-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grouped dependency updates for NuGet packages not working correctly #8576
Comments
Manually re-running dependabot after the incorrect pull request is merged generates a PR that does update xunit to 2.6.3: martincostello/project-euler#317. |
Similar issue here, except the package that was updated and the package that wasn't are the other way around: martincostello/website#1717 |
Another example, but in this case the commit in the pull request is completely empty: App-vNext/Polly#1848 |
Same issue: Nexus-Mods/NexusMods.App#811 |
same as #8475? |
Not sure. 23 days ago the previous xunit grouped update worked as expected. The NuGet implementation had a big overhaul in the last few weeks. |
Same issue here ... |
I can also confirm this |
Can confirm this has been happening since at least December 4th. On November 27th, one of my projects had a dependabot PR that referenced Microsoft.EntityFrameworkCore.Sqlite and Microsoft.EntityFrameworkCore.SqlServer, and both packages were updated. After December 4th, grouped updates stopped working properly for just Nuget packages |
This has been happening since November 27th in some of my repos xt0rted/dotnet-rimraf#267. The issue is most likely a bug in the new .net based nuget updater. This and other issues all started when that was announced. At that time my .net 8 projects started randomly failing to update which ended up being due to #8530, and I'm also seeing duplicate package details in the PR/commit body sometimes as seen here #8631 (comment). |
For me the issue with upgrading groups is that it doesn't upgrade the dependencies in all the projects. It seems like it only upgrades the projects that have all the dependencies in the group (see https://github.com/RalphDriessen/example-dependabot-groups-issues/pull/1/files). In this example, all three projects have the dependency |
Any update to this? This is a pretty frustrating bug |
Same problem for centralized package versions ( |
I hate to do this, but @deivid-rodriguez, is your team tracking this? Grouped nuget updates have been broken for almost two months. |
I prepared a PR #8908 that should solve the issue with NuGet grouped updates, a review of changes is welcomed I am not a project maintainer |
@martincostello Hello, a fix for this went out yesterday #9228 and some people have confirmed it is working as expected. Let us know if it is working for you as well. Thanks. |
This comment was marked as off-topic.
This comment was marked as off-topic.
@sebasgomez238 just double checked the grouping. It seems to be working for packages, but the update message was displaying all packages, not just the ones matching the filter parameters. I have some rules in place to only get the updates for Microsoft packages, but I'm getting all packages in the update message. For the actual file updates, I'm only seeing the packages matched by the grouping filers. Here is what my grouping looks like: groups:
microsoft:
patterns:
- 'Microsoft*'
default:
patterns:
- '*'
exclude-patterns:
- 'Microsoft*' |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Submitted the issue ticket, and it's #9248 |
I'm afraid I can't verify these issues at the moment as now I'm experiencing #9245. |
@martincostello ; can you please try again? :) |
I've re-run dependabot on all my .NET repos and now there's only 3 that have some sort of error. I'll need to investigate a bit further as to if they're other specific existing issues or not. I'll need to do a manual revert in a repo with a group defined later on today to see if this specific issue is resolved. |
Remove the PollyVersion MSBuild property and downgrade to 8.3.1 to test dependabot/dependabot-core#8576.
Remove the PollyVersion MSBuild property and downgrade to 8.3.1 to test dependabot/dependabot-core#8576.
Looks like it's behaving now 🥳 |
Is there an existing issue for this?
Package ecosystem
NuGet
Package manager version
.NET 8.0.100 SDK
Language version
C# 12
Manifest location and content before the Dependabot update
Directory.Packages.props
dependabot.yml content
dependabot.yml
Updated dependency
What you expected to see, versus what you actually saw
Dependabot reports in the pull request (martincostello/project-euler#315) and the commit message (martincostello/project-euler@741ea1e) that it has updated both of the xunit and xunit.runner.visualstudio NuGet packages.
However, on inspecting the Git diff only xunit.runner.visualstudio has been updated.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
martincostello/project-euler#315
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: