Dependabot PR titles suddenly less specific: across 1 directory rather than in /website

[corneliusroemer]

Is there an existing issue for this?

• I have searched the existing issues

What you expected to see, versus what you actually saw

It appears that around 18 hours ago (2024-04-29 20:00 UTC) grouped dependabot PR titles became more generic, less specific as follows:

Old: chore(deps): bump the minorandpatch group in /website with 16 updates

New: chore(deps): bump the minorandpatch group across 1 directory with 16 updates

Note: the specific and informative in /website got replaced with the generic across 1 directory making it much harder to tell at a glance what's impacted.

I noticed this change in a private repo, but I also found evidence for it in dependabot's own repo, see screenshots (coinciding with the timing I noticed above, indicating this is a global behavior change):

Old:

New:

This might be intended behavior, if so, I would like to strongly urge to reconsider.

Images of the diff or a link to the PR, issue, or logs

No response

[corneliusroemer]

Ah I see, this is a duplicate of #9631

[corneliusroemer]

Reopening as this is a more negative impact version of #9361 given there is a loss of information here rather than just useless extra information.

[jzabroski]

I tried to identify the root cause of this bug this morning. Some initial notes:

Unit test coverage is here:

dependabot-core/common/spec/dependabot/pull_request_creator/message_builder_spec.rb

Lines 965 to 983 in db38e85

	context "with two dependencies" do
	let(:metadata) { { directory: "/foo" } }
	let(:dependency2) do
	Dependabot::Dependency.new(
	name: "business2",
	version: "1.5.0",
	previous_version: "1.4.0",
	package_manager: "dummy",
	requirements: [],
	previous_requirements: [],
	metadata: { directory: "/bar" }
	)
	end
	let(:dependencies) { [dependency, dependency2] }
	it { is_expected.to eq("Bump the go_modules group across 2 directories with 2 updates") }
	end
	end
	end

Which appears intended to cover this method:

dependabot-core/common/lib/dependabot/pull_request_creator/message_builder.rb

Lines 256 to 273 in db38e85

	def grouped_directory_name
	updates = dependencies.map(&:name).uniq.count
	directories_from_dependencies = dependencies.to_set { |dep| dep.metadata[:directory] }
	directories_with_updates = source.directories&.filter do |directory|
	directories_from_dependencies.include?(directory)
	end
	if dependencies.count == 1
	"#{solo_pr_name} in the #{T.must(dependency_group).name} group across " \
	"#{T.must(directories_with_updates).count} directory"
	else
	"bump the #{T.must(dependency_group).name} group across #{T.must(directories_with_updates).count} " \
	"#{T.must(directories_with_updates).count > 1 ? 'directories' : 'directory'} " \
	"with #{updates} update#{'s' if updates > 1}"
	end
	end

[jzabroski]

The branch name is also incorrect/sub-optimal:

Add more commits by pushing to the dependabot/nuget/test/FluentMigrator.Tests/third-party-dependencies-2ac9f13416 branch on fluentmigrator/fluentmigrator.

I am guessing it would ideally be:

If only one directory included in the update across the group:

• dependabot/nuget/test/third-party-dependencies/FluentMigrator.Tests-2ac9f13416

If more than one directory included in the update across the group:

• dependabot/nuget/test/third-party-dependencies/FluentMigrator.Console+1more-2ac9f13416
  • Where FluentMigrator.Console is the lexicographically ascending sorted first directory updated in the group. "1more" would indicate at least one other directory was updated.
  • Minor note for people reading: 2ac9f13416 should be the first six octets (10101010 11001011 00101100 01100100 01110010 01101110) generated by Ruby's SecureRandom.uuid.