dependabot
Dependabot selects the wrong file as a dependency under the pip ecosystem
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
pip
Package manager version
pip 24.0
Language version
Python 3.12
Manifest location and content before the Dependabot update
https://github.com/Zxilly/go-size-analyzer/blob/master/scripts/requirements.txt
dependabot.yml content
version: 2
updates:
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
# - package-ecosystem: "npm"
# directory: "/ui"
# schedule:
# interval: "daily"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
- package-ecosystem: "pip"
directory: "/scripts"
schedule:
interval: "daily"
Updated dependency
No response
What you expected to see, versus what you actually saw
dependabot should read dependecies from requirements.txt which locates at https://github.com/Zxilly/go-size-analyzer/blob/3d58b6d6f93783e7d3fffa03ac0128758418c899/scripts/requirements.txt. However, it reads data from skip.txt, which is a data file which not related to the package manager.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
https://github.com/Zxilly/go-size-analyzer/actions/runs/9508733973/job/26210566565
Smallest manifest that reproduces the issue
version: 2
updates:
- package-ecosystem: "pip"
directory: "/scripts"
schedule:
interval: "daily"
Seems dependabot has some rules to search for deps file (https://github.com/dependabot/dependabot-core/issues/3940), it's obvious that it's broken right now. I known little about ruby so I may not be able to help.
Seems https://github.com/dependabot/dependabot-core/blob/fff2779be8611e72417db58b2b31f97f89352b40/python/helpers/lib/parser.py#L83-L87 results to this.
Issue is not reproducible. Attaching screenshot from test repository below:
Closing w.r.t above comment. Can be reopened if issue is still reproducible.
