Only a subset of lockfiles being updated
bmerry opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
pip-compile
Package manager version
pip-compile 7.4.1
Language version
Python 3.8
Manifest location and content before the Dependabot update
https://github.com/ska-sa/spead2/blob/14739439cd000ca7d83085d6073ad62968e2576e/requirements.in
https://github.com/ska-sa/spead2/blob/14739439cd000ca7d83085d6073ad62968e2576e/requirements.txt
https://github.com/ska-sa/spead2/blob/14739439cd000ca7d83085d6073ad62968e2576e/requirements-3.12.txt
dependabot.yml content
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
groups:
production-group:
dependency-type: "production"
development-group:
dependency-type: "development"
Updated dependency
No response
What you expected to see, versus what you actually saw
I have a single source requirements.in, from which I generate two lockfiles: requirements.txt for Python 3.8, and requirements-3.12 for Python 3.12. When Dependabot opens a PR such as ska-sa/spead2#324, it's only updating the latter.
I expected to see updates to requirements.txt as well (whether in the same or a separate PR).
Native package manager behavior
Running pip-compile -U requirements.in
in a Python 3.8 environment produces the following diff:
diff --git a/requirements.txt b/requirements.txt
index 6f21686..6bd0eee 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -21,11 +21,11 @@ numpy==1.24.4
# -r requirements.in
# numba
# scipy
-packaging==24.0
+packaging==24.1
# via pytest
pluggy==1.5.0
# via pytest
-pytest==8.2.1
+pytest==8.2.2
# via
# -r requirements.in
# pytest-asyncio
@@ -41,5 +41,5 @@ scipy==1.10.1
# via -r requirements.in
tomli==2.0.1
# via pytest
-zipp==3.19.0
+zipp==3.19.2
# via importlib-metadata
Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
No response