dependabot
Error when updating NuGet packages from Public and Private Feed
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
NuGet
Package manager version
No response
Language version
C# (.NET 6)
Manifest location and content before the Dependabot update
Manifest files would be kept respectively in the csproj files that contain them,
dependabot.yml content
version: 2
registries:
internal-packages-nuget-github:
type: nuget-feed
url: https://nuget.pkg.github.com/REDACTED/index.json
username: REDACTED
password: REDACTED
nuget:
type: nuget-feed
url: https://api.nuget.org/v3/index.json
updates:
- package-ecosystem: nuget
directory: "/"
registries:
- internal-packages-nuget-github
- nuget
schedule:
interval: daily
time: "06:00"
timezone: America/New_York
groups:
private-repo-dependencies:
patterns:
- "*"
open-pull-requests-limit: 10
labels:
- "nuget"
- "dependencies"
assignees:
- "REDACTED/REDACTED"
Updated dependency
No response
What you expected to see, versus what you actually saw
What I expect: Dependabot to raise a PR with the correct depdendcies updates for both public and private feeds. What is happening: Only a few packages are being updated and we are getting errors on the rest. Example for a public package:
updater | 2024/02/16 11:43:42 ERROR <job_787880721> Error processing Microsoft.Extensions.Caching.Abstractions (Dependabot::DependabotError)
updater | 2024/02/16 11:43:42 ERROR <job_787880721> FileUpdater failed
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:69:in `run'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation_2_7.rb:59:in `bind_call'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation_2_7.rb:59:in `block in create_validator_method_fast0'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/dependency_change_builder.rb:42:in `create_from'
proxy | 2024/02/16 11:43:42 [722] 200 https://sentry.io:443/api/1451818/envelope/
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation.rb:169:in `bind_call'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation.rb:169:in `validate_call_skip_block_type'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11193/lib/types/private/methods/call_validation.rb:111:in `block in create_validator_slow_skip_block_type'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:114:in `create_change_for'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:72:in `block in compile_all_dependency_changes_for'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:38:in `each'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/group_update_creation.rb:38:in `compile_all_dependency_changes_for'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:110:in `dependency_change'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/refresh_group_update_pull_request.rb:93:in `perform'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in `run'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:43:in `perform_job'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:36:in `run'
updater | 2024/02/16 11:43:42 ERROR <job_787880721> bin/update_files.rb:24:in `<main>'
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
Could you post the whole log? There's likely something interesting before the failure listed.
I'm using a similar configuration and have been experiencing this issue for all my repos for the last 2 months or so In this case, the PR message correctly describes all the necessary updates, but the PR body itself does not contain this
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "nuget" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
groups:
all:
patterns:
- "*"
Examples:
- https://github.com/tryAGI/Tiktoken/pull/20
- https://github.com/HavenDV/OpenApiGenerator/pull/7
Could you post the whole log? There's likely something interesting before the failure listed.
Of course! I have attached it here (since it's massive) redacted-log.txt and redacted any information that is personal. @brettfo
I'm using a similar configuration and have been experiencing this issue for all my repos for the last 2 months or so In this case, the PR message correctly describes all the necessary updates, but the PR body itself does not contain this
# To get started with Dependabot version updates, you'll need to specify which # package ecosystems to update and where the package manifests are located. # Please see the documentation for all configuration options: # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates version: 2 updates: - package-ecosystem: "nuget" # See documentation for possible values directory: "/" # Location of package manifests schedule: interval: "weekly" groups: all: patterns: - "*"Examples:
Yes, this is a very accurate description of the problem.
@FrankRua some of the log info was truncated too much. Could you grab some chunks for me from your log?
Specifically line 5749 and the next 100 lines or so. I need to see the whole line (file paths can be redacted) that starts with:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update ...
Similarly line 5826 and the next chunk.
I'm looking for the --dependency, --new-version, and --previous-version arguments and if the --transitive flag is passed.
@brettfo Yes! I have attached it in one text file here, you can see they are separated in sections with:
***********************************
LINES: 5749 - 5885
***********************************
And
***********************************
LINES :5826 - 5922
***********************************
Let me know if you need anything else 😄.
@FrankRua I wasn't able to figure anything out from the bigger log segments. Are you able to share the full unredacted log with me privately via email? Maybe something from that will stick out to me. Anything I receive will only be seen by me and deleted as soon as I'm done. If this is something you're able to do, my direct email is [email protected]
@brettfo I have gotten the ok for SecOps to send them to you, I will send them over to you in a few minutes.
I've been working with @FrankRua via email and this appears to now be solved.