-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot not creating updates? (Which?) #2615
Comments
Doing this causes that UI to point me to #2602, which was closed without being merged (why?). |
@jingtang10 which specific dependency from #2598 were you hoping to receive an automated Dependabot bump/upgrade PR for? Perhaps it's easier to debug this chasing a specific example. |
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#investigating-errors-with-dependabot-version-updates points to looking at https://github.com/google/android-fhir/network/updates. I'm not seeing anything fundamentally broken there. |
android studio is giving a lot of suggestions in the version catalog that many libraries now have later versions but i'm not seeing dependabot creating prs. |
Interesting. I'd say let's wait until coming Monday (given our Dependabot schedule; see above), as the first step. If no new updates for this library by Tuesday, let's dig deeper, and possibly reach out to GitHub support. |
@jingtang10 Dependabot did open e.g. #2622 and #2619 yesterday... do you want to close this issue, based on seeing that? Or were you expecting more PRs for more dependencies? Then it's possible I can help to tweak the config to lower the "throttling" which I'm assuming it currently does... I can make it raise PRs for ALL possible updates EVERY day. But that COULD "overwhelm" the reviewers team? Your call, let me know. |
@jingtang10 also I just noticed #2620 and #2621 and #2623 were raised by Dependabot yesterday, and merged. |
Thanks Michael |
@jingtang10 asked why, after #2598 was merged (when EXACTLY?) Dependabot does not generate PRs to upgrade some of the libraries that PR moved to the version catalog; let's look into and track that in this issue.
https://github.com/google/android-fhir/blob/master/.github/dependabot.yaml is currently configured to propose updates only once a week, on Mondays. Perhaps it just needs more time?
But e.g. on https://github.com/google/android-fhir/security/dependabot/70 it says: "Dependabot has taken too long to create an update. Dependabot may be experiencing problems creating updates for this project. If this problem persists, please contact support." and links to https://docs.github.com/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
I'll click "Try again" on that UI to see if that helps...
The text was updated successfully, but these errors were encountered: