-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pip fails to resolve multiple dependencies #11352
Comments
I think it's worth repeating error "Error resolving dependency." verbatim here, maybe even worth putting that into the title. An what's particularly important to mention is that this issue blocks (or delays) Django security updates, at least the part where Dependabot would normally help out with a pull request. Here's how users see the issue (if helpful): Would be great to have that fixed. Thanks for all the time Dependabot was working well, it's an invaluable tool 🙏 PS: The issue affects (at least) two repositories of mine: GitHub Repository: https://github.com/hartwork/jawanndenn/
GitHub Repository: https://github.com/hartwork/wnpp.debian.net/
|
PS: I'm also just noticing that Dependabot was already failing for two weeks without notifying anyone: (from https://github.com/hartwork/wnpp.debian.net/network/updates/8399467/jobs) |
.python-version file is used by gh-actions and dependabot. Attempt to circumvent dependabot/dependabot-core#11352
I tested this again with the latest dependabot release (v0.294.0), and the issue persists. However, I found a workaround to make it work again for me: Two takeaways from this though:
|
.. because of defunct Dependabot: dependabot/dependabot-core#11352
.. because of defunct Dependabot: dependabot/dependabot-core#11352
.. because of Dependabot's sick leave: dependabot/dependabot-core#11352
.. because of Dependabot's sick leave: dependabot/dependabot-core#11352
If of use to anyone, here's how I mass-bumped non-pip-tools requirements with hashes today using hashin while Dependabot is on sick leave: for i in requirements*.txt ; do grep == "$i" | awk -F= '{print $1}' | xargs -r -t -n1 hashin -r "$i" ; done |
@dependabot could you comment about an ETA for a fix? This issue renders Dependabot dysfunctional for at least two of my repositories — this issue matters. Could you raise priority please? |
.. because of Dependabot's sick leave: dependabot/dependabot-core#11352
.. because of Dependabot's sick leave: dependabot/dependabot-core#11352
.. because of Dependabot's sick leave: dependabot/dependabot-core#11352
.. because of Dependabot's sick leave: dependabot/dependabot-core#11352
@crittermike can you help get this showstopper issue priority and a reply? |
.. rather than Python 3.13 to try trick GitHub Dependabot back into operation for a workaround. dependabot/dependabot-core#11352
.. rather than Python 3.13 to try trick GitHub Dependabot back into operation for a workaround. dependabot/dependabot-core#11352
Hi @hartwork , sorry for the late response. Thanks for bringing this to our notice |
Is there an existing issue for this?
Package ecosystem
pip
Package manager version
pip-compile
7.4.1
Language version
Python
3.12(.3)
Manifest location and content before the Dependabot update
https://github.com/alliance-genome/agr_pavi/blob/856e6bb5933c00ad475db0023746445a66b24b4f/api/tests/requirements.txt
https://github.com/alliance-genome/agr_pavi/blob/main/api/pyproject.toml
dependabot.yml content
https://github.com/alliance-genome/agr_pavi/blob/856e6bb5933c00ad475db0023746445a66b24b4f/.github/dependabot.yml
Updated dependency
mypy from
1.13.0
to1.14.1
smart-open[s3] from
7.0.5
to7.1.0
What you expected to see, versus what you actually saw
Dependabot should be able to propose a PR to update mypy from
1.13(.0)
to1.14(.1)
, and to update smart-open from7.0(.5)
to7.1(.0)
. Dependabot config has not been updated and dependabot used to be able to propose updates for both packages in the past.Native package manager behavior
Successful updates.
Images of the diff or a link to the PR, issue, or logs
Likely related to changes introduced in merged dependabot PR https://github.com/dependabot/dependabot-core/pull/11305/files#diff-e97dac51f6d0eb39115b1c017916def375cd4cfe8743bea989f9b1d8e04ff791, released as dependabot v0.293.0.
Dependabot run
mypy
update error:Dependabot
smart-open
update error:Smallest manifest that reproduces the issue
https://github.com/alliance-genome/agr_pavi/blob/856e6bb5933c00ad475db0023746445a66b24b4f/api/aws_infra/tests/requirements.txt
The text was updated successfully, but these errors were encountered: