Dependabot not creating updates? (Which?)

[vorburger]

@jingtang10 asked why, after #2598 was merged (when EXACTLY?) Dependabot does not generate PRs to upgrade some of the libraries that PR moved to the version catalog; let's look into and track that in this issue.

https://github.com/google/android-fhir/blob/master/.github/dependabot.yaml is currently configured to propose updates only once a week, on Mondays. Perhaps it just needs more time?

But e.g. on https://github.com/google/android-fhir/security/dependabot/70 it says: "Dependabot has taken too long to create an update. Dependabot may be experiencing problems creating updates for this project. If this problem persists, please contact support." and links to https://docs.github.com/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors

I'll click "Try again" on that UI to see if that helps...

[vorburger]

I'll click "Try again" on that UI to see if that helps...

Doing this causes that UI to point me to #2602, which was closed without being merged (why?).

[vorburger]

@jingtang10 which specific dependency from #2598 were you hoping to receive an automated Dependabot bump/upgrade PR for? Perhaps it's easier to debug this chasing a specific example.

[vorburger]

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#investigating-errors-with-dependabot-version-updates points to looking at https://github.com/google/android-fhir/network/updates. I'm not seeing anything fundamentally broken there.

[jingtang10]

@jingtang10 which specific dependency from #2598 were you hoping to receive an automated Dependabot bump/upgrade PR for? Perhaps it's easier to debug this chasing a specific example.

android studio is giving a lot of suggestions in the version catalog that many libraries now have later versions but i'm not seeing dependabot creating prs.

[jingtang10]

[vorburger]

Interesting. I'd say let's wait until coming Monday (given our Dependabot schedule; see above), as the first step.

If no new updates for this library by Tuesday, let's dig deeper, and possibly reach out to GitHub support.

[vorburger]

@jingtang10 Dependabot did open e.g. #2622 and #2619 yesterday... do you want to close this issue, based on seeing that?

Or were you expecting more PRs for more dependencies? Then it's possible I can help to tweak the config to lower the "throttling" which I'm assuming it currently does... I can make it raise PRs for ALL possible updates EVERY day. But that COULD "overwhelm" the reviewers team? Your call, let me know.

[vorburger]

@jingtang10 also I just noticed #2620 and #2621 and #2623 were raised by Dependabot yesterday, and merged.

[jingtang10]

Thanks Michael