apm-agent-python icon indicating copy to clipboard operation
apm-agent-python copied to clipboard
verified publisher icon elastic

dependabot is failing

Open v1v opened this issue 1 year ago • 1 comments

See here

 Dependabot can't update vulnerable dependencies without a lockfile
The currently installed version can't be determined.

To resolve the issue add a supported lockfile (Pipfile.lock, pyproject.lock or poetry.lock).

and

proxy | 2024/10/09 04:59:47 [015] GET [https://pypi.org:443/simple/django/](https://pypi.org/simple/django/)
  proxy | 2024/10/09 04:59:47 [015] 200 [https://pypi.org:443/simple/django/](https://pypi.org/simple/django/)
updater | 2024/10/09 04:59:47 INFO <job_898200968> Filtered out 4 yanked versions
updater | 2024/10/09 04:59:47 INFO <job_898200968> Latest version is 5.1.2
updater | 2024/10/09 04:59:47 INFO <job_898200968> Dependabot can't update vulnerable dependencies for projects without a lockfile or pinned version requirement as the currently installed version of django isn't known.
  proxy | 2024/10/09 04:59:48 [019] POST /update_jobs/898200968/record_update_job_error
  proxy | 2024/10/09 04:59:48 [019] 204 /update_jobs/898200968/record_update_job_error
  proxy | 2024/10/09 04:59:48 [021] PATCH /update_jobs/898200968/mark_as_processed
  proxy | 2024/10/09 04:59:48 [021] 204 /update_jobs/898200968/mark_as_processed
updater | 2024/10/09 04:59:48 INFO <job_898200968> Finished job processing
updater | 2024/10/09 04:59:48 INFO Results:
Dependabot encountered '1' error(s) during execution, please check the logs for more details.
+-------------------------------+
|            Errors             |
+-------------------------------+
| dependency_file_not_supported |
+-------------------------------+
Failure running container 2c5d1c36c565c[53](https://github.com/elastic/apm-agent-python/actions/runs/11248516257/job/31273784137#step:3:55)e22f55c108d9f5d3ce9ca87b269cfcdf12f92aa89569091d4
Cleaned up container 2c5d1c36c565c53e22f55c108d9f5d3ce9ca87b269cfcdf12f92aa89569091d4
  proxy | 2024/10/09 04:59:48 Posting metrics to remote API endpoint
2024/10/09 04:59:48 0/9 calls cached (0%)
Error: Dependabot encountered an error performing the update

Error: The updater encountered one or more errors.

v1v avatar Oct 10 '24 07:10 v1v

Eh for some reason dependabot stopped to work with requirements files some times ago, was already aware of this because it fails applying fixes it reports in the security tab in github.

xrmx avatar Oct 10 '24 07:10 xrmx