdk/aws-apigatewayv2-integrations-alpha"

Updated dependency

Updated correctly:

• aws-cdk from 2.99.1 to 2.100.0
• aws-cdk-lib from 2.99.1 to 2.100.0
• constructs from 10.0.0 to 10.3.0

Not updated:

• @aws-cdk/aws-apigatewayv2-alpha from 2.99.1-alpha.0 to 2.100.1-alpha.0
• @aws-cdk/aws-apigatewayv2-integrations-alpha from 2.99.1-alpha.0 to 2.100.1-alpha.0

What you expected to see, versus what you actually saw

Some packages in the aws-cdk group were correctly updated, but two packages were not:

• @aws-cdk/aws-apigatewayv2-alpha
• @aws-cdk/aws-apigatewayv2-integrations-alpha

Dependabot log shows that it correctly checked if these packages have updates available. Both of them have a newer version (2.100.1-alpha.0) available, but Dependabot still consider the old version as latest:

updater | 2023/10/09 03:18:59 INFO <job_732254050> Starting update group for 'aws-cdk'
updater | 2023/10/09 03:18:59 INFO <job_732254050> Checking if @aws-cdk/aws-apigatewayv2-alpha 2.99.1-alpha.0 needs updating
  proxy | 2023/10/09 03:18:59 [014] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha
  proxy | 2023/10/09 03:18:59 [014] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha
  proxy | 2023/10/09 03:19:00 [016] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha/2.99.1-alpha.0
  proxy | 2023/10/09 03:19:00 [016] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha/2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> Latest version is 2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> No update needed for @aws-cdk/aws-apigatewayv2-alpha 2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> Checking if @aws-cdk/aws-apigatewayv2-integrations-alpha 2.99.1-alpha.0 needs updating
  proxy | 2023/10/09 03:19:00 [018] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha
  proxy | 2023/10/09 03:19:00 [018] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha
  proxy | 2023/10/09 03:19:00 [020] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha/2.99.1-alpha.0
  proxy | 2023/10/09 03:19:00 [020] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha/2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> Latest version is 2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> No update needed for @aws-cdk/aws-apigatewayv2-integrations-alpha 2.99.1-alpha.0

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/nicou/aws-cdk-dependabot/pull/2

Smallest manifest that reproduces the issue

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    groups:
      aws-cdk:
        patterns:
          - "aws-cdk"
          - "aws-cdk-lib"
          - "@aws-cdk/aws-apigatewayv2-alpha"
          - "@aws-cdk/aws-apigatewayv2-integrations-alpha"

[jakecoffman]

I think the reason for this behavior is this line:

dependabot-core/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb

Line 86 in b7bd33b

v.prerelease? && !related_to_current_pre?(v)

The intention of that line is to filter out pre-releases from the versions Dependabot will choose from, unless the pre-release is related to the current version which is also a pre-release.

That prevents Dependabot from updating a 1.0.0 dependency to a 1.0.1-alpha dependency, or if you're on a pre-release 1.0.0-pre.1 you will be offered a related pre-release 1.0.0-pre.2, but not an unrelated one like 1.0.1-pre.1. The idea there being when a pre-release version 1.0.0-pre is available there will eventually be a 1.0.0 too.

In the case of @aws-cdk/aws-apigatewayv2-alpha and @aws-cdk/aws-apigatewayv2-integrations-alpha, they ONLY release pre-releases which means Dependabot will never offer updates for them.

So I'm not sure how Dependabot could offer updates in this case, but not break existing functionality.

[atipapp]

Thanks for the explanation @jakecoffman. Do you think there's a way to add a flag to enable pre-release versions/release candidates? Similar to #2250

[abdulapopoola]

closing out as the crew has shipped multiple fixes; please reopen if this still occurs

[blimmer]

@abdulapopoola , I believe this is still happening.

Here's my dependabot.yml group:

groups:
  cdk-updates:
    applies-to: version-updates
    patterns:
      - '@aws-cdk/*'
      - 'aws-cdk'
      - 'aws-cdk-lib'
    update-types:
      - patch
      - minor
      - major

In the output, I see:

updater | 2024/08/16 18:05:41 INFO <job_870396983> Starting update group for 'cdk-updates'
updater | 2024/08/16 18:05:41 INFO <job_870396983> Updating the / directory.
updater | 2024/08/16 18:05:42 INFO <job_870396983> Checking if aws-cdk-lib 2.149.0 needs updating
  proxy | 2024/08/16 18:05:42 [019] GET [https://registry.npmjs.org:443/aws-cdk-lib](https://registry.npmjs.org/aws-cdk-lib)
  proxy | 2024/08/16 18:05:42 [019] 200 [https://registry.npmjs.org:443/aws-cdk-lib](https://registry.npmjs.org/aws-cdk-lib)
  proxy | 2024/08/16 18:05:42 [021] HEAD [https://registry.npmjs.org:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
  proxy | 2024/08/16 18:05:43 [021] 200 [https://registry.npmjs.org:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
updater | 2024/08/16 18:05:43 INFO <job_870396983> Latest version is 2.152.0
  proxy | 2024/08/16 18:05:47 [023] GET [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:05:47 [023] 200 [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:05:48 [025] GET [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
  proxy | 2024/08/16 18:05:48 [025] 200 [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
  proxy | 2024/08/16 18:05:48 [028] GET [https://registry.yarnpkg.com:443/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz](https://registry.yarnpkg.com/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz)
  proxy | 2024/08/16 18:05:48 [029] GET [https://registry.yarnpkg.com:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
  proxy | 2024/08/16 18:05:48 [028] 200 [https://registry.yarnpkg.com:443/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz](https://registry.yarnpkg.com/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz)
  proxy | 2024/08/16 18:05:48 [029] 200 [https://registry.yarnpkg.com:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
updater | 2024/08/16 18:05:52 INFO <job_870396983> Requirements to unlock own
2024/08/16 18:05:52 INFO <job_870396983> Requirements update strategy bump_versions
2024/08/16 18:05:52 INFO <job_870396983> Updating aws-cdk-lib from 2.149.0 to 2.152.0
  proxy | 2024/08/16 18:05:57 [031] GET [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
  proxy | 2024/08/16 18:05:57 [031] 304 [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
updater | 2024/08/16 18:05:58 INFO <job_870396983> Checking if aws-cdk 2.149.0 needs updating
  proxy | 2024/08/16 18:05:58 [033] GET [https://registry.npmjs.org:443/aws-cdk](https://registry.npmjs.org/aws-cdk)
  proxy | 2024/08/16 18:05:58 [033] 200 [https://registry.npmjs.org:443/aws-cdk](https://registry.npmjs.org/aws-cdk)
  proxy | 2024/08/16 18:05:58 [035] HEAD [https://registry.npmjs.org:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.152.0.tgz)
  proxy | 2024/08/16 18:05:59 [035] 200 [https://registry.npmjs.org:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.152.0.tgz)
updater | 2024/08/16 18:05:59 INFO <job_870396983> Latest version is 2.152.0
  proxy | 2024/08/16 18:06:03 [037] GET [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:06:03 [037] 200 [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:06:03 [039] GET [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
  proxy | 2024/08/16 18:06:03 [039] 200 [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
  proxy | 2024/08/16 18:06:04 [041] GET [https://registry.yarnpkg.com:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.152.0.tgz)
  proxy | 2024/08/16 18:06:04 [041] 200 [https://registry.yarnpkg.com:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.152.0.tgz)
updater | 2024/08/16 18:06:05 INFO <job_870396983> Requirements to unlock own
updater | 2024/08/16 18:06:05 INFO <job_870396983> Requirements update strategy bump_versions
updater | 2024/08/16 18:06:05 INFO <job_870396983> Updating aws-cdk from 2.149.0 to 2.152.0
  proxy | 2024/08/16 18:06:10 [043] GET [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
  proxy | 2024/08/16 18:06:10 [043] 304 [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
updater | 2024/08/16 18:06:11 INFO <job_870396983> Checking if @aws-cdk/aws-apigatewayv2-alpha 2.114.1-alpha.0 needs updating
  proxy | 2024/08/16 18:06:11 [045] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-alpha)
  proxy | 2024/08/16 18:06:11 [045] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-alpha)
  proxy | 2024/08/16 18:06:12 [047] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz)
  proxy | 2024/08/16 18:06:12 [047] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz)
updater | 2024/08/16 18:06:12 INFO <job_870396983> Latest version is 2.114.1-alpha.0
updater | 2024/08/16 18:06:12 INFO <job_870396983> Checking if @aws-cdk/aws-apigatewayv2-integrations-alpha 2.114.1-alpha.0 needs updating
  proxy | 2024/08/16 18:06:12 [049] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-integrations-alpha)
  proxy | 2024/08/16 18:06:12 [049] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-integrations-alpha)
  proxy | 2024/08/16 18:06:13 [051] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz)
  proxy | 2024/08/16 18:06:13 [051] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz)
updater | 2024/08/16 18:06:13 INFO <job_870396983> Latest version is 2.114.1-alpha.0
updater | 2024/08/16 18:06:13 INFO <job_870396983> Checking if @aws-cdk/aws-scheduler-alpha 2.149.0-alpha.0 needs updating
  proxy | 2024/08/16 18:06:13 [053] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-alpha)
  proxy | 2024/08/16 18:06:14 [053] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-alpha)
  proxy | 2024/08/16 18:06:14 [055] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz)
  proxy | 2024/08/16 18:06:15 [055] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz)
updater | 2024/08/16 18:06:15 INFO <job_870396983> Latest version is 2.149.0-alpha.0
updater | 2024/08/16 18:06:15 INFO <job_870396983> Checking if @aws-cdk/aws-scheduler-targets-alpha 2.149.0-alpha.0 needs updating
  proxy | 2024/08/16 18:06:15 [057] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-targets-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-targets-alpha)
  proxy | 2024/08/16 18:06:16 [057] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-targets-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-targets-alpha)
  proxy | 2024/08/16 18:06:16 [059] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz)
  proxy | 2024/08/16 18:06:16 [059] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz)
updater | 2024/08/16 18:06:16 INFO <job_870396983> Latest version is 2.149.0-alpha.0
updater | 2024/08/16 18:06:16 INFO <job_870396983> Creating a pull request for 'cdk-updates'

Since these repos are released along with aws-cdk-lib, the most current should have been 2.152.0-alpha.0, but it's incorrectly reporting that the latest version is 2.149.0-alpha.0.

Could we re-open this issue?

[abdulapopoola]

Sorry to hear that @blimmer , could you please file a new issue so we have fresh context to start with?

[blimmer]

Sure, no problem. I recreated it in a public repo and filed #10458 to track the problem.