dependabot-core
dependabot-core copied to clipboard
Published
20 hours ago •
dependabot
dependabot
Unable to parse Gradle version catalog when using non standard format
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
Gradle
Package manager version
8.5
Language version
No response
Manifest location and content before the Dependabot update
/gradle/libs.versions.toml
dependabot.yml content
version: 2
updates:
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "daily"
Updated dependency
N/A
What you expected to see, versus what you actually saw
This is a valid libs.versions.toml file for Gradle, but Dependabot is unable to parse it and errors. The file contains an old dependency, so I would expect it to create a PR to update it.
Native package manager behavior
N/A
Images of the diff or a link to the PR, issue, or logs
proxy | 2024/02/10 06:04:01 proxy starting, commit: bd9d653be769ec5f7b059e15d95d9ed3257252f3
proxy | 2024/02/10 06:04:01 Listening (:1080)
updater | 2024-02-10T06:04:01.930819863 [785388618:main:WARN:src/devices/src/legacy/serial.rs:222] Detached the serial input due to peer close/error.
updater | time="2024-02-10T06:04:03Z" level=info msg="guest starting" commit=409d83fb821a7c266460959144006f8ddc985a54
updater | time="2024-02-10T06:04:03Z" level=info msg="starting job..." fetcher_timeout=10m0s job_id=785388618 updater_timeout=45m0s updater_version=4188c3809767fb723b68ef939a75de1a7e7a9372-gradle
updater | 2024/02/10 06:04:06 INFO <job_785388618> Starting job processing
proxy | 2024/02/10 06:04:07 [002] GET https://github.com:443/nikammerlaan/version-catalog-dependabot-bug-repro/info/refs?service=git-upload-pack
proxy | 2024/02/10 06:04:07 [002] * authenticating git server request (host: github.com)
proxy | 2024/02/10 06:04:07 [002] 200 https://github.com:443/nikammerlaan/version-catalog-dependabot-bug-repro/info/refs?service=git-upload-pack
proxy | 2024/02/10 06:04:07 [004] POST https://github.com:443/nikammerlaan/version-catalog-dependabot-bug-repro/git-upload-pack
proxy | 2024/02/10 06:04:07 [004] * authenticating git server request (host: github.com)
proxy | 2024/02/10 06:04:07 [004] 200 https://github.com:443/nikammerlaan/version-catalog-dependabot-bug-repro/git-upload-pack
proxy | 2024/02/10 06:04:07 [006] POST https://github.com:443/nikammerlaan/version-catalog-dependabot-bug-repro/git-upload-pack
proxy | 2024/02/10 06:04:07 [006] * authenticating git server request (host: github.com)
proxy | 2024/02/10 06:04:07 [006] 200 https://github.com:443/nikammerlaan/version-catalog-dependabot-bug-repro/git-upload-pack
updater | 2024/02/10 06:04:07 INFO <job_785388618> Finished job processing
updater | time="2024-02-10T06:04:07Z" level=info msg="task complete" container_id=job-785388618-file-fetcher exit_code=0 job_id=785388618 step=fetcher
updater | 2024/02/10 06:04:10 INFO <job_785388618> Starting job processing
updater | 2024/02/10 06:04:10 INFO <job_785388618> Finished job processing
updater | 2024/02/10 06:04:10 INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +-------------------------------+
updater | | Errors |
updater | +-------------------------------+
updater | | dependency_file_not_parseable |
updater | +-------------------------------+
updater | time="2024-02-10T06:04:10Z" level=info msg="task complete" container_id=job-785388618-updater exit_code=0 job_id=785388618 step=updater
Smallest manifest that reproduces the issue
A libs.verisons.toml file as simple as this will trigger the issue:
versions.guava = "32.1.3-jre"
libraries.guava = { module = "com.google.guava:guava", version.ref = "guava" }
versions.jedis = "5.1.0"
libraries.jedis = { module = "redis.clients:jedis", version.ref = "jedis" }
This slightly different config is parsed without error:
versions.guava = "32.1.3-jre"
libraries.guava = { module = "com.google.guava:guava", version.ref = "guava" }
The issue appears to be related to the specific ordering of declarations.
Here's a full repo that reproduces the issue.
