Not all the dependency files are getting updated in the Pull Request using depenadbot v2

[vishnuprakash9845]

Describe the bug
I am managing NuGet packages, specifically SumNumbers, in Azure Artifacts and have configured the following dependabot.yml file for version updates. The pipeline triggers using Dependabot with the below configuration. In my Test Repo at two places have the .csproj file which has the package reefrence of the nuget in src folder and test folder.

My Repository Structure

dependabot.yml

version: 2
updates:
-package-ecosystem: "nuget" # See documentation for possible values
  directory: "/" # Location of package manifests
  target-branch: "main"
  labels:
    - "SumNumbers"
    - "Nuget dependencies"
  commit-message:
      prefix: "Nuget SumNumbers Dependency Update"
  allow:
    - dependency-name: "SumNumbers"
  open-pull-requests-limit: 5
  registries:
      - azure_artifacts
registries:
  azure_artifacts:
    type: "nuget-feed"
    url: "https://pkgs.dev.azure.com/MyProject/47ad2345353535/_packaging/learningfeed/nuget/v3/index.json"
    token: "PAT:<PAT_TOKEN>"

azure-pipelines.yml

- task: dependabot@2
  inputs:
    setAutoComplete: true
    mergeStrategy: 'noFastForward'
    autoApprove: false
    autoApproveUserToken: '<PAT>'
    azureDevOpsAccessToken: '<PAT>'

In the logs, Dependabot successfully detects the latest NuGet package versions (from 2.0.14 to 2.0.16). Its created the pull request with Dependabot V2, with only one file its updating in src folder, for test folder its not updating the file..

I have tried to update the dependabot.yml

version: 2
updates:
-package-ecosystem: "nuget" # See documentation for possible values
  directories:
    - "**/*"
  target-branch: "main"

but getting error as

[error]Failed to create pull request: Error: Request to 'https://dev.azure.com/xxxx/_apis/git/repositories/xxxx/pushes' failed: 409 Conflict

Categorization

• This is not a permissions issue (Seek help at 403 error when Dependabot tries to create a pull request #1245)

Expected behavior
The new Dependabot V2 should able to detect nuget version in all the src and test folders .csproj files and create a PR.

Logs and screenshots
This logs for dependabot.yml including directories

version: 2
updates:
-package-ecosystem: "nuget" # See documentation for possible values
  directories:
    - "**/*"
  target-branch: "main"

{"$id":"1","innerException":null,"message":"TF401028: The reference 'refs/heads/dependabot/nuget/test-dev1/SumNumbers-2.0.16' has already been updated by another client, so you cannot update it. Please try again.","typeName":"Microsoft.TeamFoundation.Git.Server.GitReferenceStaleException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitReferenceStaleException","errorCode":0,"eventId":3000}
##[error]Failed to create pull request: Error: Request to 'https://dev.azure.com/xxxx/_apis/git/repositories/xxxx/pushes' failed: 409 Conflict

Extension (please complete the following information):

• Host Azure DevOps
• Version 1.36.0.987

Additional context
I have recently migrated to Dependabot V2 from the previous version. In the past, the configuration worked smoothly for triggering PRs in Azure Pipelines with dependabot@1. However, the new setup seems to work partially during the PR creation step, despite successful version detection. I request someone from community to help on this.

[rhyskoedijk]

@vishnuprakash9845, does your project have a .sln file?
If you want one pull request that updates both projects, you'll need to create a solution file in the root dir that references both projects. e.g.

~/SumNumbers.sln
  ~/src/src.csproj
  ~/test/test.csproj

updates:
-package-ecosystem: "nuget"
  directory: '/'
  target-branch: "main"

If you want two pull requests, one for each sub-directory, try this config:

updates:
-package-ecosystem: "nuget"
  directories:
    - "/src"
    - "/test"
  target-branch: "main"

Using directories: "**/*" might work better in the latest version (1.36.1); However, I haven't tested that scenario yet, but will investigate it when I have time. Using globs to match every possible directory is probably causing some issues with the branch names not being unique enough, if I had to guess. If possible, I'd suggest using one of the above two options.

[vishnuprakash9845]

@vishnuprakash9845, does your project have a .sln file? If you want one pull request that updates both projects, you'll need to create a solution file in the root dir that references both projects. e.g.

~/SumNumbers.sln
  ~/src/src.csproj
  ~/test/test.csproj

updates:
-package-ecosystem: "nuget"
  directory: '/'
  target-branch: "main"

If you want two pull requests, one for each sub-directory, try this config:

updates:
-package-ecosystem: "nuget"
  directories:
    - "/src"
    - "/test"
  target-branch: "main"

Using directories: "**/*" might work better in the latest version (1.36.1); However, I haven't tested that scenario yet, but will investigate it when I have time. Using globs to match every possible directory is probably causing some issues with the branch names not being unique enough, if I had to guess. If possible, I'd suggest using one of the above two options.

@rhyskoedijk Thank you for the quick response.

Yes, my project contains a solution that references both projects (located inside the src and test directories).
I initially tried the following configuration for one pull request to update both projects:

~/SumNumbers.sln
  ~/src/src.csproj
  ~/test/test.csproj

updates:
  - package-ecosystem: "nuget"
    directory: '/'
    target-branch: "main"

However, this approach resulted in a pull request that only contained changes for the src project.

Next, I tried this configuration for two separate pull requests (one for each sub-directory):

updates:
  - package-ecosystem: "nuget"
    directories:
      - "/src"
      - "/test"
    target-branch: "main"

Unfortunately, I encountered the same issue, and I received the following error message:
{"$id":"1","innerException":null,"message":"TF401028: The reference 'refs/heads/dependabot/nuget/main/xxx-2.0.16' has already been updated by another client, so you cannot update it. Please try again.","typeName":"Microsoft.TeamFoundation.Git.Server.GitReferenceStaleException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitReferenceStaleException","errorCode":0,"eventId":3000}

It appears that two pull requests are being created, but one of them is encountering a conflict.

The error message suggests that the conflict is likely due to simultaneous changes being made to the same branch by another process or client. This results in a branch update issue, leading to the following error i beleive.

[vishnuprakash9845]

Sometimes observed this error also for the below dependabot.yml config file

updates:
  - package-ecosystem: "nuget"
    directories:
      - "/src"
      - "/test"
    target-branch: "main"

[rhyskoedijk]

The reference 'refs/heads/dependabot/nuget/main/xxx-2.0.16' has already been updated by another client

Just to confirm, have you run this using the latest version of the extension (1.36.1)? There was a bug with branch name calculations that was fixed in the latest version; I would expect that the branch name be refs/heads/dependabot/nuget/main/src/xxx-2.0.16, but in your logs it is /main/xxx-2.0.16 instead of /main/src/xxx-2.0.16.

If you have recently run this using the latest version, then perhaps there is still a bug with the branch name calculation; I will see if I can re-create your project setup and get the same error.

Also regarding the "update_not_possible" error; I have seen this error a lot for NuGet projects lately and it might be an issue in dependabot-core. Check if any of these issues are the same as yours:
https://github.com/dependabot/dependabot-core/issues?q=is%3Aissue+is%3Aopen+label%3A%22L%3A+dotnet%3Anuget%22+update_not_possible+

[Ossiam]

I also got the update_not_possible back, even after I enabled the experimental flags: nuget_native_analysis=true,nuget_dependency_solver=true
Not sure if I should keep the flags at this point.

2024-10-13T00:50:55.7827261Z updater | |                        Dependencies failed to update                        |
2024-10-13T00:50:55.7827605Z updater | +-------------------------------------------------------+---------------------+
2024-10-13T00:50:55.7827884Z updater | | Microsoft.Extensions.DependencyInjection              | update_not_possible |
2024-10-13T00:50:55.7828139Z updater | | Microsoft.Extensions.DependencyInjection.Abstractions | update_not_possible |
2024-10-13T00:50:55.7828417Z updater | | Microsoft.Extensions.Logging.Abstractions             | update_not_possible |
2024-10-13T00:50:55.7828676Z updater | | Microsoft.Extensions.Caching.Memory                   | update_not_possible |
2024-10-13T00:50:55.7829044Z updater | +-------------------------------------------------------+---------------------+

I suspect that Dependabot detects the wrong version. Microsoft.Extensions.DependencyInjection in this project is already at the latest version (8.0.1), but here it states it's at 8.0.0. Microsoft.Extensions.DependencyInjection.Abstractions is also at latest.

2024-10-13T00:05:26.7801320Z updater |           "Name": "Microsoft.Extensions.DependencyInjection",
2024-10-13T00:05:26.7801534Z updater |           "Version": "8.0.0",
2024-10-13T00:05:26.7801723Z updater |           "Type": "PackageReference",
2024-10-13T00:05:26.7801902Z updater |           "EvaluationResult": {
2024-10-13T00:05:26.7802092Z updater |             "ResultType": "Success",
2024-10-13T00:05:26.7802281Z updater |             "OriginalValue": "8.0.0",
2024-10-13T00:05:26.7802470Z updater |             "EvaluatedValue": "8.0.0",
2024-10-13T00:05:26.7802657Z updater |             "RootPropertyName": null,
2024-10-13T00:05:26.7802847Z updater |             "ErrorMessage": null
2024-10-13T00:05:26.7803016Z updater |           },
2024-10-13T00:05:26.7803188Z updater |           "TargetFrameworks": [
2024-10-13T00:05:26.7803364Z updater |             "net8.0"
2024-10-13T00:05:26.7803513Z updater |           ],
2024-10-13T00:05:26.7803689Z updater |           "IsDevDependency": false,
2024-10-13T00:05:26.7803873Z updater |           "IsDirect": true,
2024-10-13T00:05:26.7804056Z updater |           "IsTransitive": false,
2024-10-13T00:05:26.7804231Z updater |           "IsOverride": false,
2024-10-13T00:05:26.7804410Z updater |           "IsUpdate": false,
2024-10-13T00:05:26.7804588Z updater |           "InfoUrl": null
2024-10-13T00:05:26.7804755Z updater |         },

Here's part of the log where it attempts to update to 8.0.1 but fails, which I assume is because it's already at that version.

2024-10-13T00:14:36.5248527Z updater | 2024/10/13 00:14:36 INFO <job_update_0_nuget_all> Checking if Microsoft.Extensions.DependencyInjection 8.0.0 needs updating
2024-10-13T00:14:36.5258185Z updater | 2024/10/13 00:14:36 INFO <job_update_0_nuget_all> Ignored versions:
2024-10-13T00:14:36.5259110Z updater | 2024/10/13 00:14:36 INFO <job_update_0_nuget_all>   version-update:semver-major - from 
2024-10-13T00:14:36.5271638Z updater | 2024/10/13 00:14:36 INFO <job_update_0_nuget_all> Writing dependency info: {"Name":"Microsoft.Extensions.DependencyInjection","Version":"8.0.0","IsVulnerable":false,"IgnoredVersions":[">= 9.a"],"Vulnerabilities":[]}
2024-10-13T00:14:36.5279568Z updater | running NuGet analyze:
2024-10-13T00:14:36.5280417Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli analyze --repo-root /home/dependabot/dependabot-updater/repo --discovery-file-path /tmp/.dependabot/discovery.1.json --dependency-file-path /tmp/.dependabot/dependency/Microsoft.Extensions.DependencyInjection.json --analysis-folder-path /tmp/.dependabot/analysis
2024-10-13T00:14:39.3610393Z updater | Starting analysis of Microsoft.Extensions.DependencyInjection...
2024-10-13T00:14:39.3611394Z updater |   Determining multi-dependency property.
2024-10-13T00:14:39.3614628Z updater |   Finding updated version.
2024-10-13T00:14:39.3614923Z updater |   Finding updated peer dependencies.
2024-10-13T00:14:39.3615125Z updater | Analysis complete.
2024-10-13T00:14:39.3631056Z updater |   Writing analysis result to [/tmp/.dependabot/analysis/Microsoft.Extensions.DependencyInjection.json].
2024-10-13T00:14:39.3631439Z updater | 2024/10/13 00:14:39 INFO <job_update_0_nuget_all> Microsoft.Extensions.DependencyInjection.json analysis content: {
2024-10-13T00:14:39.3631724Z updater |   "UpdatedVersion": "8.0.1",
2024-10-13T00:14:39.3631915Z updater |   "CanUpdate": true,
2024-10-13T00:14:39.3632128Z updater |   "VersionComesFromMultiDependencyProperty": false,
2024-10-13T00:14:39.3632345Z updater |   "UpdatedDependencies": [
2024-10-13T00:14:39.3632503Z updater |     {
2024-10-13T00:14:39.3632708Z updater |       "Name": "Microsoft.Extensions.DependencyInjection",
2024-10-13T00:14:39.3632921Z updater |       "Version": "8.0.1",
2024-10-13T00:14:39.3633114Z updater |       "Type": "Unknown",
2024-10-13T00:14:39.3633304Z updater |       "EvaluationResult": null,
2024-10-13T00:14:39.3633483Z updater |       "TargetFrameworks": [
2024-10-13T00:14:39.3633660Z updater |         "net8.0"
2024-10-13T00:14:39.3633831Z updater |       ],
2024-10-13T00:14:39.3634010Z updater |       "IsDevDependency": false,
2024-10-13T00:14:39.3634188Z updater |       "IsDirect": false,
2024-10-13T00:14:39.3634373Z updater |       "IsTransitive": false,
2024-10-13T00:14:39.3634560Z updater |       "IsOverride": false,
2024-10-13T00:14:39.3634743Z updater |       "IsUpdate": false,
2024-10-13T00:14:39.3634945Z updater |       "InfoUrl": "https://github.com/dotnet/runtime"
2024-10-13T00:14:39.3635120Z updater |     },
2024-10-13T00:14:39.3635279Z updater |     {
2024-10-13T00:14:39.3635491Z updater |       "Name": "Microsoft.Extensions.DependencyInjection.Abstractions",
2024-10-13T00:14:39.3635715Z updater |       "Version": "8.0.2",
2024-10-13T00:14:39.3636463Z updater |       "Type": "Unknown",
2024-10-13T00:14:39.3636656Z updater |       "EvaluationResult": null,
2024-10-13T00:14:39.3636849Z updater |       "TargetFrameworks": [
2024-10-13T00:14:39.3637024Z updater |         "net8.0"
2024-10-13T00:14:39.3637190Z updater |       ],
2024-10-13T00:14:39.3637356Z updater |       "IsDevDependency": false,
2024-10-13T00:14:39.3637547Z updater |       "IsDirect": false,
2024-10-13T00:14:39.3637731Z updater |       "IsTransitive": false,
2024-10-13T00:14:39.3637919Z updater |       "IsOverride": false,
2024-10-13T00:14:39.3638085Z updater |       "IsUpdate": false,
2024-10-13T00:14:39.3638290Z updater |       "InfoUrl": "https://github.com/dotnet/runtime"
2024-10-13T00:14:39.3638478Z updater |     }
2024-10-13T00:14:39.3638632Z updater |   ],
2024-10-13T00:14:39.3638801Z updater |   "ErrorType": null,
2024-10-13T00:14:39.3638969Z updater |   "ErrorDetails": null
2024-10-13T00:14:39.3639140Z updater | }
2024-10-13T00:14:39.3639363Z updater | 2024/10/13 00:14:39 INFO <job_update_0_nuget_all> Latest version is 8.0.1
2024-10-13T00:14:39.3639648Z updater | 2024/10/13 00:14:39 INFO <job_update_0_nuget_all> Requirements to unlock all
2024-10-13T00:14:39.3639917Z updater | 2024/10/13 00:14:39 INFO <job_update_0_nuget_all> Requirements update strategy 
2024-10-13T00:14:39.3644363Z updater | 2024/10/13 00:14:39 INFO <job_update_0_nuget_all> Updating Microsoft.Extensions.DependencyInjection, Microsoft.Extensions.DependencyInjection.Abstractions
2024-10-13T00:14:39.3653025Z updater | running NuGet updater:
2024-10-13T00:14:39.3653899Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/project.Api/project.Api.csproj --dependency Microsoft.Extensions.DependencyInjection --new-version 8.0.1 --previous-version 8.0.0 --result-output-path /tmp/update-result.json
2024-10-13T00:14:44.0542776Z updater |   No dotnet-tools.json file found.
2024-10-13T00:14:44.0543074Z updater |   No global.json file found.
2024-10-13T00:14:44.0543297Z updater | Running for project file [src/project.Api/project.Api.csproj]
2024-10-13T00:14:44.0543677Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Tool/project.Tool.csproj]
2024-10-13T00:14:44.0544269Z updater |   Running for SDK-style project
2024-10-13T00:14:44.0544740Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/project.Tool/project.Tool.csproj].
2024-10-13T00:14:44.0545187Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Api/project.Api.csproj]
2024-10-13T00:14:44.0545475Z updater |   Running for SDK-style project
2024-10-13T00:14:44.0546047Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.Api/project.Api.csproj].
2024-10-13T00:14:44.0546355Z updater | Update complete.
2024-10-13T00:14:44.0546648Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-13T00:14:44.0546936Z updater | 2024/10/13 00:14:44 INFO <job_update_0_nuget_all> update result: {
2024-10-13T00:14:44.0547147Z updater |   "ErrorType": null,
2024-10-13T00:14:44.0547337Z updater |   "ErrorDetails": null
2024-10-13T00:14:44.0547509Z updater | }
2024-10-13T00:14:44.0560176Z updater | running NuGet updater:
2024-10-13T00:14:44.0561376Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/project.Migration/project.Migration.csproj --dependency Microsoft.Extensions.DependencyInjection --new-version 8.0.1 --previous-version 8.0.0 --result-output-path /tmp/update-result.json
2024-10-13T00:14:46.7912662Z updater |   No dotnet-tools.json file found.
2024-10-13T00:14:46.7913378Z updater |   No global.json file found.
2024-10-13T00:14:46.7913921Z updater | Running for project file [src/project.Migration/project.Migration.csproj]
2024-10-13T00:14:46.7915018Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Migration/project.Migration.csproj]
2024-10-13T00:14:46.7916742Z updater |   Running for SDK-style project
2024-10-13T00:14:46.7917427Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.Migration/project.Migration.csproj].
2024-10-13T00:14:46.7917861Z updater | Update complete.
2024-10-13T00:14:46.7968759Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-13T00:14:46.7969105Z updater | 2024/10/13 00:14:46 INFO <job_update_0_nuget_all> update result: {
2024-10-13T00:14:46.7969338Z updater |   "ErrorType": null,
2024-10-13T00:14:46.7969509Z updater |   "ErrorDetails": null
2024-10-13T00:14:46.7969678Z updater | }
2024-10-13T00:14:46.7969854Z updater | running NuGet updater:
2024-10-13T00:14:46.7970672Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/project.Functions/project.Functions.csproj --dependency Microsoft.Extensions.DependencyInjection --new-version 8.0.1 --previous-version 8.0.0 --result-output-path /tmp/update-result.json
2024-10-13T00:14:55.6265063Z updater |   No dotnet-tools.json file found.
2024-10-13T00:14:55.6265411Z updater |   No global.json file found.
2024-10-13T00:14:55.6265649Z updater | Running for project file [src/project.Functions/project.Functions.csproj]
2024-10-13T00:14:55.6266163Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Functions.Converter/project.Functions.Converter.csproj]
2024-10-13T00:14:55.6266510Z updater |   Running for SDK-style project
2024-10-13T00:14:55.6267032Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/project.Functions.Converter/project.Functions.Converter.csproj].
2024-10-13T00:14:55.6267569Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Functions.Events/project.Functions.Events.csproj]
2024-10-13T00:14:55.6267903Z updater |   Running for SDK-style project
2024-10-13T00:14:55.6268415Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/project.Functions.Events/project.Functions.Events.csproj].
2024-10-13T00:14:55.6269442Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Functions.Materializer/project.Functions.Materializer.csproj]
2024-10-13T00:14:55.6269779Z updater |   Running for SDK-style project
2024-10-13T00:14:55.6270308Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/project.Functions.Materializer/project.Functions.Materializer.csproj].
2024-10-13T00:14:55.6270812Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Functions/project.Functions.csproj]
2024-10-13T00:14:55.6271133Z updater |   Running for SDK-style project
2024-10-13T00:14:55.6271642Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.Functions/project.Functions.csproj].
2024-10-13T00:14:55.6271960Z updater | Update complete.
2024-10-13T00:14:55.6272229Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-13T00:14:55.6272506Z updater | 2024/10/13 00:14:55 INFO <job_update_0_nuget_all> update result: {
2024-10-13T00:14:55.6272733Z updater |   "ErrorType": null,
2024-10-13T00:14:55.6272913Z updater |   "ErrorDetails": null
2024-10-13T00:14:55.6273067Z updater | }
2024-10-13T00:14:55.6283438Z updater | running NuGet updater:
2024-10-13T00:14:55.6284377Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/project.IntegrationTests/project.IntegrationTests.csproj --dependency Microsoft.Extensions.DependencyInjection --new-version 8.0.1 --previous-version 8.0.0 --result-output-path /tmp/update-result.json
2024-10-13T00:15:05.7399260Z updater |   Updating [src/project.IntegrationTests/.config/dotnet-tools.json] file.
2024-10-13T00:15:05.7399725Z updater |     Dependency [Microsoft.Extensions.DependencyInjection] not found.
2024-10-13T00:15:05.7399956Z updater |   No global.json file found.
2024-10-13T00:15:05.7400186Z updater | Running for project file [src/project.IntegrationTests/project.IntegrationTests.csproj]
2024-10-13T00:15:05.7400629Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.CloudAgentEmulator/project.CloudAgentEmulator.csproj]
2024-10-13T00:15:05.7400959Z updater |   Running for SDK-style project
2024-10-13T00:15:05.7401509Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.CloudAgentEmulator/project.CloudAgentEmulator.csproj].
2024-10-13T00:15:05.7405902Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Functions.Materializer/project.Functions.Materializer.csproj]
2024-10-13T00:15:05.7406324Z updater |   Running for SDK-style project
2024-10-13T00:15:05.7406849Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/project.Functions.Materializer/project.Functions.Materializer.csproj].
2024-10-13T00:15:05.7407357Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Emulator/project.Emulator.csproj]
2024-10-13T00:15:05.7407671Z updater |   Running for SDK-style project
2024-10-13T00:15:05.7408201Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.Emulator/project.Emulator.csproj].
2024-10-13T00:15:05.7408736Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/Se.project.CloudAgent.Protocol/Se.project.CloudAgent.Protocol.csproj]
2024-10-13T00:15:05.7409075Z updater |   Running for SDK-style project
2024-10-13T00:15:05.7409603Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/Se.project.CloudAgent.Protocol/Se.project.CloudAgent.Protocol.csproj].
2024-10-13T00:15:05.7410351Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.IntegrationTests/project.IntegrationTests.csproj]
2024-10-13T00:15:05.7410681Z updater |   Running for SDK-style project
2024-10-13T00:15:05.7411216Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.IntegrationTests/project.IntegrationTests.csproj].
2024-10-13T00:15:05.7411544Z updater | Update complete.
2024-10-13T00:15:05.7411833Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-13T00:15:05.7412172Z updater | 2024/10/13 00:15:05 INFO <job_update_0_nuget_all> update result: {
2024-10-13T00:15:05.7412572Z updater |   "ErrorType": null,
2024-10-13T00:15:05.7412758Z updater |   "ErrorDetails": null
2024-10-13T00:15:05.7412927Z updater | }
2024-10-13T00:15:05.7424470Z updater | running NuGet updater:
2024-10-13T00:15:05.7425392Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/project.CloudAgentEmulator/project.CloudAgentEmulator.csproj --dependency Microsoft.Extensions.DependencyInjection --new-version 8.0.1 --previous-version 8.0.0 --result-output-path /tmp/update-result.json
2024-10-13T00:15:09.9985227Z updater |   No dotnet-tools.json file found.
2024-10-13T00:15:09.9985888Z updater |   No global.json file found.
2024-10-13T00:15:09.9986246Z updater | Running for project file [src/project.CloudAgentEmulator/project.CloudAgentEmulator.csproj]
2024-10-13T00:15:09.9986793Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/Se.project.CloudAgent.Protocol/Se.project.CloudAgent.Protocol.csproj]
2024-10-13T00:15:09.9987498Z updater |   Running for SDK-style project
2024-10-13T00:15:09.9988116Z updater |     Package [Microsoft.Extensions.DependencyInjection] Does not exist as a dependency in [/home/dependabot/dependabot-updater/repo/src/Se.project.CloudAgent.Protocol/Se.project.CloudAgent.Protocol.csproj].
2024-10-13T00:15:09.9988724Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.CloudAgentEmulator/project.CloudAgentEmulator.csproj]
2024-10-13T00:15:09.9989140Z updater |   Running for SDK-style project
2024-10-13T00:15:09.9989776Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.CloudAgentEmulator/project.CloudAgentEmulator.csproj].
2024-10-13T00:15:09.9990186Z updater | Update complete.
2024-10-13T00:15:09.9990548Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-13T00:15:09.9990915Z updater | 2024/10/13 00:15:09 INFO <job_update_0_nuget_all> update result: {
2024-10-13T00:15:09.9991219Z updater |   "ErrorType": null,
2024-10-13T00:15:09.9991480Z updater |   "ErrorDetails": null
2024-10-13T00:15:09.9991710Z updater | }
2024-10-13T00:15:10.0011397Z updater | running NuGet updater:
2024-10-13T00:15:10.0012599Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/dependabot-updater/repo --solution-or-project /home/dependabot/dependabot-updater/repo/src/project.Emulator/project.Emulator.csproj --dependency Microsoft.Extensions.DependencyInjection --new-version 8.0.1 --previous-version 8.0.0 --result-output-path /tmp/update-result.json
2024-10-13T00:15:12.5155322Z updater |   No dotnet-tools.json file found.
2024-10-13T00:15:12.5155735Z updater |   No global.json file found.
2024-10-13T00:15:12.5157199Z updater | Running for project file [src/project.Emulator/project.Emulator.csproj]
2024-10-13T00:15:12.5158036Z updater | Updating project [/home/dependabot/dependabot-updater/repo/src/project.Emulator/project.Emulator.csproj]
2024-10-13T00:15:12.5158579Z updater |   Running for SDK-style project
2024-10-13T00:15:12.5159261Z updater |     Package [Microsoft.Extensions.DependencyInjection] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/src/project.Emulator/project.Emulator.csproj].
2024-10-13T00:15:12.5160058Z updater | Update complete.
2024-10-13T00:15:12.5160503Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-13T00:15:12.5165953Z updater | 2024/10/13 00:15:12 INFO <job_update_0_nuget_all> update result: {
2024-10-13T00:15:12.5166511Z updater |   "ErrorType": null,
2024-10-13T00:15:12.5166963Z updater |   "ErrorDetails": null
2024-10-13T00:15:12.5167154Z updater | }
2024-10-13T00:15:12.5324827Z   proxy | 2024/10/13 00:15:12 [001] POST http://host.docker.internal:45641/update_jobs/update_0_nuget_all/record_update_job_error
2024-10-13T00:15:12.5335094Z {"data":{"error-type":"update_not_possible","error-details":{"dependencies":["Microsoft.Extensions.DependencyInjection"]}},"type":"record_update_job_error"}
2024-10-13T00:15:12.5337472Z   proxy | 2024/10/13 00:15:12 [001] 200 http://host.docker.internal:45641/update_jobs/update_0_nuget_all/record_update_job_error
2024-10-13T00:15:12.5352390Z updater | 2024/10/13 00:15:12 INFO <job_update_0_nuget_all> Handled error whilst updating Microsoft.Extensions.DependencyInjection: update_not_possible {:dependencies=>["Microsoft.Extensions.DependencyInjection"]}
2024-10-13T00:15:12.5399095Z updater | 2024/10/13 00:15:12 INFO <job_update_0_nuget_all> Checking if Microsoft.Extensions.DependencyInjection.Abstractions 8.0.1 needs updating
2024-10-13T00:15:12.5410905Z updater | 2024/10/13 00:15:12 INFO <job_update_0_nuget_all> Ignored versions:
2024-10-13T00:15:12.5415843Z updater | 2024/10/13 00:15:12 INFO <job_update_0_nuget_all>   version-update:semver-major - from 
2024-10-13T00:15:12.5429747Z updater | 2024/10/13 00:15:12 INFO <job_update_0_nuget_all> Writing dependency info: {"Name":"Microsoft.Extensions.DependencyInjection.Abstractions","Version":"8.0.1","IsVulnerable":false,"IgnoredVersions":[">= 9.a"],"Vulnerabilities":[]}
2024-10-13T00:15:12.5437722Z updater | running NuGet analyze:
2024-10-13T00:15:12.5438780Z updater | /opt/nuget/NuGetUpdater/NuGetUpdater.Cli analyze --repo-root /home/dependabot/dependabot-updater/repo --discovery-file-path /tmp/.dependabot/discovery.1.json --dependency-file-path /tmp/.dependabot/dependency/Microsoft.Extensions.DependencyInjection.Abstractions.json --analysis-folder-path /tmp/.dependabot/analysis
2024-10-13T00:15:15.1602241Z updater | Starting analysis of Microsoft.Extensions.DependencyInjection.Abstractions...
2024-10-13T00:15:15.1605582Z updater |   Determining multi-dependency property.
2024-10-13T00:15:15.1605831Z updater |   Finding updated version.
2024-10-13T00:15:15.1606040Z updater |   Finding updated peer dependencies.
2024-10-13T00:15:15.1606243Z updater | Analysis complete.
2024-10-13T00:15:15.1606537Z updater |   Writing analysis result to [/tmp/.dependabot/analysis/Microsoft.Extensions.DependencyInjection.Abstractions.json].

It also took 50 minutes when a nuget project should only take max 10 minutes, so I'm assuming it gets stuck/retries for a while

[Ossiam]

Tried a run with the experiments disabled, and the PR was successfully created. But I enabled the flags because I got the same issues in another project to begin with.

So I'll test a while with these experiments disabled for all projects. Worst case I'll need to create a retry-strategy that reruns Dependabot with the experiments if it fails.

[Ossiam]

On another project it fails to update both with experiments disabled and enabled unfortunately

updater | +------------------------------------------------------------------------------------------------------------------------------------+
updater | |                                                Changes to Dependabot Pull Requests                                                 |
updater | +---------+--------------------------------------------------------------------------------------------------------------------------+
updater | | created | FSharp.Core ( from 8.0.400 to 8.0.401 ), Microsoft.Extensions.Logging.Abstractions ( from 8.0.1 to 8.0.2 ), Microsoft... |
updater | +---------+--------------------------------------------------------------------------------------------------------------------------+
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +------------------------------------------------------------+
updater | |               Dependencies failed to update                |
updater | +--------------------------------------+---------------------+
updater | | Microsoft.EntityFrameworkCore.Design | update_not_possible |
updater | +--------------------------------------+---------------------+

I don't understand why it can't just skip that package and create a PR with the rest.

[rhyskoedijk]

On another project it fails to update both with experiments disabled and enabled unfortunately

If you are able to easily pull out minimal reproduction repo, I would be really interested in testing this scenario. I am fairly certain this is a bug in dependabot-core, but I'd like to test it to be sure there is nothing wrong with the input config going in to Dependabot CLI.

I don't understand why it can't just skip that package and create a PR with the rest.

I agree; I'm considering submitting a PR to Dependabot CLI shortly that will allow this to happen as it isn't something that can be coded around in the scope of this project unfortunately. If any update fails within Dependabot CLI, it won't write any of the outputs to the scenario file; Ideally, it would be nice if it wrote all successful outputs and just skipped the errors.

[rhyskoedijk]

After some more testing, I am fairly confident all "update_not_possible" issues mentioned here are issues within dependabot-core and cannot be fixed in the scope of this project.

If possible, raising an issue in the dependabot-core project with a minimum reproduction of your dependabot.yml and project.csproj files would be the best chance of fixing this.

The issues in the original post regarding directory handling and branch name conflicts should be fixed as of 1.36.2; if not, let me know and I'll investigate.

[rhyskoedijk]

I don't understand why it can't just skip that package and create a PR with the rest.

@Ossiam I have submitted dependabot/cli#376 to Dependabot CLI that will hopefully allow any partially successful updates to still be processed.

[rhyskoedijk]

Next, I tried this configuration for two separate pull requests (one for each sub-directory):

updates:
  - package-ecosystem: "nuget"
    directories:
      - "/src"
      - "/test"
    target-branch: "main"

Unfortunately, I encountered the same issue, and I received the following error message: {"$id":"1","innerException":null,"message":"TF401028: The reference 'refs/heads/dependabot/nuget/main/xxx-2.0.16' has already been updated by another client, so you cannot update it. Please try again.","typeName":"Microsoft.TeamFoundation.Git.Server.GitReferenceStaleException, Microsoft.TeamFoundation.Git.Server","typeKey":"GitReferenceStaleException","errorCode":0,"eventId":3000}

It appears that two pull requests are being created, but one of them is encountering a conflict.

The error message suggests that the conflict is likely due to simultaneous changes being made to the same branch by another process or client. This results in a branch update issue, leading to the following error i beleive.

@vishnuprakash9845 I'm just revisiting this, are you still having issues with PR creation or is this problem now resolved?
My understanding is that the duplicate branch name problem should be fixed in the current version (v1.38.1); The "update_not_possible" error is an issue in dependabot-core which cannot be fixed in the scope of this project, but should behave slightly better now that dependabot/cli#376 has been merged.

If there is an outstanding issue here, please let me know so I can investigate further, thanks.