Upgrades unrelated packages, even with incompatible versions
samtrion opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
nuget
Package manager version
nuget 6.x
Language version
.NET 6, .NET 7, .NET 8, .NET 9
Manifest location and content before the Dependabot update
/Directoy.Packages.props
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
</PropertyGroup>
<ItemGroup>
<GlobalPackageReference Include="CSharpier.MSBuild" Version="0.28.0" />
<GlobalPackageReference Include="GitVersion.MsBuild" Version="5.12.0" />
<GlobalPackageReference Include="Microsoft.CodeAnalysis.BannedApiAnalyzers" Version="3.3.4" />
<GlobalPackageReference Include="Microsoft.CodeAnalysis.NetAnalyzers" Version="8.0.0" />
<GlobalPackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
<GlobalPackageReference Include="Microsoft.VisualStudio.Threading.Analyzers" Version="17.9.28" />
<GlobalPackageReference Include="SonarAnalyzer.CSharp" Version="9.23.1.88495" Condition=" '$(BuildingInsideVisualStudio)' == 'true' " />
</ItemGroup>
<ItemGroup>
<PackageVersion Include="ClickHouse.Client" Version="7.2.2" />
<PackageVersion Include="Confluent.Kafka" Version="2.3.0" />
<PackageVersion Include="coverlet.collector" Version="6.0.2" />
<PackageVersion Include="coverlet.msbuild" Version="6.0.2" />
<PackageVersion Include="Dapr.Client" Version="1.13.0" />
<PackageVersion Include="Microsoft.AspNetCore.TestHost" Version="8.0.2" />
<PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="7.0.16" Condition=" '$(TargetFramework)' == 'net7.0' " />
<PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="6.0.27" Condition=" '$(TargetFramework)' == 'net6.0' " />
<PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.5" />
<PackageVersion Include="Microsoft.Data.Sqlite" Version="8.0.4" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageVersion Include="MySql.Data" Version="8.3.0" />
<PackageVersion Include="MySqlConnector" Version="2.3.6" />
<PackageVersion Include="NetEvolve.Arguments" Version="1.1.9" />
<PackageVersion Include="NetEvolve.Extensions.Tasks" Version="1.2.7" />
<PackageVersion Include="NetEvolve.Extensions.XUnit" Version="2.1.7" />
<PackageVersion Include="Npgsql" Version="8.0.2" />
<PackageVersion Include="NSubstitute" Version="5.1.0" />
<PackageVersion Include="Oracle.ManagedDataAccess.Core" Version="3.21.130" />
<PackageVersion Include="System.Data.SqlClient" Version="4.8.6" />
<PackageVersion Include="Testcontainers.ClickHouse" Version="3.8.0" />
<PackageVersion Include="Testcontainers.Kafka" Version="3.8.0" />
<PackageVersion Include="Testcontainers.MsSql" Version="3.8.0" />
<PackageVersion Include="Testcontainers.MySql" Version="3.8.0" />
<PackageVersion Include="Testcontainers.Oracle" Version="3.8.0" />
<PackageVersion Include="Testcontainers.PostgreSql" Version="3.8.0" />
<PackageVersion Include="Testcontainers.Redpanda" Version="3.8.0" />
<PackageVersion Include="Testcontainers.SqlEdge" Version="3.8.0" />
<PackageVersion Include="Verify.Xunit" Version="23.7.2" />
<PackageVersion Include="xunit" Version="2.7.0" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.5.7" />
</ItemGroup>
</Project>
dependabot.yml content
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
# Every time I update this file without changing the content, I increment this counter.
# Counter: 13
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "build(ci)"
labels:
- "dependency-actions"
open-pull-requests-limit: 50
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "build(deps)"
labels:
- "dependency-nuget"
open-pull-requests-limit: 50
groups:
coverlet:
patterns:
- "coverlet*"
nunit:
patterns:
- "nunit"
- "nunit*"
testcontainers:
patterns:
- "testcontainers*"
verify:
patterns:
- "verify*"
xunit:
patterns:
- "xunit"
- "xunit*"
- package-ecosystem: "gitsubmodule"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "build(mods)"
labels:
- "dependency-gitmodule"
open-pull-requests-limit: 50
groups:
submodules:
patterns:
- "*"
- package-ecosystem: "devcontainers"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "build(dev)"
labels:
- "dependency-devcontainers"
open-pull-requests-limit: 50
Updated dependency
- <PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="7.0.16" Condition=" '$(TargetFramework)' == 'net7.0' " />
- <PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="6.0.27" Condition=" '$(TargetFramework)' == 'net6.0' " />
+ <PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="8.0.2" Condition=" '$(TargetFramework)' == 'net7.0' " />
+ <PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="8.0.2" Condition=" '$(TargetFramework)' == 'net6.0' " />
- <PackageVersion Include="xunit" Version="2.7.0" />
- <PackageVersion Include="xunit.runner.visualstudio" Version="2.5.7" />
+ <PackageVersion Include="xunit" Version="2.8.0" />
+ <PackageVersion Include="xunit.runner.visualstudio" Version="2.8.0" />
What you expected to see, versus what you actually saw
- <PackageVersion Include="xunit" Version="2.7.0" />
- <PackageVersion Include="xunit.runner.visualstudio" Version="2.5.7" />
+ <PackageVersion Include="xunit" Version="2.8.0" />
+ <PackageVersion Include="xunit.runner.visualstudio" Version="2.8.0" />
Native package manager behavior
Only upgrades xunit
Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
/Directoy.Packages.props
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="Microsoft.AspNetCore.TestHost" Version="8.0.2" />
<PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="7.0.16" Condition=" '$(TargetFramework)' == 'net7.0' " />
<PackageVersion Update="Microsoft.AspNetCore.TestHost" Version="6.0.27" Condition=" '$(TargetFramework)' == 'net6.0' " />
<PackageVersion Include="xunit" Version="2.7.0" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.5.7" />
</ItemGroup>
</Project>
We have a similar issue where the Condition
attribute isn't properly considered. Consolidating this one with #9299.