-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot has stopped opening PRs - breaks with sorbet dependencies #5420
Comments
I'm really sorry, this is again upstream fault 😞. See rubygems/rubygems#5743. I have good ideas on how to fix it and will get to it soon. Also there's an easy workaround for you: remove the "ruby" platform from the lockfile (which is what I expect the fix will do automatically). |
@deivid-rodriguez thank you for the comment! I suspect we cannot remove the ruby platform on our side because of our dependencies on (https://github.com/sqreen/ruby-agent) which ends up depending on |
Update - it does seem to work adequately by removing @jurre should I close this issue, or do you want to keep it opened for tracking purpose? |
No problem, I'm glad it worked! |
Happy that resolved it! Since it's already tracked upstream I'm fine with closing this one here, we'll pull in those changes as they're released |
Removing the I'm guessing there a bunch of people in my situation, who haven't had any dependabot pulls in a couple of weeks, and still just think things have been quiet vs broken. |
I've opened #5465 which bumps us to the latest version of bundler, but I don't think a version with a fix for this issue has been released yet, so unfortunately there is not much we can do other than wait. The silent failing is definitely annoying and I wish we had a better answer for this, the errors for this are buried fairly deeply in the UI. We're thinking about possible solutions for this, but unfortunately I can't offer much in terms of a solution for it right now. |
Thanks! edit: I do wonder if you might consider downgrading bundler to the previously-working version until it's fixed? |
Just some heads up here. I think @kbarrette was having a different issue due to having the In addition to that, I proposed a fix in Bundler, so that it should stop raising this error for these lockfiles: rubygems/rubygems#5807, so hopefully dependabot should work again for these lockfiles once the fix is merged and released and dependabot upgrades Bundler. |
@kbarrette yeah, I'm open to it @deivid-rodriguez do you happen to know what the latest version of bundler is that doesn't have this regression? And any sense of when it could be forward-fixed in a new version? |
Yes, last working version is 2.3.16. And the fix for this is rubygems/rubygems#5807, which should be released in about a week. |
Thanks so much 🙇 I'll downgrade to |
Thanks, and sorry for too many regressions lately :( |
No need to apologize, so many different configurations out in the world that it's really hard to always spot all the edge cases, and making these changes is the only way to improve bundler, your work is appreciated! |
#5479 should resolve things for now |
Although this keeps giving trouble upstream, dependabot-core is now locked to a version without issues, and we don't plan to change that 😅. So closing! |
Package ecosystem
bundler
Package manager version
unapplicable
Language version
Ruby 3.1.2
Manifest location and content before the Dependabot update
Relevant section in our Gemfile:
Resulting in the following in the Gemfile.lock:
dependabot.yml content
Updated dependency
sorbet + sorbet_static
What you expected to see, versus what you actually saw
Best here is to see the error link at the bottom of this report - would expect it to work.
Native package manager behavior
Works well ✅
Images of the diff or a link to the PR, issue, or logs
Relevant part of update Logs:
The text was updated successfully, but these errors were encountered: