You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What you expected to see, versus what you actually saw
Observed behavor
We have an allow list that permits a small subset of Nuget packages to be updated.
On multiple occasions recently, the description in the PR created by Dependabot lists one or more "disallowed" packages as being included in the update, even though there are no changes to the actual manifest (.csproj) files for the disallowed packages.
Specific packages shown in the description include System.Net.Http, System.Collections.Immutable,
The PR itself updated exactly what it should have, based on the allow list; the issue is in the PR description itself.
Expected behavior
Disallowed packages should not appear in the description of Dependabot PRs
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
newrelic/newrelic-dotnet-agent#2702 -- this one listed a whole bunch of packages in the description, but the only package actually updated was Microsoft.NET.Test.Sdk, which is on the allow list.
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Package ecosystem
nuget
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
https://github.com/newrelic/newrelic-dotnet-agent/blob/main/.github/dependabot.yml#L28 -- refer to the the
nuget-testsgroup starting at line 28Updated dependency
No response
What you expected to see, versus what you actually saw
Observed behavor
We have an allow list that permits a small subset of Nuget packages to be updated.
On multiple occasions recently, the description in the PR created by Dependabot lists one or more "disallowed" packages as being included in the update, even though there are no changes to the actual manifest (
.csproj) files for the disallowed packages.Specific packages shown in the description include
System.Net.Http,System.Collections.Immutable,The PR itself updated exactly what it should have, based on the allow list; the issue is in the PR description itself.
Expected behavior
Disallowed packages should not appear in the description of Dependabot PRs
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Recent Dependabot PRs exhibiting this behavior:
newrelic/newrelic-dotnet-agent#2746
newrelic/newrelic-dotnet-agent#2780
Both of these list
System.Net.HttpandSytem.Collections.Immutablein the description, but there (correctly) not updated in the PR.newrelic/newrelic-dotnet-agent#2702 -- this one listed a whole bunch of packages in the description, but the only package actually updated was
Microsoft.NET.Test.Sdk, which is on the allow list.Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: