Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot keeps sending in separate PR's instead of grouping them #9677

Open
1 task done
driesvints opened this issue May 6, 2024 · 0 comments
Open
1 task done

Dependabot keeps sending in separate PR's instead of grouping them #9677

driesvints opened this issue May 6, 2024 · 0 comments
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR L: php:composer Issues and code for Composer T: bug 🐞 Something isn't working

Comments

@driesvints
Copy link

driesvints commented May 6, 2024
edited

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Composer

Package manager version

updater_version=41076f97339018d9609e338bdc9c505b58212028-composer

Language version

PHP but specific version isn't found in logs

Manifest location and content before the Dependabot update

It's proprietary software so I can't share all contents unfortunately.

dependabot.yml content

version: 2
updates:
  - package-ecosystem: composer
    directory: "/"
    schedule:
      interval: weekly
      day: monday
    groups:
      php-dependencies:
        update-types:
        - "minor"
        - "patch"
    allow:
      - dependency-type: direct
    versioning-strategy: increase-if-necessary

  - package-ecosystem: npm
    directory: "/"
    schedule:
      interval: weekly
      day: monday
    groups:
      js-dependencies:
        update-types:
        - "minor"
        - "patch"
    allow:
      - dependency-type: direct
    versioning-strategy: increase-if-necessary

Updated dependency

Screenshot 2024-05-06 at 09 47 57

What you expected to see, versus what you actually saw

I've grouped patch and minor version updates but Dependabot continuous to send some as separate PR's. I've seen this happening across multiple repositories. As detailed in the dependabot.yml, I expect all of these to be grouped as a single PR. This only happens with Composer.

Native package manager behavior

$ composer update -W                                                                                  ~/Herd/forge
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 46 updates, 0 removals
  - Upgrading aws/aws-sdk-php (3.305.4 => 3.305.9)
  - Upgrading brick/math (0.11.0 => 0.12.1)
  - Upgrading brick/money (0.8.1 => 0.9.0)
  - Upgrading dompdf/dompdf (v2.0.7 => v2.0.8)
  - Upgrading jaybizzle/crawler-detect (v1.2.117 => v1.2.118)
  - Upgrading laravel/framework (v10.48.9 => v10.48.10)
  - Upgrading laravel/prompts (v0.1.20 => v0.1.21)
  - Upgrading laravel/pulse (v1.0.0-beta16 => v1.0.0)
  - Upgrading livewire/livewire (v3.4.10 => v3.4.12)
  - Upgrading openspout/openspout (v4.23.0 => v4.23.1)
  - Upgrading paragonie/sodium_compat (v1.20.1 => v1.21.1)
  - Upgrading spatie/backtrace (1.5.3 => 1.6.1)
  - Upgrading spatie/flare-client-php (1.4.4 => 1.5.1)
  - Upgrading spatie/ignition (1.13.2 => 1.14.1)
  - Upgrading spatie/image-optimizer (1.7.2 => 1.7.3)
  - Upgrading spatie/laravel-ignition (2.5.2 => 2.7.0)
  - Upgrading spatie/laravel-ray (1.36.1 => 1.36.2)
  - Upgrading spatie/ray (1.41.1 => 1.41.2)
  - Upgrading spatie/robots-txt (2.0.3 => 2.2.0)
  - Upgrading symfony/console (v6.4.6 => v6.4.7)
  - Upgrading symfony/css-selector (v6.4.3 => v6.4.7)
  - Upgrading symfony/deprecation-contracts (v3.4.0 => v3.5.0)
  - Upgrading symfony/dom-crawler (v6.4.4 => v6.4.7)
  - Upgrading symfony/error-handler (v6.4.6 => v6.4.7)
  - Upgrading symfony/event-dispatcher (v6.4.3 => v6.4.7)
  - Upgrading symfony/event-dispatcher-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/finder (v6.4.0 => v6.4.7)
  - Upgrading symfony/http-client (v6.4.6 => v6.4.7)
  - Upgrading symfony/http-client-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/http-foundation (v6.4.4 => v6.4.7)
  - Upgrading symfony/http-kernel (v6.4.6 => v6.4.7)
  - Upgrading symfony/mailer (v6.4.6 => v6.4.7)
  - Upgrading symfony/mime (v6.4.6 => v6.4.7)
  - Upgrading symfony/options-resolver (v6.4.0 => v6.4.7)
  - Upgrading symfony/postmark-mailer (v6.4.4 => v6.4.7)
  - Upgrading symfony/process (v6.4.4 => v6.4.7)
  - Upgrading symfony/psr-http-message-bridge (v6.4.6 => v6.4.7)
  - Upgrading symfony/routing (v6.4.6 => v6.4.7)
  - Upgrading symfony/service-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/stopwatch (v6.4.3 => v6.4.7)
  - Upgrading symfony/string (v6.4.4 => v6.4.7)
  - Upgrading symfony/translation (v6.4.4 => v6.4.7)
  - Upgrading symfony/translation-contracts (v3.4.2 => v3.5.0)
  - Upgrading symfony/uid (v6.4.3 => v6.4.7)
  - Upgrading symfony/var-dumper (v6.4.6 => v6.4.7)
  - Upgrading zbateson/mail-mime-parser (2.4.0 => 2.4.1)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 46 updates, 0 removals
  - Downloading dompdf/dompdf (v2.0.8)
  - Downloading symfony/css-selector (v6.4.7)
  - Downloading symfony/uid (v6.4.7)
  - Downloading symfony/routing (v6.4.7)
  - Downloading symfony/mailer (v6.4.7)
  - Downloading laravel/framework (v10.48.10)
  - Downloading jaybizzle/crawler-detect (v1.2.118)
  - Downloading openspout/openspout (v4.23.1)
  - Downloading brick/money (0.9.0)
  - Downloading symfony/psr-http-message-bridge (v6.4.7)
  - Downloading livewire/livewire (v3.4.12)
  - Downloading laravel/pulse (v1.0.0)
  - Downloading aws/aws-sdk-php (3.305.9)
  - Downloading spatie/image-optimizer (1.7.3)
  - Downloading spatie/flare-client-php (1.5.1)
  - Downloading spatie/ignition (1.14.1)
  - Downloading zbateson/mail-mime-parser (2.4.1)
  - Downloading spatie/ray (1.41.2)
  - Downloading spatie/laravel-ray (1.36.2)
  - Downloading symfony/dom-crawler (v6.4.7)
  - Downloading spatie/robots-txt (2.2.0)
  - Downloading symfony/http-client-contracts (v3.5.0)
  - Downloading symfony/http-client (v6.4.7)
  - Downloading symfony/postmark-mailer (v6.4.7)
  - Upgrading symfony/process (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading symfony/string (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading symfony/deprecation-contracts (v3.4.0 => v3.5.0): Extracting archive
  - Upgrading symfony/service-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/console (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading brick/math (0.11.0 => 0.12.1): Extracting archive
  - Upgrading dompdf/dompdf (v2.0.7 => v2.0.8): Extracting archive
  - Upgrading symfony/http-foundation (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading symfony/css-selector (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading symfony/var-dumper (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/uid (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading symfony/routing (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/mime (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/event-dispatcher-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/event-dispatcher (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading symfony/mailer (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/error-handler (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/http-kernel (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/finder (v6.4.0 => v6.4.7): Extracting archive
  - Upgrading symfony/translation-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/translation (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading laravel/framework (v10.48.9 => v10.48.10): Extracting archive
  - Upgrading laravel/prompts (v0.1.20 => v0.1.21): Extracting archive
  - Upgrading jaybizzle/crawler-detect (v1.2.117 => v1.2.118): Extracting archive
  - Upgrading openspout/openspout (v4.23.0 => v4.23.1): Extracting archive
  - Upgrading brick/money (0.8.1 => 0.9.0): Extracting archive
  - Upgrading symfony/psr-http-message-bridge (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading livewire/livewire (v3.4.10 => v3.4.12): Extracting archive
  - Upgrading laravel/pulse (v1.0.0-beta16 => v1.0.0): Extracting archive
  - Upgrading aws/aws-sdk-php (3.305.4 => 3.305.9): Extracting archive
  - Upgrading paragonie/sodium_compat (v1.20.1 => v1.21.1): Extracting archive
  - Upgrading symfony/options-resolver (v6.4.0 => v6.4.7): Extracting archive
  - Upgrading spatie/image-optimizer (1.7.2 => 1.7.3): Extracting archive
  - Upgrading spatie/backtrace (1.5.3 => 1.6.1): Extracting archive
  - Upgrading spatie/flare-client-php (1.4.4 => 1.5.1): Extracting archive
  - Upgrading spatie/ignition (1.13.2 => 1.14.1): Extracting archive
  - Upgrading spatie/laravel-ignition (2.5.2 => 2.7.0): Extracting archive
  - Upgrading zbateson/mail-mime-parser (2.4.0 => 2.4.1): Extracting archive
  - Upgrading symfony/stopwatch (v6.4.3 => v6.4.7): Extracting archive
  - Upgrading spatie/ray (1.41.1 => 1.41.2): Extracting archive
  - Upgrading spatie/laravel-ray (1.36.1 => 1.36.2): Extracting archive
  - Upgrading symfony/dom-crawler (v6.4.4 => v6.4.7): Extracting archive
  - Upgrading spatie/robots-txt (2.0.3 => 2.2.0): Extracting archive
  - Upgrading symfony/http-client-contracts (v3.4.2 => v3.5.0): Extracting archive
  - Upgrading symfony/http-client (v6.4.6 => v6.4.7): Extracting archive
  - Upgrading symfony/postmark-mailer (v6.4.4 => v6.4.7): Extracting archive
Generating optimized autoload files

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

Not sure sorry, I only have the above dependabot.yml config file. I do have the log output of the dependabot update: https://gist.github.com/driesvints/764cc103dcd43e59b073366ef35dc89b
@driesvints driesvints added the T: bug 🐞 Something isn't working label May 6, 2024
@github-actions github-actions bot added L: git:submodules Git submodules L: go:modules Golang modules L: javascript L: php:composer Issues and code for Composer labels May 6, 2024
@jakecoffman jakecoffman added F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR and removed L: go:modules Golang modules L: git:submodules Git submodules L: javascript labels May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR L: php:composer Issues and code for Composer T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@driesvints @jakecoffman