dependabot-core
dependabot-core copied to clipboard
dependabot
Dependabot does not take Pipenv extras into account
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
pipenv
Package manager version
2024.0.1
Language version
Python 3.10
Manifest location and content before the Dependabot update
/Pipfile
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[pipenv]
sort_pipfile = true
[packages]
alembic = "*"
fastapi = { extras = ["all"], version = "~=0.111.1" }
google-cloud-logging = "*"
gunicorn = "*"
pago46 = "*"
psycopg = { extras = ["c"], version = "*" }
sentry-sdk = { extras = ["fastapi"], version = "*" }
[dev-packages]
gevent = "*"
pre-commit = "*"
pytest-cov = "*"
[requires]
python_version = "3.10"
dependabot.yml content
version: 2
updates:
- package-ecosystem: pip
directory: /
schedule:
interval: weekly
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
Updated dependency
psycopg: from 3.1.18 to 3.2.1
What you expected to see, versus what you actually saw
The update from dependabot should have updated both the psycopg and psycopg-c packages. Instead, only psycopg was updated.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
psycopg = {extras = ["c"], version = "==3.1.18"}
[requires]
python_version = "3.10"
Issue is not reproducible. Dependabot is successfully creating PRs for pip extra dependencies. Attaching ss for the same:
Closing w.r.t above comment. Can be reopened if issue is reproducible.
