Dependabot reports non-existent NuGet update in PR description that is also a downgrade #11306
Open
1 task done
Labels
T: bug 🐞
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Package ecosystem
NuGet
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
martincostello/costellobot@693cdf4
dependabot.yml content
https://github.com/martincostello/costellobot/blob/693cdf4e20e8ac89359f162c9e44cc0e29c5f62f/.github/dependabot.yml
Updated dependency
martincostello/costellobot#1953
What you expected to see, versus what you actually saw
The pull request description claims to have updated Azure.Identity and System.Text.Json.
Viewing the diff shows that System.Text.Json has not been upgraded at all.
The pull request also claims that the package has been downgraded:
Dependabot should not include System.Text.Json in the PR/commit description at all as it was not updated, but should also not be trying to downgrade packages.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
martincostello/costellobot#1953
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: