-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Listing unchanged dependency twice in the update PR #7695
Comments
Note also a related bug, where the previous version is listed as a commit, which is incorrect. They were upgraded from a previous version number. |
@bmulholland does this bug still repro? |
Thanks, hoping we get someone to take a look at this from our end soon too. |
@bmulholland Is it possible to provide the manifest file along with dependabot.yml file which resulted in the duplicate upgraded dependencies to easily reproduce the issue. I am not able to reproduce it at my end. |
@honeyankit Sure -- emailed them to you directly. |
@bmulholland With you manifest files, I was easily able to produce the issue and fix it. |
Glad it helped. Thanks for the fix! |
@honeyankit Could your fix have caused this regression? #9457 |
Is there an existing issue for this?
Package ecosystem
bundler
Package manager version
Bundler version 2.4.10
Language version
ruby 3.2.2 (2023-03-30 revision e51014f9c0) [arm64-darwin21]
Manifest location and content before the Dependabot update
/Gemfile
The relevant part is
and
/Gemfile.lock
dependabot.yml content
Updated dependency
knock: 8e8b3e8 to 2.2.0 (listed twice)
https://github.com/nsarno/knock
What you expected to see, versus what you actually saw
Nothing. No new version is released.
Native package manager behavior
bundler upgrade
doesn't upgrade the package.Images of the diff or a link to the PR, issue, or logs
Changed files doesn't have the knock line.
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: