Comments (13)
Hi @MatthijsBurgh ; would you be willing to explore a beta opt-in that might solve this issue for you? cc: @honeyankit
from dependabot-core.
Yes, I am open to try a beta
from dependabot-core.
Great, this sounds like a different issue then and the timeout has been resolved. Do you want to create a new issue to dig into this failure?
from dependabot-core.
@MatthijsBurgh Try again, the repo is onboarded to Dependabot on actions
from dependabot-core.
I am currently running dependabot integrated with GitHub. So via the insights -> dependency graph -> dependabot. Does that work with the beta thing? Or should I change to using dependabot via GH actions?
from dependabot-core.
Yes, the change should be transparent to you since it only changes the internals. Could you try rerunning dependabot again to see if this solves the timeouts?
from dependabot-core.
Oh I see it now runs in actions, even when triggered from the menu described above. It still fails see, https://github.com/tue-robotics/hero-display/actions/runs/8166820597/job/22326209823
from dependabot-core.
@MatthijsBurgh : The issue does not looks like a timeout anymore from the Dependabot side. Let me dig more and I will update you.
From the logs, the job started at 2024/03/06 04:12:31
and the job got cancelled at ~2024/03/06 04:13:27
from dependabot-core.
It is now also showing another error message: Dependabot encountered an unknown error
See https://github.com/tue-robotics/hero-display/actions/runs/8182920981/job/22375007058
But it did generate a new PR, tue-robotics/hero-display#760
from dependabot-core.
And the new run, after merging the PR, did fail because it couldn't update a dependency. See https://github.com/tue-robotics/hero-display/actions/runs/8184618684/job/22379389727
Should it really error in such a case?
edit: This was a security update.
from dependabot-core.
As Abdul stated, the timeout issue is resolved. The below is issue with the transitive dependencies
. Dependabot is attempting a security update for tue-robotics/hero-display
but facing a version conflict with app-builder-lib, needed by @matthijsburgh/vue-cli-plugin-electron-builder. Despite app-builder-lib having a latest version of 24.13.3, the required version was 23.6.0 due to transitive dependencies.
updater | 2024/03/07 07:46:41 INFO <job_797040017> VulnerabilityAuditor: audit result not viable: fix_unavailable
updater | 2024/03/07 07:46:41 INFO <job_797040017> Requirements to unlock update_not_possible
updater | 2024/03/07 07:46:41 INFO <job_797040017> Requirements update strategy bump_versions
proxy | 2024/03/07 07:46:41 [029] HEAD [https://registry.npmjs.org:443/app-builder-lib/-/app-builder-lib-24.13.2.tgz](https://registry.npmjs.org/app-builder-lib/-/app-builder-lib-24.13.2.tgz)
proxy | 2024/03/07 07:46:41 [029] 200 [https://registry.npmjs.org:443/app-builder-lib/-/app-builder-lib-24.13.2.tgz](https://registry.npmjs.org/app-builder-lib/-/app-builder-lib-24.13.2.tgz)
updater | 2024/03/07 07:46:42 INFO <job_797040017> The latest possible version that can be installed is 23.6.0 because of the following conflicting dependencies:
@matthijsburgh/[email protected] requires [email protected] via a transitive dependency on [email protected]
@matthijsburgh/[email protected] requires [email protected] via [email protected]
No patched version available for app-builder-lib
from dependabot-core.
Since the timeout issue is resolved. I am going to close this issue.
from dependabot-core.
New issue: #9268
from dependabot-core.
Related Issues (20)
- Dependabot corrupts gitmodules while trying to update nugets
- Private Maven Repo (GitHub Packages): PR contains no GitHub release notes
- pip with increase-if-necessary strategy fails with TypeError
- NuGet Package With wildcard version throws error HOT 1
- Dependabot doesn't update NuGet version in all projects HOT 3
- Switch out `@octokit/webhooks-types` for `@octokit/openapi-webhooks-types` on upgrade of `@octokit/webhooks` to v13+
- Support for nested terraform code and directories
- dependabot create wrong PR for actions HOT 2
- Regression: Grouped update includes no details about upgrades HOT 11
- dependabot creates pr for sub directory for file in root of module
- ArgumentError: blank strings must not be provided as requirements HOT 1
- "Conversation" tab for commenting on alerts
- Migrate from Ubuntu 22.04 to 24.04
- The process '/usr/bin/docker' failed with exit code 1 HOT 1
- dependabot's security updates remove path prefixes from
- Dependabot not working with repo that does not persist package-lock.json file
- Always run "Get-Project βAll | Add-BindingRedirect"
- Unhandled exception: System.ArgumentException: An item with the same key has already been added. HOT 6
- Docker group updates don't ignore unstable versions
- No PRs due to unclear `update_not_possible`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependabot-core.