Increase the dependabot open-pull-request-limit. #657
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Being limited to 5 at a time is having a productivity impact since we're behind on depndency upgrades. And I don't generally want dependabot PRs to be limited (so long as it's not an absurd number of them...).
|
|
myronmarston
added a commit
that referenced
this pull request
Jul 8, 2025
This reverts commit 9c95fcc. Since merging that change, Dependabot has begun failing with: > Dependabot can't update vulnerable dependencies without a lockfile > The currently installed version can't be determined. > > To resolve the issue add a supported lockfile (Gemfile.lock or gems.locked). Example: https://github.com/block/elasticgraph/actions/runs/16154309990/job/45593081085 I don't understand the failure (we ahve a `Gemfile.lock`!) but since the failure only started when I edited `.github/dependabot.yml`, I'm reverting it.
myronmarston
added a commit
that referenced
this pull request
Jul 8, 2025
This reverts commit 9c95fcc. Since merging that change, Dependabot has begun failing with: > Dependabot can't update vulnerable dependencies without a lockfile > The currently installed version can't be determined. > > To resolve the issue add a supported lockfile (Gemfile.lock or gems.locked). Example: https://github.com/block/elasticgraph/actions/runs/16154309990/job/45593081085 I don't understand the failure (we ahve a `Gemfile.lock`!) but since the failure only started when I edited `.github/dependabot.yml`, I'm reverting it.
myronmarston
added a commit
that referenced
this pull request
Jul 8, 2025
This partially reverts "chore: rework Gemfiles. (#645)" (cce2474). It recombines the root `Gemfile` with `config/Gemfile-for-gem`, doing away with `Gemfile-shared`, while keeping the changes to #645 that impact how the root bundle works (e.g. calling `gem` with each ElasticGraph gem, rather than `gemspec`). This appears to be necessary for dependabot. While some dependabot runs have been successful since #645 was merged, the last few runs have failed with: ``` Handled error whilst updating rubocop-rake: dependency_file_not_supported {message: "{\"errors\":[{\"status\":400,\"title\":\"Bad Request\",\"detail\":\"The request contains invalid or unauthorized changes\"}]}"} ``` I think the problem is `Gemfile-shared`: it's non standard to put gem versions there, and dependabot seems to not like it. By reverting back to a single root `Gemfile` I'm hopeful it'll fix dependabot. In addition, I've reapplied "Increase the dependabot open-pull-request-limit. (#657)", effectively reverting (#659). That was a prior attempt at fixing dependabot which didn't work.
myronmarston
added a commit
that referenced
this pull request
Jul 9, 2025
This partially reverts "chore: rework Gemfiles. (#645)" (cce2474). It recombines the root `Gemfile` with `config/Gemfile-for-gem`, doing away with `Gemfile-shared`, while keeping the changes to #645 that impact how the root bundle works (e.g. calling `gem` with each ElasticGraph gem, rather than `gemspec`). This appears to be necessary for dependabot. While some dependabot runs have been successful since #645 was merged, the last few runs have failed with: ``` Handled error whilst updating rubocop-rake: dependency_file_not_supported {message: "{\"errors\":[{\"status\":400,\"title\":\"Bad Request\",\"detail\":\"The request contains invalid or unauthorized changes\"}]}"} ``` I think the problem is `Gemfile-shared`: it's non standard to put gem versions there, and dependabot seems to not like it. By reverting back to a single root `Gemfile` I'm hopeful it'll fix dependabot. In addition, I've reapplied "Increase the dependabot open-pull-request-limit. (#657)", effectively reverting (#659). That was a prior attempt at fixing dependabot which didn't work.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Being limited to 5 at a time is having a productivity impact since we're behind on depndency upgrades. And I don't generally want dependabot PRs to be limited (so long as it's not an absurd number of them...).