dependabot
Dependabot doesn't update NuGet version in all projects
Is there an existing issue for this?
- [X] I have searched the existing issues
Package ecosystem
NuGet
Package manager version
No response
Language version
.NET 8
Manifest location and content before the Dependabot update
Project layout follows a pattern similar to the following:
-
/src/Core/Core.csproj -
/src/Infrastructure/Infrastructure.csproj -
/src/CLI/CLI.csproj -
/tests/Core.Tests/Core.Tests.csproj -
/tests/Infrastructure.Tests/Infrastructure.Tests.csproj -
/tests/TestHelpers/TestHelpers.csproj
dependabot.yml content
version: 2
updates:
- package-ecosystem: "nuget" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
- package-ecosystem: "github-actions" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
Updated dependency
Microsoft.Test.SDK 17.6.0 to 17.9.0
What you expected to see, versus what you actually saw
I would expect Microsoft.Test.SDK to be updated in all three test projects, but it's only updated in a single project, causing any related restore/builds to fail with a package downgrade error from MSBuild.
Native package manager behavior
Not applicable.
Images of the diff or a link to the PR, issue, or logs
According to the dependabot logs, dependabot knows this dependency is found in other projects:
updater | name: Microsoft.NET.Test.Sdk, version: 17.6.0
updater | file: tests/UserCreation.Core.Tests/UserCreation.Core.Tests.csproj, metadata:
updater | file: tests/UserCreation.Infrastructure.Tests/UserCreation.Infrastructure.Tests.csproj, metadata:
updater | file: tests/UserCreation.TestHelpers/UserCreation.TestHelpers.csproj, metadata:
updater | name: MSTest.TestAdapter, version: 3.0.4
updater | file: tests/UserCreation.Core.Tests/UserCreation.Core.Tests.csproj, metadata:
updater | file: tests/UserCreation.Infrastructure.Tests/UserCreation.Infrastructure.Tests.csproj, metadata:
updater | file: tests/UserCreation.TestHelpers/UserCreation.TestHelpers.csproj, metadata:
updater | name: MSTest.TestFramework, version: 3.0.4
updater | file: tests/UserCreation.Core.Tests/UserCreation.Core.Tests.csproj, metadata:
updater | file: tests/UserCreation.Infrastructure.Tests/UserCreation.Infrastructure.Tests.csproj, metadata:
updater | file: tests/UserCreation.TestHelpers/UserCreation.TestHelpers.csproj, metadata:
updater | name: coverlet.collector, version: 6.0.0
updater | file: tests/UserCreation.Core.Tests/UserCreation.Core.Tests.csproj, metadata:
updater | file: tests/UserCreation.Infrastructure.Tests/UserCreation.Infrastructure.Tests.csproj, metadata:
updater | file: tests/UserCreation.TestHelpers/UserCreation.TestHelpers.csproj, metadata:
Smallest manifest that reproduces the issue
No response
This looks like a reemergence of the issue here https://github.com/dependabot/dependabot-core/issues/8576, possibly due to this commit https://github.com/dependabot/dependabot-core/commit/02f47fd95be21ba1bf7c39b0309c195f61059573 as it touched the same file after the fix, which seemed to work. I know 0 Ruby so can't comment but perhaps @JamieMagee can take a look?
@prplecake are you able to share any other logs?
@kmcc049 It's hard to say whether or not it's related to Sorbet without any stack traces.
@prplecake Is the repo where you're seeing this public? If not can you share the job ID so I can pull the full logs from my end? There will be several instances of a string like <job_123456> that should be all I need.
@brettfo Repo is private. I don't have the job ID for the run when I opened this issue, and I haven't had a bunch of dependency updates in the last several weeks. In any case, there was a job that ran two weeks ago, job_817723144, and one that ran a few days ago, job_820810872.
I hope they help.