dependabot is not updating this dependency in various repo's action config files
devoncarew opened this issue · 2 comments
Dependabot is not updating this dependency in various repo's action config files. I.e, for a reference:
- uses: actions/checkout@v2
- uses: dart-lang/setup-dart@v1
- uses: nanasess/setup-chromedriver@v1.0.5
It's properly sending PRs to update checkout to v3, and chromedriver to 1.0.7, but is not trying to update setup-dart to v1.3; it thinks the latest version is 1.0.
Here's a log from dependabot running on the above example:
updater | INFO <job_358391193> Checking if dart-lang/setup-dart 1 needs updating
proxy | 2022/05/01 14:50:05 [014] GET https://github.com:443/dart-lang/setup-dart.git/info/refs?service=git-upload-pack
proxy | 2022/05/01 14:50:05 [014] * authenticating git server request (host: github.com)
proxy | 2022/05/01 14:50:05 [014] 200 https://github.com:443/dart-lang/setup-dart.git/info/refs?service=git-upload-pack
updater | INFO <job_358391193> Latest version is 1
updater | INFO <job_358391193> No update needed for dart-lang/setup-dart 1
We're showing v1.3 in the github app marketplace listing, and do have a repo release here for 1.3, so I'm not sure what other metadata we're missing.
Nevermind - this is WAI from the POV of dependabot.
If you have a major version dep in your actions config file, dependabot won't offer to upgrade it until there's a new major version.
If I change the dart-lang/setup-dart dep from dart-lang/setup-dart@v1 to dart-lang/setup-dart@v1.0, and commit that, then dependabot does come along later and offer to upgrade to dart-lang/setup-dart@v1.3.
If we have the ability to specify the dep version that people take on the action, we may want to change it to use the current minor version (1.3).
The only references I can find in this repo to the setup-dart version dep are in the readme - 4 examples of adding a dep on this action (setup-dart@v1). I recommend that we use a more fully qualified version here (dart-lang/setup-dart@v1.3), so that people using dependabot will get upgrade PRs.