Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot Not Upgrading Phpstan 1.12.9 to 1.12.16 #11473

Open
1 task done
oleibman opened this issue Feb 3, 2025 · 1 comment
Open
1 task done

Dependabot Not Upgrading Phpstan 1.12.9 to 1.12.16 #11473

oleibman opened this issue Feb 3, 2025 · 1 comment
Labels
L: php:composer Issues and code for Composer T: bug 🐞 Something isn't working

Comments

@oleibman
Copy link

oleibman commented Feb 3, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Github

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:

  • package-ecosystem: composer
    directory: "/"
    schedule:
    interval: monthly
    time: "11:00"
    open-pull-requests-limit: 10

Updated dependency

phpstan/phpstan 1.12.9 not upgrading to 1.12.16
(less important) phpstan/phpstan-phpunit not upgrading from 1.4.0 to 1.4.2

What you expected to see, versus what you actually saw

I reported this to github first, the ticket there is https://support.github.com/ticket/personal/0/3211886

Github phpoffice/phpspreadsheet currently uses Phpstan 1.12.9. Dependabot runs for us on the first of every month. I would have expected the Feb. 1 run to upgrade Phpstan to 1.12.16. However, it did not upgrade Phpstan at all. (Url for the log file is given below.)

2025/02/01 11:35:11 INFO <job_957104315> No update possible for phpstan/phpstan 1.12.9

The log seems to indicate that it wants us to upgrade to phpstan/phpstan and phpstan/phpstan-phpunit release 2, but we are not ready for that yet (work is in progress). There is no such requirement in our composer.json or composer.lock files (and phpstan certainly hasn't abandoned release 1). So I don't know where that requirement is coming from. Is there something we need to do differently, aside from upgrading to release 2, to get our timely update?

It is not that it is a particularly big deal for us to update manually. My main concern is that we might be missing out on other updates for a similarly reason, when the version of a package that we are using is no longer part of the latest release.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

https://github.com/PHPOffice/PhpSpreadsheet/actions/runs/13088200476/job/36521847892

Smallest manifest that reproduces the issue

No response
@oleibman oleibman added the T: bug 🐞 Something isn't working label Feb 3, 2025
@robaiken robaiken added the L: php:composer Issues and code for Composer label Feb 4, 2025
@cs278
Copy link

cs278 commented Feb 4, 2025

Same issue as #11301

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: php:composer Issues and code for Composer T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cs278 @robaiken @oleibman