Skip to content

bun dependabot updates are missing description #12832

New issue
New issue
Closed
Closed
bun dependabot updates are missing description#12832
Labels
L: dart:pubDart packages via pubL: javascriptL: ruby:bundlerRubyGems via bundlerT: bug 🐞Something isn't working
@fcheung

Description

@fcheung
fcheung
opened on Aug 13, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

bun

Package manager version

1.2.19

Language version

No response

Manifest location and content before the Dependabot update

See https://github.com/fcheung/dependabot-bun-test

dependabot.yml content

version: 2
updates:
  - package-ecosystem: 'bun'
    directory: '/'
    schedule:
      interval: 'weekly'

Updated dependency

No response

What you expected to see, versus what you actually saw

I'm seeing PRs created but they have no useful description. When using yarn, bundler etc. instead i get inforamtion with links to changelogs, commits etc. in the body of the PR

Image

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

I get the following in the dependabot logs:

updater | 2025/08/13 09:04:32 INFO <job_1074672738> Command executed successfully: bun install --save-text-lockfile
updater | 2025/08/13 09:04:32 INFO <job_1074672738> Started process PID: 1556 with command: {} git status --untracked-files all --porcelain v1 . {}
updater | 2025/08/13 09:04:32 INFO <job_1074672738> Process PID: 1556 completed with status: pid 1556 exit 0
updater | 2025/08/13 09:04:32 INFO <job_1074672738> Total execution time: 0.0 seconds
updater | 2025/08/13 09:04:32 INFO <job_1074672738> Submitting apexcharts pull request for creation
  proxy | 2025/08/13 09:04:32 [069] GET [https://api.github.com:443/repos/fcheung/dependabot-bun-test/commits?per_page=100](https://api.github.com/repos/fcheung/dependabot-bun-test/commits?per_page=100)
2025/08/13 09:04:32 [069] * authenticating github api request with token for api.github.com
  proxy | 2025/08/13 09:04:32 [069] 200 [https://api.github.com:443/repos/fcheung/dependabot-bun-test/commits?per_page=100](https://api.github.com/repos/fcheung/dependabot-bun-test/commits?per_page=100)
  proxy | 2025/08/13 09:04:33 [071] GET https://registry.npmjs.org/apexcharts/latest
  proxy | 2025/08/13 09:04:33 [071] 200 https://registry.npmjs.org/apexcharts/latest
  proxy | 2025/08/13 09:04:33 [073] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/releases?per_page=100](https://api.github.com/repos/apexcharts/apexcharts.js/releases?per_page=100)
2025/08/13 09:04:33 [073] * authenticating github api request with token for api.github.com
  proxy | 2025/08/13 09:04:33 [073] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/releases?per_page=100](https://api.github.com/repos/apexcharts/apexcharts.js/releases?per_page=100)
  proxy | 2025/08/13 09:04:33 [075] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/contents/](https://api.github.com/repos/apexcharts/apexcharts.js/contents/)
2025/08/13 09:04:33 [075] * authenticating github api request with token for api.github.com
  proxy | 2025/08/13 09:04:33 [075] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/contents/](https://api.github.com/repos/apexcharts/apexcharts.js/contents/)
  proxy | 2025/08/13 09:04:33 [077] GET https://github.com/apexcharts/apexcharts.js.git/info/refs?service=git-upload-pack
2025/08/13 09:04:33 [077] * authenticating git server request (host: github.com)
  proxy | 2025/08/13 09:04:33 [077] 200 https://github.com/apexcharts/apexcharts.js.git/info/refs?service=git-upload-pack
  proxy | 2025/08/13 09:04:34 [079] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/contents/?ref=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/contents/?ref=v5.3.3)
2025/08/13 09:04:34 [079] * authenticating github api request with token for api.github.com
  proxy | 2025/08/13 09:04:34 [079] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/contents/?ref=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/contents/?ref=v5.3.3)
  proxy | 2025/08/13 09:04:34 [081] GET https://github.com/apexcharts/apexcharts.js.git/info/refs?service=git-upload-pack
2025/08/13 09:04:34 [081] 200 https://github.com/apexcharts/apexcharts.js.git/info/refs?service=git-upload-pack
  proxy | 2025/08/13 09:04:34 [083] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0)
2025/08/13 09:04:34 [083] * authenticating github api request with token for api.github.com
  proxy | 2025/08/13 09:04:34 [083] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0)
  proxy | 2025/08/13 09:04:34 [085] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3)
2025/08/13 09:04:34 [085] * authenticating github api request with token for api.github.com
  proxy | 2025/08/13 09:04:34 [085] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3)
  proxy | 2025/08/13 09:04:34 [087] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0)
2025/08/13 09:04:34 [087] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0)
  proxy | 2025/08/13 09:04:34 [089] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3)
2025/08/13 09:04:34 [089] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3)
  proxy | 2025/08/13 09:04:34 [091] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0)
2025/08/13 09:04:34 [091] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v4.7.0)
  proxy | 2025/08/13 09:04:34 [093] GET [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3)
2025/08/13 09:04:34 [093] 200 [https://api.github.com:443/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3](https://api.github.com/repos/apexcharts/apexcharts.js/commits?sha=v5.3.3)
  proxy | 2025/08/13 09:04:35 [095] GET https://registry.npmjs.org/apexcharts
2025/08/13 09:04:35 [095] 200 https://registry.npmjs.org/apexcharts
updater | 2025/08/13 09:04:35 ERROR <job_1074672738> Error while generating PR message: no implicit conversion of String into Integer
updater | 2025/08/13 09:04:35 ERROR <job_1074672738> /home/dependabot/bun/lib/dependabot/bun/metadata_finder.rb:58:in 'block in Dependabot::Bun::MetadataFinder#npm_releaser'
/home/dependabot/bun/lib/dependabot/bun/metadata_finder.rb:58:in 'Array#each'
/home/dependabot/bun/lib/dependabot/bun/metadata_finder.rb:58:in 'Enumerable#find'
/home/dependabot/bun/lib/dependabot/bun/metadata_finder.rb:58:in 'Dependabot::Bun::MetadataFinder#npm_releaser'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Bun::MetadataFinder#_on_method_added'
/home/dependabot/bun/lib/dependabot/bun/metadata_finder.rb:31:in 'Dependabot::Bun::MetadataFinder#maintainer_changes'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Bun::MetadataFinder#_on_method_added'
/usr/local/lib/ruby/3.4.0/forwardable.rb:240:in 'Dependabot::PullRequestCreator::MessageBuilder::MetadataPresenter#maintainer_changes'
/home/dependabot/common/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb:171:in 'Dependabot::PullRequestCreator::MessageBuilder::MetadataPresenter#maintainer_changes_cascade'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::PullRequestCreator::MessageBuilder::MetadataPresenter#_on_method_added'
/home/dependabot/common/lib/dependabot/pull_request_creator/message_builder/metadata_presenter.rb:68:in 'Dependabot::PullRequestCreator::MessageBuilder::MetadataPresenter#to_s'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::PullRequestCreator::MessageBuilder::MetadataPresenter#_on_method_added'
/home/dependabot/common/lib/dependabot/pull_request_creator/message_builder.rb:744:in 'Dependabot::PullRequestCreator::MessageBuilder#metadata_cascades_for_dep'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::PullRequestCreator::MessageBuilder#_on_method_added'
/home/dependabot/common/lib/dependabot/pull_request_creator/message_builder.rb:713:in 'Dependabot::PullRequestCreator::MessageBuilder#metadata_cascades'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::PullRequestCreator::MessageBuilder#_on_method_added'
/home/dependabot/common/lib/dependabot/pull_request_creator/message_builder.rb:132:in 'Dependabot::PullRequestCreator::MessageBuilder#pr_message'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::PullRequestCreator::MessageBuilder#_on_method_added'
/home/dependabot/common/lib/dependabot/pull_request_creator/message_builder.rb:194:in 'Dependabot::PullRequestCreator::MessageBuilder#message'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::PullRequestCreator::MessageBuilder#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/dependency_change.rb:100:in 'Dependabot::DependencyChange#pr_message'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::DependencyChange#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/api_client.rb:498:in 'Dependabot::ApiClient#create_pull_request_data'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::ApiClient#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/api_client.rb:44:in 'block in Dependabot::ApiClient#create_pull_request'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace/tracer.rb:37:in 'block in OpenTelemetry::Trace::Tracer#in_span'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace.rb:70:in 'block in OpenTelemetry::Trace#with_span'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/context.rb:88:in 'OpenTelemetry::Context.with_value'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace.rb:70:in 'OpenTelemetry::Trace#with_span'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace/tracer.rb:37:in 'OpenTelemetry::Trace::Tracer#in_span'
/home/dependabot/dependabot-updater/lib/dependabot/api_client.rb:38:in 'Dependabot::ApiClient#create_pull_request'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::ApiClient#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/service.rb:59:in 'Dependabot::Service#create_pull_request'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Service#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:328:in 'Dependabot::Updater::Operations::UpdateAllVersions#create_pull_request'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Updater::Operations::UpdateAllVersions#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:188:in 'Dependabot::Updater::Operations::UpdateAllVersions#check_and_create_pull_request'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Updater::Operations::UpdateAllVersions#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:94:in 'Dependabot::Updater::Operations::UpdateAllVersions#check_and_create_pr_with_error_handling'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Updater::Operations::UpdateAllVersions#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in 'block in Dependabot::Updater::Operations::UpdateAllVersions#perform'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in 'Array#each'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:59:in 'Dependabot::Updater::Operations::UpdateAllVersions#perform'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Updater::Operations::UpdateAllVersions#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:138:in 'block in Dependabot::Updater::Operations::GroupUpdateAllVersions#run_ungrouped_dependency_updates'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:123:in 'Array#each'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:123:in 'Dependabot::Updater::Operations::GroupUpdateAllVersions#run_ungrouped_dependency_updates'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Updater::Operations::GroupUpdateAllVersions#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater/operations/group_update_all_versions.rb:66:in 'Dependabot::Updater::Operations::GroupUpdateAllVersions#perform'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'UnboundMethod#bind_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/call_validation.rb:282:in 'T::Private::Methods::CallValidation.validate_call'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/sorbet-runtime-0.5.11952/lib/types/private/methods/_methods.rb:277:in 'block in Dependabot::Updater::Operations::GroupUpdateAllVersions#_on_method_added'
/home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in 'Dependabot::Updater#run'
/home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:54:in 'block in Dependabot::UpdateFilesCommand#perform_job'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace/tracer.rb:37:in 'block in OpenTelemetry::Trace::Tracer#in_span'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace.rb:70:in 'block in OpenTelemetry::Trace#with_span'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/context.rb:88:in 'OpenTelemetry::Context.with_value'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace.rb:70:in 'OpenTelemetry::Trace#with_span'
/home/dependabot/dependabot-updater/vendor/ruby/3.4.0/gems/opentelemetry-api-1.5.0/lib/opentelemetry/trace/tracer.rb:37:in 'OpenTelemetry::Trace::Tracer#in_span'
/home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:21:in 'Dependabot::UpdateFilesCommand#perform_job'
/home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in 'Dependabot::BaseCommand#run'
bin/update_files.rb:44:in '<main>'

So clearly dependabot is gathering the data on commits etc. for a nice PR description, but falls over trying to find the npm_releaser, suggesting that at

dependabot-core/bun/lib/dependabot/bun/metadata_finder.rb

Line 58 in 40978c0

.find { |v| v["version"] == dependency.version }
v is an array instead of the expected hash.

I think this does make sense - npm_listing['versions'] is a hash of version -> data, so the transforms at

dependabot-core/bun/lib/dependabot/bun/metadata_finder.rb

Line 186 in 40978c0

.sort_by { |version, _| Bun::Version.new(version) }
turn it into an array of the form

[
  ['5.0', data_about_version50],
  ['4.0', data_about_version40]
]

ie the yielded object where the crash happens is ['5.0', data_about_version50]

The equivalent code for npm (

dependabot-core/npm_and_yarn/lib/dependabot/npm_and_yarn/metadata_finder.rb

Line 58 in 40978c0

.find { |v, _| v == dependency.version }
)
handles this differently

Smallest manifest that reproduces the issue

The following repo exhibits the problem: https://github.com/fcheung/dependabot-bun-test

Metadata

Metadata

Assignees

No one assigned

    Labels

    L: dart:pubDart packages via pubL: javascriptL: ruby:bundlerRubyGems via bundlerT: bug 🐞Something isn't working

    Type

    No type

    Projects

    Dependabot

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions