-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrongly reported dependency changes in GitHub app #120
Comments
From my perspective this issues is ruining your reputation as a reliable source of information. |
Today I received a report/comment that claims an updated version of a dependency is new: Maybe it's a different issue or just unfortunate wording, but the dependency was upgrades as you can see from the diff. |
Is there any chance that you are looking into this? This is especially annoying since it renders the "new capabilities" and change in number of transient deps feature useless: if an updated version counts as removed and new version, all capabilities and transient deps of the new version always count as new. |
I have now seen the same thing happening for a python package upgrade. So maybe this is the wrong repo for the report? |
Hi Christian, I'm an engineer at Socket and I'd be happy to look into this. Can you let me know more details about where you're seeing this? Feel free to email me at ***@***.*** if the details are private.On Mar 30, 2024, at 11:08 PM, Christian Bewernitz ***@***.***> wrote:
I have now seen the same thing happening for a python package upgrade. So maybe this is the wrong repo for the report?
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
@reberhardt7 here is the most recent example from the public xmldom repository: What other details do you need? |
Hey there, I hope this issue is in the correct place. Happy to report it in a different place, let me know where.
I have recently found more and more comments by the GitHub App that claim a dependency has been removed in a pure dependency upgrade PR.
There are plenty of examples in the xmldom repo
but the most recent on is here:
xmldom/xmldom#521 (comment)
All of these are really bumping a dependency version, not dropping it.
I'm currently assuming this also relates to issues where already approved issues have to be approved again, but I don't have an example I can share of that right now. (And maybe this is a separate issue? But I think it makes sense to first solve this one.)
The text was updated successfully, but these errors were encountered: