dependabot · jakecoffman · Jul 30, 2024 · Jul 30, 2024 · Jul 30, 2024
@@ -2,6 +2,14 @@ dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/depe
 stderr 'created \| dependency-a \( from 1.2.3 to 1.2.4 \)'
 pr-created expected.json
 
+dependabot update -f input-rebase-old.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.4 \)'
+pr-updated expected.json
+
+dependabot update -f input-rebase-new.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.4 \)'
+pr-updated expected.json
+
 -- manifest.json --
 {
   "dependency-a": { "version": "1.2.3" },
@@ -55,3 +63,62 @@ job:
       rules:
         patterns:
           - "*"
+
+-- input-rebase-old.yml --
+job:
+  package-manager: "silent"
+  dependencies:
+    - dependency-a
+  source:
+    directory: "/"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  security-advisories:
+    - dependency-name: dependency-a
+      affected-versions:
+        - < 1.2.4
+      patched-versions: []
+      unaffected-versions: []
+  security-updates-only: true
+  # If present, groups are ignored
+  dependency-groups:
+    - name: all
+      rules:
+        patterns:
+          - "*"
+  updating-a-pull-request: true
+  existing-pull-requests:
+    - - dependency-name: dependency-a
+        dependency-version: 1.2.4
+
+-- input-rebase-new.yml --
+job:
+  package-manager: "silent"
+  dependencies:
+    - dependency-a
+  source:
+    directory: "/"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  security-advisories:
+    - dependency-name: dependency-a
+      affected-versions:
+        - < 1.2.4
+      patched-versions: []
+      unaffected-versions: []
+  security-updates-only: true
+  # If present, groups are ignored
+  dependency-groups:
+    - name: all
+      rules:
+        patterns:
+          - "*"
+  updating-a-pull-request: true
+  existing-pull-requests:
+    - - dependency-name: dependency-a
+        dependency-version: 1.2.4
+        directory: "/"
@@ -2,7 +2,11 @@ dependabot update -f input.yml --local . --updater-image ghcr.io/dependabot/depe
 stderr 'created \| dependency-a \( from 1.2.3 to 1.2.5 \)'
 pr-created expected.json
 
-dependabot update -f input-2.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+dependabot update -f input-rebase-old.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
+stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.5 \)'
+pr-updated expected.json
+
+dependabot update -f input-rebase-new.yml --local . --updater-image ghcr.io/dependabot/dependabot-updater-silent
 stderr 'updated \| dependency-a \( from 1.2.3 to 1.2.5 \)'
 pr-updated expected.json
 
@@ -35,7 +39,23 @@ job:
     api-endpoint: https://example.com/api/v3
     repo: dependabot/smoke-tests
 
--- input-2.yml --
+-- input-rebase-old.yml --
+job:
+  package-manager: "silent"
+  source:
+    directory: "/"
+    provider: example
+    hostname: example.com
+    api-endpoint: https://example.com/api/v3
+    repo: dependabot/smoke-tests
+  dependencies:
+    - dependency-a
+  updating-a-pull-request: true
+  existing-pull-requests:
+    - - dependency-name: dependency-a
+        dependency-version: 1.2.5
+
+-- input-rebase-new.yml --
 job:
   package-manager: "silent"
   source:
@@ -50,3 +70,4 @@ job:
   existing-pull-requests:
     - - dependency-name: dependency-a
         dependency-version: 1.2.5
+        directory: "/"
@@ -195,6 +195,21 @@ def log_requirements_for_update(requirements_to_unlock, checker)
         end
 
         def existing_pull_request(updated_dependencies)
+          new_pr_set = Set.new(
+            updated_dependencies.map do |dep|
+              {
+                "dependency-name" => dep.name,
+                "dependency-version" => dep.version,
+                "dependency-removed" => dep.removed? ? true : nil,
+                "directory" => dep.directory
+              }.compact
+            end
+          )
+
+          existing = job.existing_pull_requests.find { |pr| Set.new(pr) == new_pr_set }
+          return existing if existing
+
+          # try the search again without directory
           new_pr_set = Set.new(
             updated_dependencies.map do |dep|
               {

@@ -200,6 +200,21 @@ def log_requirements_for_update(requirements_to_unlock, checker)
         end
 
         def existing_pull_request(updated_dependencies)
+          new_pr_set = Set.new(
+            updated_dependencies.map do |dep|
+              {
+                "dependency-name" => dep.name,
+                "dependency-version" => dep.version,
+                "dependency-removed" => dep.removed? ? true : nil,
+                "directory" => dep.directory
+              }.compact
+            end
+          )
+
+          existing = job.existing_pull_requests.find { |pr| Set.new(pr) == new_pr_set }
+          return existing if existing
+
+          # try the search again without directory
           new_pr_set = Set.new(
             updated_dependencies.map do |dep|
               {