dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard
verified publisher icon dependabot

All grouped dependencies not updated

Open nicou opened this issue 2 years ago • 2 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Package ecosystem

npm

Package manager version

10.0.0

Language version

18.17.1

Manifest location and content before the Dependabot update

package.json

{
  "name": "aws-cdk-dependabot",
  "version": "0.1.0",
  "bin": {
    "aws-cdk-dependabot": "bin/aws-cdk-dependabot.js"
  },
  "scripts": {
    "build": "tsc",
  },
  "devDependencies": {
    "@types/jest": "^29.5.5",
    "@types/node": "20.6.3",
    "aws-cdk": "2.99.1",
    "jest": "^29.7.0",
    "ts-jest": "^29.1.1",
    "ts-node": "^10.9.1",
    "typescript": "~5.2.2"
  },
  "dependencies": {
    "@aws-cdk/aws-apigatewayv2-alpha": "2.99.1-alpha.0",
    "@aws-cdk/aws-apigatewayv2-integrations-alpha": "2.99.1-alpha.0",
    "aws-cdk-lib": "2.99.1",
    "constructs": "10.0.0",
    "source-map-support": "0.5.21"
  }
}

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "06:00"
      timezone: "Europe/Helsinki"
    groups:
      aws-cdk:
        patterns:
          - "aws-cdk"
          - "aws-cdk-lib"
          - "constructs"
          - "@aws-cdk/aws-apigatewayv2-alpha"
          - "@aws-cdk/aws-apigatewayv2-integrations-alpha"

Updated dependency

Updated correctly:

  • aws-cdk from 2.99.1 to 2.100.0
  • aws-cdk-lib from 2.99.1 to 2.100.0
  • constructs from 10.0.0 to 10.3.0

Not updated:

  • @aws-cdk/aws-apigatewayv2-alpha from 2.99.1-alpha.0 to 2.100.1-alpha.0
  • @aws-cdk/aws-apigatewayv2-integrations-alpha from 2.99.1-alpha.0 to 2.100.1-alpha.0

What you expected to see, versus what you actually saw

Some packages in the aws-cdk group were correctly updated, but two packages were not:

  • @aws-cdk/aws-apigatewayv2-alpha
  • @aws-cdk/aws-apigatewayv2-integrations-alpha

Dependabot log shows that it correctly checked if these packages have updates available. Both of them have a newer version (2.100.1-alpha.0) available, but Dependabot still consider the old version as latest:

updater | 2023/10/09 03:18:59 INFO <job_732254050> Starting update group for 'aws-cdk'
updater | 2023/10/09 03:18:59 INFO <job_732254050> Checking if @aws-cdk/aws-apigatewayv2-alpha 2.99.1-alpha.0 needs updating
  proxy | 2023/10/09 03:18:59 [014] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha
  proxy | 2023/10/09 03:18:59 [014] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha
  proxy | 2023/10/09 03:19:00 [016] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha/2.99.1-alpha.0
  proxy | 2023/10/09 03:19:00 [016] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha/2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> Latest version is 2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> No update needed for @aws-cdk/aws-apigatewayv2-alpha 2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> Checking if @aws-cdk/aws-apigatewayv2-integrations-alpha 2.99.1-alpha.0 needs updating
  proxy | 2023/10/09 03:19:00 [018] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha
  proxy | 2023/10/09 03:19:00 [018] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha
  proxy | 2023/10/09 03:19:00 [020] GET https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha/2.99.1-alpha.0
  proxy | 2023/10/09 03:19:00 [020] 200 https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha/2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> Latest version is 2.99.1-alpha.0
updater | 2023/10/09 03:19:00 INFO <job_732254050> No update needed for @aws-cdk/aws-apigatewayv2-integrations-alpha 2.99.1-alpha.0

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/nicou/aws-cdk-dependabot/pull/2

Smallest manifest that reproduces the issue

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    groups:
      aws-cdk:
        patterns:
          - "aws-cdk"
          - "aws-cdk-lib"
          - "@aws-cdk/aws-apigatewayv2-alpha"
          - "@aws-cdk/aws-apigatewayv2-integrations-alpha"

nicou avatar Oct 09 '23 08:10 nicou

I think the reason for this behavior is this line:

https://github.com/dependabot/dependabot-core/blob/b7bd33be0161e2a123bdcfa6b574e0999fc4964a/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/latest_version_finder.rb#L86

The intention of that line is to filter out pre-releases from the versions Dependabot will choose from, unless the pre-release is related to the current version which is also a pre-release.

That prevents Dependabot from updating a 1.0.0 dependency to a 1.0.1-alpha dependency, or if you're on a pre-release 1.0.0-pre.1 you will be offered a related pre-release 1.0.0-pre.2, but not an unrelated one like 1.0.1-pre.1. The idea there being when a pre-release version 1.0.0-pre is available there will eventually be a 1.0.0 too.

In the case of @aws-cdk/aws-apigatewayv2-alpha and @aws-cdk/aws-apigatewayv2-integrations-alpha, they ONLY release pre-releases which means Dependabot will never offer updates for them.

So I'm not sure how Dependabot could offer updates in this case, but not break existing functionality.

jakecoffman avatar Nov 28 '23 19:11 jakecoffman

Thanks for the explanation @jakecoffman. Do you think there's a way to add a flag to enable pre-release versions/release candidates? Similar to https://github.com/dependabot/dependabot-core/issues/2250

atipapp avatar Feb 15 '24 13:02 atipapp

closing out as the crew has shipped multiple fixes; please reopen if this still occurs

abdulapopoola avatar Apr 18 '24 15:04 abdulapopoola

@abdulapopoola , I believe this is still happening.

Here's my dependabot.yml group:

groups:
  cdk-updates:
    applies-to: version-updates
    patterns:
      - '@aws-cdk/*'
      - 'aws-cdk'
      - 'aws-cdk-lib'
    update-types:
      - patch
      - minor
      - major

In the output, I see:

updater | 2024/08/16 18:05:41 INFO <job_870396983> Starting update group for 'cdk-updates'
updater | 2024/08/16 18:05:41 INFO <job_870396983> Updating the / directory.
updater | 2024/08/16 18:05:42 INFO <job_870396983> Checking if aws-cdk-lib 2.149.0 needs updating
  proxy | 2024/08/16 18:05:42 [019] GET [https://registry.npmjs.org:443/aws-cdk-lib](https://registry.npmjs.org/aws-cdk-lib)
  proxy | 2024/08/16 18:05:42 [019] 200 [https://registry.npmjs.org:443/aws-cdk-lib](https://registry.npmjs.org/aws-cdk-lib)
  proxy | 2024/08/16 18:05:42 [021] HEAD [https://registry.npmjs.org:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
  proxy | 2024/08/16 18:05:43 [021] 200 [https://registry.npmjs.org:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
updater | 2024/08/16 18:05:43 INFO <job_870396983> Latest version is 2.152.0
  proxy | 2024/08/16 18:05:47 [023] GET [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:05:47 [023] 200 [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk-lib?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:05:48 [025] GET [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
  proxy | 2024/08/16 18:05:48 [025] 200 [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
  proxy | 2024/08/16 18:05:48 [028] GET [https://registry.yarnpkg.com:443/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz](https://registry.yarnpkg.com/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz)
  proxy | 2024/08/16 18:05:48 [029] GET [https://registry.yarnpkg.com:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
  proxy | 2024/08/16 18:05:48 [028] 200 [https://registry.yarnpkg.com:443/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz](https://registry.yarnpkg.com/@esbuild%2flinux-x64/-/linux-x64-0.23.0.tgz)
  proxy | 2024/08/16 18:05:48 [029] 200 [https://registry.yarnpkg.com:443/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.152.0.tgz)
updater | 2024/08/16 18:05:52 INFO <job_870396983> Requirements to unlock own
2024/08/16 18:05:52 INFO <job_870396983> Requirements update strategy bump_versions
2024/08/16 18:05:52 INFO <job_870396983> Updating aws-cdk-lib from 2.149.0 to 2.152.0
  proxy | 2024/08/16 18:05:57 [031] GET [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
  proxy | 2024/08/16 18:05:57 [031] 304 [https://registry.yarnpkg.com:443/aws-cdk-lib](https://registry.yarnpkg.com/aws-cdk-lib)
updater | 2024/08/16 18:05:58 INFO <job_870396983> Checking if aws-cdk 2.149.0 needs updating
  proxy | 2024/08/16 18:05:58 [033] GET [https://registry.npmjs.org:443/aws-cdk](https://registry.npmjs.org/aws-cdk)
  proxy | 2024/08/16 18:05:58 [033] 200 [https://registry.npmjs.org:443/aws-cdk](https://registry.npmjs.org/aws-cdk)
  proxy | 2024/08/16 18:05:58 [035] HEAD [https://registry.npmjs.org:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.152.0.tgz)
  proxy | 2024/08/16 18:05:59 [035] 200 [https://registry.npmjs.org:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.152.0.tgz)
updater | 2024/08/16 18:05:59 INFO <job_870396983> Latest version is 2.152.0
  proxy | 2024/08/16 18:06:03 [037] GET [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:06:03 [037] 200 [https://ofcncog2cu-dsn.algolia.net:443/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D](https://ofcncog2cu-dsn.algolia.net/1/indexes/npm-search/aws-cdk?x-algolia-agent=Algolia%20for%20JavaScript%20(4.22.1)%3B%20Node.js%20(20.16.0)&attributesToRetrieve=%5B%22types%22%5D)
  proxy | 2024/08/16 18:06:03 [039] GET [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
  proxy | 2024/08/16 18:06:03 [039] 200 [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
  proxy | 2024/08/16 18:06:04 [041] GET [https://registry.yarnpkg.com:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.152.0.tgz)
  proxy | 2024/08/16 18:06:04 [041] 200 [https://registry.yarnpkg.com:443/aws-cdk/-/aws-cdk-2.152.0.tgz](https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.152.0.tgz)
updater | 2024/08/16 18:06:05 INFO <job_870396983> Requirements to unlock own
updater | 2024/08/16 18:06:05 INFO <job_870396983> Requirements update strategy bump_versions
updater | 2024/08/16 18:06:05 INFO <job_870396983> Updating aws-cdk from 2.149.0 to 2.152.0
  proxy | 2024/08/16 18:06:10 [043] GET [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
  proxy | 2024/08/16 18:06:10 [043] 304 [https://registry.yarnpkg.com:443/aws-cdk](https://registry.yarnpkg.com/aws-cdk)
updater | 2024/08/16 18:06:11 INFO <job_870396983> Checking if @aws-cdk/aws-apigatewayv2-alpha 2.114.1-alpha.0 needs updating
  proxy | 2024/08/16 18:06:11 [045] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-alpha)
  proxy | 2024/08/16 18:06:11 [045] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-alpha)
  proxy | 2024/08/16 18:06:12 [047] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz)
  proxy | 2024/08/16 18:06:12 [047] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-alpha/-/aws-apigatewayv2-alpha-2.114.1-alpha.0.tgz)
updater | 2024/08/16 18:06:12 INFO <job_870396983> Latest version is 2.114.1-alpha.0
updater | 2024/08/16 18:06:12 INFO <job_870396983> Checking if @aws-cdk/aws-apigatewayv2-integrations-alpha 2.114.1-alpha.0 needs updating
  proxy | 2024/08/16 18:06:12 [049] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-integrations-alpha)
  proxy | 2024/08/16 18:06:12 [049] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-apigatewayv2-integrations-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-apigatewayv2-integrations-alpha)
  proxy | 2024/08/16 18:06:13 [051] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz)
  proxy | 2024/08/16 18:06:13 [051] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.114.1-alpha.0.tgz)
updater | 2024/08/16 18:06:13 INFO <job_870396983> Latest version is 2.114.1-alpha.0
updater | 2024/08/16 18:06:13 INFO <job_870396983> Checking if @aws-cdk/aws-scheduler-alpha 2.149.0-alpha.0 needs updating
  proxy | 2024/08/16 18:06:13 [053] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-alpha)
  proxy | 2024/08/16 18:06:14 [053] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-alpha)
  proxy | 2024/08/16 18:06:14 [055] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz)
  proxy | 2024/08/16 18:06:15 [055] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-alpha/-/aws-scheduler-alpha-2.149.0-alpha.0.tgz)
updater | 2024/08/16 18:06:15 INFO <job_870396983> Latest version is 2.149.0-alpha.0
updater | 2024/08/16 18:06:15 INFO <job_870396983> Checking if @aws-cdk/aws-scheduler-targets-alpha 2.149.0-alpha.0 needs updating
  proxy | 2024/08/16 18:06:15 [057] GET [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-targets-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-targets-alpha)
  proxy | 2024/08/16 18:06:16 [057] 200 [https://registry.npmjs.org:443/@aws-cdk%2Faws-scheduler-targets-alpha](https://registry.npmjs.org/@aws-cdk%2Faws-scheduler-targets-alpha)
  proxy | 2024/08/16 18:06:16 [059] HEAD [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz)
  proxy | 2024/08/16 18:06:16 [059] 200 [https://registry.npmjs.org:443/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz](https://registry.npmjs.org/@aws-cdk/aws-scheduler-targets-alpha/-/aws-scheduler-targets-alpha-2.149.0-alpha.0.tgz)
updater | 2024/08/16 18:06:16 INFO <job_870396983> Latest version is 2.149.0-alpha.0
updater | 2024/08/16 18:06:16 INFO <job_870396983> Creating a pull request for 'cdk-updates'

Since these repos are released along with aws-cdk-lib, the most current should have been 2.152.0-alpha.0, but it's incorrectly reporting that the latest version is 2.149.0-alpha.0.

Could we re-open this issue?

blimmer avatar Aug 16 '24 19:08 blimmer

Sorry to hear that @blimmer , could you please file a new issue so we have fresh context to start with?

abdulapopoola avatar Aug 16 '24 21:08 abdulapopoola

Sure, no problem. I recreated it in a public repo and filed #10458 to track the problem.

blimmer avatar Aug 16 '24 22:08 blimmer