Dependency updated between original PR and rebase has old commit message and PR title not updated

[pzygielo]

Package ecosystem
maven

Manifest location and content prior to update
https://github.com/pzrep/dependabot-commit-message/blob/master/pom.xml

dependabot.yml content
https://github.com/pzrep/dependabot-commit-message/blob/master/.github/dependabot.yml

Updated dependency
net.sf.saxon:Saxon-HE:10.6 -> 11.2

What you expected to see, versus what you actually saw

commit message

Expected:

Bump Saxon-HE from 10.6 to 11.2

Bumps Saxon-HE from 10.6 to 11.2.

Actual:

Bump Saxon-HE from 10.4 to 11.2

Bumps Saxon-HE from 10.4 to 11.2.

Images of the diff or a link to the PR, issue or logs
https://github.com/pzrep/dependabot-commit-message/pull/1/files

🕹 Bonus points: Smallest manifest that reproduces the issue
https://github.com/pzrep/dependabot-commit-message

This seems related - #4652 (comment)

update of the PR and we currently expect that we can re-use the message from the previous commit

This is wrong expectation if the dependency under the change was updated in the meantime.
PR title can be updated by repo maintainer, but not the commit message, which sometimes has content based on the version before update (not shown in linked reproducer).

---

updater | time="2022-03-09T19:53:30Z" level=info msg="starting job..." fetcher_timeout=5m0s job_id=312488144 updater_timeout=45m0s updater_version=0.177.0-cd0208c8a229688f3c852565153602a3d33adf04

[pzygielo]

Closing due to lack of response.

[deivid-rodriguez]

@pzygielo I'm so sorry we failed to provide some response to you on time. Is this the same as #4652? If so, we'll track resolution there, so feel free to subscribe! :)

[pzygielo]

Is this the same as #4652?

It's possible. I can't remember why I found this one worth submitting as new. Maybe because this is about rebase and that is about recreate? Not sure today.

If 4652 is solved I will be very happy to update my reproducer (if necessary) and test it.

Thanks for checking.

[deivid-rodriguez]

Awesome, thanks @pzygielo!

[pzygielo]

I observe (not sure - still or again) bad commit message and title not updated:

• chore(deps): bump selenium.version from 4.9.1 to 4.14.1 pzygielo/jasmine-maven-plugin#281
• pzygielo/jasmine-maven-plugin@c0e6c72 with rebase command.

The commit changes

but the commit message does not correspond to that

recreate does not work much better unfortunately.

[pzygielo]

This is still the case.

The original change:

diff --git a/pom.xml b/pom.xml
index ce7c88da..2f160508 100644
--- a/pom.xml
+++ b/pom.xml
@@ -245,7 +245,7 @@
             <dependency>
                 <groupId>org.htmlunit</groupId>
                 <artifactId>htmlunit</artifactId>
-                <version>3.0.0</version>
+                <version>3.11.0</version>
                 <scope>test</scope>
             </dependency>
             <dependency>

This update was accompanied by the parallel PR, also dependabot-generated, for security issue to update htmlunit from 3.0.0 to 3.0.9. The update to 3.0.9 was picked first and merged, which caused conflict and triggered auto-rebase of PR for upgrade to 3.11.0.

Final diff after auto-rebase:

diff --git a/pom.xml b/pom.xml
index b8909a91..2f160508 100644
--- a/pom.xml
+++ b/pom.xml
@@ -245,7 +245,7 @@
             <dependency>
                 <groupId>org.htmlunit</groupId>
                 <artifactId>htmlunit</artifactId>
-                <version>3.9.0</version>
+                <version>3.11.0</version>
                 <scope>test</scope>
             </dependency>
             <dependency>

Commit message (not updated):

Bump org.htmlunit:htmlunit from 3.0.0 to 3.11.0

Bumps [org.htmlunit:htmlunit](https://github.com/HtmlUnit/htmlunit) from 3.0.0 to 3.11.0.
- [Release notes](https://github.com/HtmlUnit/htmlunit/releases)
- [Commits](https://github.com/HtmlUnit/htmlunit/compare/3.0.0...3.11.0)

---
updated-dependencies:
- dependency-name: org.htmlunit:htmlunit
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

PR title not updated: Bump org.htmlunit:htmlunit from 3.0.0 to 3.11.0 (does not reflect the change)

PR description also not updated.

recreate command didn't help.

  proxy | 2024/03/18 12:01:48 proxy starting, commit: cf8623577dad71c128f219df2b27df6de35b909d
  proxy | 2024/03/18 12:01:48 Listening (:1080)
updater | 2024-03-18T12:01:50.331676765 [801645911:main:WARN:src/devices/src/legacy/serial.rs:222] Detached the serial input due to peer close/error.
updater | time="2024-03-18T12:01:57Z" level=info msg="guest starting" commit=6ee2dfdd9de690457a831bc6c065b2ec4acdd0b7
updater | time="2024-03-18T12:01:57Z" level=info msg="starting job..." fetcher_timeout=10m0s job_id=801645911 updater_timeout=45m0s updater_version=b05fe6a2dbfc438d451636d266c7f865e4cbad22-maven
updater | 2024/03/18 12:02:21 INFO <job_801645911> Starting job processing
...
updater | 2024/03/18 12:02:45 INFO <job_801645911> Latest version is 3.11.0
updater | 2024/03/18 12:02:45 INFO <job_801645911> Requirements to unlock own
updater | 2024/03/18 12:02:45 INFO <job_801645911> Requirements update strategy 
updater | 2024/03/18 12:02:45 INFO <job_801645911> Updating org.htmlunit:htmlunit from 3.9.0 to 3.11.0
updater | 2024/03/18 12:02:46 INFO <job_801645911> Submitting org.htmlunit:htmlunit pull request for update
updater | 2024/03/18 12:02:46 INFO <job_801645911> Finished job processing
updater | 2024/03/18 12:02:46 INFO Results:
updater | +----------------------------------------------------------+
updater | |           Changes to Dependabot Pull Requests            |
updater | +---------+------------------------------------------------+
updater | | updated | org.htmlunit:htmlunit ( from 3.9.0 to 3.11.0 ) |