Timeout about dependabot-core HOT 13 CLOSED

Hi @MatthijsBurgh ; would you be willing to explore a beta opt-in that might solve this issue for you? cc: @honeyankit

from dependabot-core.

Yes, I am open to try a beta

from dependabot-core.

Great, this sounds like a different issue then and the timeout has been resolved. Do you want to create a new issue to dig into this failure?

from dependabot-core.

@MatthijsBurgh Try again, the repo is onboarded to Dependabot on actions

from dependabot-core.

I am currently running dependabot integrated with GitHub. So via the insights -> dependency graph -> dependabot. Does that work with the beta thing? Or should I change to using dependabot via GH actions?

from dependabot-core.

Yes, the change should be transparent to you since it only changes the internals. Could you try rerunning dependabot again to see if this solves the timeouts?

from dependabot-core.

Oh I see it now runs in actions, even when triggered from the menu described above. It still fails see, https://github.com/tue-robotics/hero-display/actions/runs/8166820597/job/22326209823

from dependabot-core.

@MatthijsBurgh : The issue does not looks like a timeout anymore from the Dependabot side. Let me dig more and I will update you.

From the logs, the job started at 2024/03/06 04:12:31 and the job got cancelled at ~2024/03/06 04:13:27

from dependabot-core.

It is now also showing another error message: Dependabot encountered an unknown error See https://github.com/tue-robotics/hero-display/actions/runs/8182920981/job/22375007058

But it did generate a new PR, tue-robotics/hero-display#760

from dependabot-core.

And the new run, after merging the PR, did fail because it couldn't update a dependency. See https://github.com/tue-robotics/hero-display/actions/runs/8184618684/job/22379389727

Should it really error in such a case?

edit: This was a security update.

from dependabot-core.

@MatthijsBurgh :

As Abdul stated, the timeout issue is resolved. The below is issue with the transitive dependencies. Dependabot is attempting a security update for tue-robotics/hero-display but facing a version conflict with app-builder-lib, needed by @matthijsburgh/vue-cli-plugin-electron-builder. Despite app-builder-lib having a latest version of 24.13.3, the required version was 23.6.0 due to transitive dependencies.

updater | 2024/03/07 07:46:41 INFO <job_797040017> VulnerabilityAuditor: audit result not viable: fix_unavailable
updater | 2024/03/07 07:46:41 INFO <job_797040017> Requirements to unlock update_not_possible
updater | 2024/03/07 07:46:41 INFO <job_797040017> Requirements update strategy bump_versions
  proxy | 2024/03/07 07:46:41 [029] HEAD [https://registry.npmjs.org:443/app-builder-lib/-/app-builder-lib-24.13.2.tgz](https://registry.npmjs.org/app-builder-lib/-/app-builder-lib-24.13.2.tgz)
  proxy | 2024/03/07 07:46:41 [029] 200 [https://registry.npmjs.org:443/app-builder-lib/-/app-builder-lib-24.13.2.tgz](https://registry.npmjs.org/app-builder-lib/-/app-builder-lib-24.13.2.tgz)
updater | 2024/03/07 07:46:42 INFO <job_797040017> The latest possible version that can be installed is 23.6.0 because of the following conflicting dependencies:

  @matthijsburgh/[email protected] requires [email protected] via a transitive dependency on [email protected]
  @matthijsburgh/[email protected] requires [email protected] via [email protected]
  No patched version available for app-builder-lib

from dependabot-core.

Since the timeout issue is resolved. I am going to close this issue.

from dependabot-core.

New issue: #9268

from dependabot-core.