Dependabot-core: Bug?: Automated security fixed do not get created if one fails

Created on 13 Jul 2019  路  3Comments  路  Source: dependabot/dependabot-core

Hello,
I'm using dependabot directly from github and not dependabot-preview.

This is probably more to do with github itself rather than dependabot, but it's related so I'm reporting here.

I have a project which got a few security alerts from github.
I've enabled automated security fixes in the security tab.

It seems that dependabot does not generate the security fixes.
Thus, I've tried generating them manually myself by going through the security alerts and pressing "Create automated security fix".

The very first security alert couldn't generate an automated security fix, but other alerts were able to.

So I though that maybe dependabot does not generate security fixes for other alerts if any of them happen to fail? Could that be the case?

picture kiprasmel

All 3 comments

Thanks for reporting this!

Currently, Dependabot won't automatically go through existing security alerts when it is first turned on - it will only create PRs automatically for new ones. That's an implementation bug, and one that we're fixing (cc @brrygrdn). I'm pretty sure that's what has caused what you're seeing.

Does the above make sense? I'll close if so. :octocat:

greysteil picture greysteil on 15 Jul 2019
👀1 👍1

Cheers @greysteil!

Yes, that's probably the case - I'm pretty sure that the alerts came before I've enabled automated security PRs through dependabot, so that would explain things.

You can close now, thank you for the info & good luck on fixing it:)

kiprasmel picture kiprasmel on 16 Jul 2019

Awesome, thanks!

greysteil picture greysteil on 16 Jul 2019
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Spomky picture Spomky  路  4Comments
qnighy picture qnighy  路  4Comments
rafaelrocha-hotmart picture rafaelrocha-hotmart  路  4Comments
greysteil picture greysteil  路  4Comments
exequiel09 picture exequiel09  路  4Comments