Giters

dependabot / dependabot-core

🤖 Dependabot's core logic for creating update PR's.

Home Page:https://docs.github.com/en/code-security/dependabot

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Proper summary missing from version bump PRs & commits

danielocfb opened this issue · comments

commented

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

cargo

Package manager version

N/A

Language version

Rust/Toml

Manifest location and content before the Dependabot update

Cargo.lock

dependabot.yml content

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "github-actions"
    open-pull-requests-limit: 25
    rebase-strategy: "auto"
    directory: "/"
    schedule:
      interval: "daily"
  - package-ecosystem: "cargo"
    # Limited to 1 to eliminate risk of accidental merge conflicts.
    open-pull-requests-limit: 1
    versioning-strategy: "lockfile-only"
    directory: "/"
    schedule:
      interval: "daily"

Updated dependency

anyhow; version 1.0.83 to 1.0.86

What you expected to see, versus what you actually saw

I saw commit libbpf/libbpf-rs@28191bf

commit 28191bf92753a26ac56b8d59fd247dc0b9e74068
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   2024-05-22 13:19:32 +0000

    ---
    updated-dependencies:
    - dependency-name: anyhow
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

I expected something more along the lines of libbpf/libbpf-rs@1e0d0d5, i.e., with a proper subject line and body:

commit 1e0d0d523070689cd695a4fe1a0b9b0353acc9af
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   2024-05-09 13:53:43 +0000

    build(deps): bump anyhow from 1.0.82 to 1.0.83

    Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.82 to 1.0.83.
    - [Release notes](https://github.com/dtolnay/anyhow/releases)
    - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.82...1.0.83)

    ---
    updated-dependencies:
    - dependency-name: anyhow
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <support@github.com>

It appears as if something broke recently. The thiserror dependency showed a similar bug one day earlier: libbpf/libbpf-rs@4216658

Native package manager behavior

N/A

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

commented

Hi @danielocfb , sorry this was a regression and has been fixed yesterday. Please feel free to reopen if it recurs.