update_not_possible error when updating all nuget packages

[dhavv]

Describe the bug
I'm getting these update_not_possible on some of my repos. I am not sure what's triggering it but it seems like similar to this #1380
I added nuget_native_analysis=true,nuget_dependency_solver=true in the experiments and it doesn't seem to fix the issue

Categorization

• This is not a permissions issue (Seek help at 403 error when Dependabot tries to create a pull request #1245)

Repository
URL: e.g. https://dev.azure.com/tingle/dependabot/_git/repro-684

To Reproduce
Steps to reproduce the behavior:

1. Trigger the pipeline
2. PR cannot be created because of update_not_possible

Expected behavior
PR should be created, no error

Logs and screenshots

Starting: dependabot
==============================================================================
Task         : Dependabot
Description  : Automatically update dependencies and vulnerabilities in your code using [Dependabot CLI](https://github.com/dependabot/cli)
Version      : 2.36.1003
Author       : Tingle Software
Help         : https://github.com/tinglesoftware/dependabot-azure-devops/issues
==============================================================================
Dependabot CLI install was not found, installing now with `go install dependabot`...
/usr/bin/go install github.com/dependabot/cli/cmd/dependabot@latest
go: downloading github.com/dependabot/cli v1.55.0
go: downloading github.com/MakeNowJust/heredoc v1.0.0
go: downloading github.com/spf13/cobra v1.8.1
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/docker/cli v26.1.4+incompatible
go: downloading github.com/docker/docker v26.1.4+incompatible
go: downloading github.com/goware/prefixer v0.0.0-20160118172347-395022866408
go: downloading github.com/hexops/gotextdiff v1.0.3
go: downloading github.com/moby/moby v26.1.4+incompatible
go: downloading github.com/moby/sys/signal v0.7.0

  proxy | 2024/10/21 16:22:05 [281] POST http://host.docker.internal:45911/update_jobs/update_0_nuget_all/record_update_job_error
{"data":{"error-type":"update_not_possible","error-details":{"dependencies":["Microsoft.Extensions.Logging"]}},"type":"record_update_job_error"}
  proxy | 2024/10/21 16:22:05 [281] 200 http://host.docker.internal:45911/update_jobs/update_0_nuget_all/record_update_job_error
updater | 2024/10/21 16:22:05 INFO <job_update_0_nuget_all> Handled error whilst updating Microsoft.Extensions.Logging: update_not_possible {:dependencies=>["Microsoft.Extensions.Logging"]}
updater | 2024/10/21 16:22:05 INFO <job_update_0_nuget_all> Checking if Microsoft.Extensions.Logging.Abstractions 8.0.1 needs updating

  proxy | 2024/10/21 16:27:18 [840] PATCH http://host.docker.internal:45911/update_jobs/update_0_nuget_all/mark_as_processed
{"data":{"base-commit-sha":"2dcb220b4a041159c1dc9ef9b4fe8558e3023173"},"type":"mark_as_processed"}
  proxy | 2024/10/21 16:27:18 [840] 200 http://host.docker.internal:45911/update_jobs/update_0_nuget_all/mark_as_processed
updater | 2024/10/21 16:27:18 INFO <job_update_0_nuget_all> Finished job processing
updater | 2024/10/21 16:27:18 INFO Results:
updater | +------------------------------------------------------------------------------------------------------------------------------------+
updater | |                                                Changes to Dependabot Pull Requests                                                 |
updater | +---------+--------------------------------------------------------------------------------------------------------------------------+
updater | | created | Microsoft.Extensions.DependencyInjection ( from 8.0.0 to 8.0.1 ), Microsoft.Extensions.DependencyInjection ( from 8.0... |
updater | +---------+--------------------------------------------------------------------------------------------------------------------------+
updater | Dependabot encountered '2' error(s) during execution, please check the logs for more details.
updater | +-----------------------------------------------------------------+
updater | |                  Dependencies failed to update                  |
updater | +-------------------------------------------+---------------------+
updater | | Microsoft.Extensions.Logging              | update_not_possible |
updater | | Microsoft.Extensions.Logging.Abstractions | update_not_possible |
updater | +-------------------------------------------+---------------------+
  proxy | 2024/10/21 16:27:20 159/921 calls cached (17%)
  proxy | 2024/10/21 16:27:20 Skipping sending metrics because api endpoint is empty
    cli | 2024/10/21 16:27:21 updater failure: updater exited with code 1

##[error]Dependabot failed with exit code 1
##[error]1 update tasks(s) failed, check logs for more information
Finishing: dependabot

Dependabot.yml

trigger:
- main

schedules:
- cron: '0 3 * * 1'
  displayName: 'Monday weekly dependabot'
  branches:
    include:
      - main

pool:
  vmImage: ubuntu-latest

steps:
- task: NuGetAuthenticate@1
  displayName: 'NuGet Private Feed Authentication'

- task: dependabot@2
  inputs:
    abandonUnwantedPullRequests: true
    commentPullRequests: true
    setAutoComplete: true
    mergeStrategy: 'squash'
    gitHubConnection: 'Github Public Repo PAT'
    experiments: 'nuget_native_analysis=true,nuget_dependency_solver=true'

csproj

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFrameworks>net8.0</TargetFrameworks>
    <Nullable>enable</Nullable>
    <OutputType>Exe</OutputType>
  </PropertyGroup>

    <PropertyGroup>
        <TreatWarningsAsErrors>True</TreatWarningsAsErrors>
    </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Dapper" Version="2.1.44" />
    <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
    <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
    <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
    <PackageReference Include="Microsoft.SqlServer.DacFx" Version="162.3.566" />
    <PackageReference Include="System.IO.Compression" Version="4.3.0" />
    <PackageReference Include="System.Text.Json" Version="8.0.4" />
  </ItemGroup>

</Project>

[dhavv]

2024-10-21T16:22:31.9139322Z updater | Updating project [/home/dependabot/dependabot-updater/repo/Project/src/Project.DatabaseUpgrade/Project.DatabaseUpgrade.csproj]
2024-10-21T16:22:31.9140576Z updater |   Running 'PackageReference' project direct XML update
2024-10-21T16:22:31.9141924Z updater |     Package [Microsoft.Extensions.Logging.Abstractions] already meets the requested dependency version in [/home/dependabot/dependabot-updater/repo/Project/src/Project.DatabaseUpgrade/Project.DatabaseUpgrade.csproj].
2024-10-21T16:22:31.9142647Z updater | Update complete.
2024-10-21T16:22:31.9143460Z updater |   Writing update result to [/tmp/update-result.json].
2024-10-21T16:22:31.9148937Z updater | 2024/10/21 16:22:31 INFO <job_update_0_nuget_all> update result: {
2024-10-21T16:22:31.9149556Z updater |   "ErrorType": null,
2024-10-21T16:22:31.9150276Z updater |   "ErrorDetails": null
2024-10-21T16:22:31.9150724Z updater | }
2024-10-21T16:22:31.9180610Z updater | Adding BOM to [src/Project.DatabaseUpgrade/Project.DatabaseUpgrade.csproj].
2024-10-21T16:22:31.9261978Z   proxy | 2024/10/21 16:22:31 [320] POST http://host.docker.internal:45911/update_jobs/update_0_nuget_all/record_update_job_error
2024-10-21T16:22:31.9263902Z {"data":{"error-type":"update_not_possible","error-details":{"dependencies":["Microsoft.Extensions.Logging.Abstractions"]}},"type":"record_update_job_error"}
2024-10-21T16:22:31.9265684Z   proxy | 2024/10/21 16:22:31 [320] 200 http://host.docker.internal:45911/update_jobs/update_0_nuget_all/record_update_job_error
2024-10-21T16:22:31.9274971Z updater | 2024/10/21 16:22:31 INFO <job_update_0_nuget_all> Handled error whilst updating Microsoft.Extensions.Logging.Abstractions: update_not_possible {:dependencies=>["Microsoft.Extensions.Logging.Abstractions"]}

apologies, seems like the issue was somewhere along in already meets the requested dependency version

I'm thinking the issue it's because of Microsoft.Extensions.Hosting is updated to 8.0.1 by dependabot in the logs and since Microsoft.Extensions.Logging is a dependency of Microsoft.Extensions.Hosting it fails to update since it's already updated.
same as how Microsoft.Extensions.Logging.Abstractions is a dependency Microsoft.Extensions.Logging

Attached some logs as well
Dependabotlog.txt

[rhyskoedijk]

@dhavv thanks, I've managed to reproduce the issue; the minimal reproduction repo is:

version: 2
updates:
  - package-ecosystem: 'nuget'
    directory: '/'
    groups:
       all:
         patterns:
         - "*"

<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFrameworks>net8.0</TargetFrameworks>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
    <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.1" />
  </ItemGroup>
</Project>

Your comment about Microsoft.Extensions.Logging.Abstractions being updated earlier in the process sounds likely. It seems to only be an issue if the update is grouped as if I remove your "all" group rule, the update succeeds.

In either case, unfortunately, this issue isn't something that can be fixed in the scope of this project; I'd suggest either:

• Remove your "all" group rule until this problem is fixed in dependabot-core;
• Log a new issue in dependabot-core with the minimal repo above; Dependabot Update Error dependabot/dependabot-core#10744 (comment) was the closest per-existing issue I could find, which is not exactly the same issue, but close.

EDIT: I have logged an issue about this in dependabot-core; dependabot/dependabot-core#10834