Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot groups with a single package update don't show current -> updated version #7662

Closed
1 task done
23pointsNorth opened this issue Jul 28, 2023 · 6 comments · Fixed by #8478
Closed
1 task done

Dependabot groups with a single package update don't show current -> updated version #7662

23pointsNorth opened this issue Jul 28, 2023 · 6 comments · Fixed by #8478
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR F: package-metadata The metadata that Dependabot fetched for the package T: bug 🐞 Something isn't working

Comments

@23pointsNorth
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

npm

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

When only a single package is updated within a dependabot group, the PR text doesn't show the version update (from/to).

E.g.
A new PR:
Subject: Bump the types-dependencies group in /client with 1 update
Body: Bumps the types-dependencies group in /client with 1 update: @types/node.

Commits

Expected behavior:
Similar to multi-package group updates, or single non-group version bumps, post the version change in the body or subject.
E.g.
Subject: Bump jasmine-core from 5.0.1 to 5.1.0 in /client
Body: Bumps jasmine-core from 5.0.1 to 5.1.0.

Release notes

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@23pointsNorth 23pointsNorth added the T: bug 🐞 Something isn't working label Jul 28, 2023
@jakecoffman jakecoffman added F: package-metadata The metadata that Dependabot fetched for the package grouped-updates-beta labels Jul 28, 2023
@jakecoffman jakecoffman added F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR and removed grouped-updates-beta labels Aug 9, 2023
@jakecoffman jakecoffman mentioned this issue Aug 21, 2023
Closed
1 task
@jakecoffman
Copy link
Member

Another report of this here with repro: #7840 (comment)

@ghjm
Copy link

ghjm commented Nov 8, 2023

Came here to report this. My suggestion is to add a minimum_updates field to the groups definition. Personally, I'd set this to about 4. If there are only one, two or (maybe) three updates, I'd like to see individual ungrouped PRs.

I guess this gets complicated if you have 2 updates still pending and 2 more updates come in. At that point do you close the original ungrouped PRs and add them to a new group? I'm not sure what the correct behavior is in all cases.

My goal is to have the PRs show the individual versions most of the time, but use groups to reduce the pain when something broke the unit tests, didn't get looked at for a while, and now there's a logjam of dozens of updates that need to go through.

@joaorosado
Copy link

joaorosado commented Nov 13, 2023
edited
Loading

Was changing my repos to also use this new group feature and hit exactly the same issue.
On PRs where only one of the dependencies needs to be updated there is no information anywhere about what is being changed.

Ideally I would like the title to actually be as it was before using the groups, but at the very least it should keep the same format / table with the from / to version numbers in the description of the PR and on the commit message details.

Edit: note that in my case I'm using the nuget ecosystem, but the scenarios is exactly the same.

@jakecoffman jakecoffman mentioned this issue Nov 28, 2023
Merged
@jakecoffman
Copy link
Member

This should be fixed now!

@huehnerlady
Copy link

@jakecoffman my issue was marked as a duplicate, but unfortunately this is still not working.

My issue was about the "old" title of a group update as long as it is just 1 dependency update...

@jakecoffman
Copy link
Member

@huehnerlady Ah, let me reopen that as a feature request then and we can have a discussion there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR F: package-metadata The metadata that Dependabot fetched for the package T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix grouped update PRs are missing current -> updated version message dependabot/dependabot-core
5 participants
@jakecoffman @ghjm @23pointsNorth @joaorosado @huehnerlady