commit-message always adding include

[tiagoporto]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

npm

Package manager version

10.9.2

Language version

22.11.0

Manifest location and content before the Dependabot update

No response

dependabot.yml content

version: 2
updates:
  # Fetch and update latest `npm|yarn|pnpm` packages
  - package-ecosystem: npm
    directory: /
    schedule:
      interval: monthly
      day: monday
      time: '01:00'
      # UTC -03:00
      timezone: America/Sao_Paulo
    labels:
      - dependencies
    open-pull-requests-limit: 1
    versioning-strategy: auto

  # Fetch and update latest `github-actions` pkgs
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: monthly
      day: monday
      time: '01:00'
      # UTC -03:00
      timezone: America/Sao_Paulo
    labels:
      - dependencies
    open-pull-requests-limit: 1

Updated dependency

No response

What you expected to see, versus what you actually saw

I had some tests with the following config.

commit-message:
   prefix: chore
   include: scope

The PR title generated was chore(deps-dev): bump gulp-sass from ... as expected.

Now I removed the commit-message setting from config.

The PR title still uses the old config

chore(deps-dev): bump ...

My repo: https://github.com/tiagoporto/svg-music-logos/pulls

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[tiagoporto]

@jakecoffman, some updates about this bug?
It is still happening.

[pzygielo]

Now I removed the commit-message setting from config.

The PR title still uses the old config

I'm only guessing. https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#commit-message--

Dependabot default behavior:

Commit messages follow similar patterns to those detected in the repository.

It might be detected from the latest commits.

[tiagoporto]

@pzygielo, do you know if it's the latest commits from Dependabot? Because the latest commits in the repo follow a different pattern.

[pzygielo]

I'm only guessing
do you know

Unfortunately I do not (for sure I don't know what really happens in the code here). I've seen this once in the filed and was surprised with the change in PR title format, but didn't investigate then (only to the default behavior point), as it was not crucial for me/project.

If I recall correctly - in my case it was discovered from non-dependabot commits (and d-bot was never commit-message configured there). It was however many moons ago.

[tiagoporto]

Just in case anyone faces the same problem.

@pzygielo with your clue on the issue, I tried to rewrite the last dependabot commits to follow the current pattern. It appears that the issue has been fixed.