You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What you expected to see, versus what you actually saw
We're seeing inconsistent behavior when Dependabot closes old PR's as superseded. Dependabot is only marking old PRs as superseded if there is a small gap of time between an old PR and its superseding PR.
If a PR is opened and the older one has been open for around 30 days or more give or take, the older one is not closed as being superseded and remains open. This is happening both with NPM and Ruby dependencies.
Is it possible that there is no superseded check on PR's that have been open for a long period of time?
Below is an example of a dependency experiencing this.
PR Title
Created at
Closed At
Bump @sentry/vite-plugin from 2.16.1 to 2.20.1
2024-07-01T05:06:28Z
2024-07-15T05:07:13Z
Bump @sentry/vite-plugin from 2.16.1 to 2.21.1
2024-07-15T05:07:10Z
2024-08-12T04:20:05Z
Bump @sentry/vite-plugin from 2.16.1 to 2.22.0
2024-08-12T04:20:01Z
2024-08-19T04:53:41Z
Bump @sentry/vite-plugin from 2.16.1 to 2.22.2
2024-08-19T04:53:39Z
2024-09-02T04:52:07Z
Bump @sentry/vite-plugin from 2.16.1 to 2.22.3
2024-09-02T04:52:04Z
2024-09-09T04:52:22Z
Bump @sentry/vite-plugin from 2.16.1 to 2.22.4
2024-09-09T04:52:18Z
Bump @sentry/vite-plugin from 2.16.1 to 2.22.5
2024-10-07T04:33:41Z
2024-10-21T04:52:41Z.
Bump @sentry/vite-plugin from 2.16.1 to 2.22.6
2024-10-21T04:52:37Z
Bump @sentry/vite-plugin from 2.16.1 to 2.22.7
2024-12-09T05:28:11Z
Bump @sentry/vite-plugin from 2.16.1 to 2.23.0
2025-01-10T20:14:26Z
2025-01-20T05:36:48Z
Bump @sentry/vite-plugin from 2.16.1 to 3.0.0
2025-01-20T05:36:44Z
2025-01-27T05:46:54Z
Bump @sentry/vite-plugin from 2.16.1 to 3.1.0
2025-01-27T05:46:50Z
2025-01-30T16:44:21Z
Bump @sentry/vite-plugin from 2.16.1 to 3.1.1
2025-01-30T16:44:16Z
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Package ecosystem
bundler and npm
Package manager version
N/A
Language version
Ruby 3.1.5
Manifest location and content before the Dependabot update
apps/nds/package.json
apps/rainbow-backend/Gemfile
dependabot.yml content
directory: "/apps/nds/"
schedule:
interval: weekly
time: "00:00"
timezone: America/New_York
open-pull-requests-limit: 99
labels:
allow:
directory: "/apps/rainbow-backend/"
schedule:
interval: weekly
time: "00:00"
timezone: America/New_York
open-pull-requests-limit: 99
labels:
allow:
directory: "/"
schedule:
interval: weekly
time: "00:00"
timezone: America/New_York
open-pull-requests-limit: 99
labels:
allow:
Updated dependency
@sentry/vite-plugin
tinymce-rails
and others
What you expected to see, versus what you actually saw
We're seeing inconsistent behavior when Dependabot closes old PR's as superseded. Dependabot is only marking old PRs as superseded if there is a small gap of time between an old PR and its superseding PR.
If a PR is opened and the older one has been open for around 30 days or more give or take, the older one is not closed as being superseded and remains open. This is happening both with NPM and Ruby dependencies.
Is it possible that there is no superseded check on PR's that have been open for a long period of time?
Below is an example of a dependency experiencing this.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: