diff --git a/silent/tests/testdata/su-basic.txt b/silent/tests/testdata/su-basic.txt index 97febb1850c..6cbc897a4a2 100644 --- a/silent/tests/testdata/su-basic.txt +++ b/silent/tests/testdata/su-basic.txt @@ -2,6 +2,14 @@ dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/depe stderr 'created \| dependency-a \( from 1.2.3 to 1.2.4 \)' pr-created expected.json +dependabot update -f input-rebase-old.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent +stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.4 \)' +pr-updated expected.json + +dependabot update -f input-rebase-new.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent +stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.4 \)' +pr-updated expected.json + -- manifest.json -- { "dependency-a": { "version": "1.2.3" }, @@ -55,3 +63,62 @@ job: rules: patterns: - "*" + +-- input-rebase-old.yml -- +job: + package-manager: "silent" + dependencies: + - dependency-a + source: + directory: "/" + provider: example + hostname: example.com + api-endpoint: https://example.com/api/v3 + repo: dependabot/smoke-tests + security-advisories: + - dependency-name: dependency-a + affected-versions: + - < 1.2.4 + patched-versions: [] + unaffected-versions: [] + security-updates-only: true + # If present, groups are ignored + dependency-groups: + - name: all + rules: + patterns: + - "*" + updating-a-pull-request: true + existing-pull-requests: + - - dependency-name: dependency-a + dependency-version: 1.2.4 + +-- input-rebase-new.yml -- +job: + package-manager: "silent" + dependencies: + - dependency-a + source: + directory: "/" + provider: example + hostname: example.com + api-endpoint: https://example.com/api/v3 + repo: dependabot/smoke-tests + security-advisories: + - dependency-name: dependency-a + affected-versions: + - < 1.2.4 + patched-versions: [] + unaffected-versions: [] + security-updates-only: true + # If present, groups are ignored + dependency-groups: + - name: all + rules: + patterns: + - "*" + updating-a-pull-request: true + existing-pull-requests: + - - dependency-name: dependency-a + dependency-version: 1.2.4 + directory: "/" diff --git a/silent/tests/testdata/vu-basic.txt b/silent/tests/testdata/vu-basic.txt index 32dd2278612..00de0958668 100644 --- a/silent/tests/testdata/vu-basic.txt +++ b/silent/tests/testdata/vu-basic.txt @@ -2,7 +2,11 @@ dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/depe stderr 'created \| dependency-a \( from 1.2.3 to 1.2.5 \)' pr-created expected.json -dependabot update -f input-2.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent +dependabot update -f input-rebase-old.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent +stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.5 \)' +pr-updated expected.json + +dependabot update -f input-rebase-new.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.5 \)' pr-updated expected.json @@ -35,7 +39,23 @@ job: api-endpoint: https://example.com/api/v3 repo: dependabot/smoke-tests --- input-2.yml -- +-- input-rebase-old.yml -- +job: + package-manager: "silent" + source: + directory: "/" + provider: example + hostname: example.com + api-endpoint: https://example.com/api/v3 + repo: dependabot/smoke-tests + dependencies: + - dependency-a + updating-a-pull-request: true + existing-pull-requests: + - - dependency-name: dependency-a + dependency-version: 1.2.5 + +-- input-rebase-new.yml -- job: package-manager: "silent" source: @@ -50,3 +70,4 @@ job: existing-pull-requests: - - dependency-name: dependency-a dependency-version: 1.2.5 + directory: "/" diff --git a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb index 0383ae60f0b..1b1aefa6431 100644 --- a/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb +++ b/updater/lib/dependabot/updater/operations/refresh_security_update_pull_request.rb @@ -195,6 +195,21 @@ def log_requirements_for_update(requirements_to_unlock, checker) end def existing_pull_request(updated_dependencies) + new_pr_set = Set.new( + updated_dependencies.map do |dep| + { + "dependency-name" => dep.name, + "dependency-version" => dep.version, + "dependency-removed" => dep.removed? ? true : nil, + "directory" => dep.directory + }.compact + end + ) + + existing = job.existing_pull_requests.find { |pr| Set.new(pr) == new_pr_set } + return existing if existing + + # try the search again without directory new_pr_set = Set.new( updated_dependencies.map do |dep| { diff --git a/updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb b/updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb index 19fba5b33c0..81c1d660143 100644 --- a/updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb +++ b/updater/lib/dependabot/updater/operations/refresh_version_update_pull_request.rb @@ -200,6 +200,21 @@ def log_requirements_for_update(requirements_to_unlock, checker) end def existing_pull_request(updated_dependencies) + new_pr_set = Set.new( + updated_dependencies.map do |dep| + { + "dependency-name" => dep.name, + "dependency-version" => dep.version, + "dependency-removed" => dep.removed? ? true : nil, + "directory" => dep.directory + }.compact + end + ) + + existing = job.existing_pull_requests.find { |pr| Set.new(pr) == new_pr_set } + return existing if existing + + # try the search again without directory new_pr_set = Set.new( updated_dependencies.map do |dep| {