You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
chore: wip
chore: wip
chore: wip
chore: wip
chore: wip
chore: wip
chore: wip
🐛 CRITICAL FIX: Fix composer update detection
- Fixed bug where composer show versions array was incorrectly parsed as object keys
- Now properly detects all available composer package versions
- Enhanced detection finds best patch, minor, and major updates per package
- Fixes issue where 0 composer updates were found despite packages being available
- Clean up debug logging
chore: wip
Add composer dependencies for testing composer update detection
chore: wip
Clean up debug logging after successful fixes
MAJOR ENHANCEMENT: Add support for detecting minor/patch composer updates in addition to major updates
- Enhanced composer outdated detection to find best patch, minor, and major updates per package
- Uses 'composer show --available' to get all versions instead of just latest
- Now composer packages will appear in non-major PRs when safe updates are available
- Fixes the issue where only major updates were detected, missing safer bug fixes
CRITICAL FIX: Reset to clean main state before generating file updates to prevent cross-contamination between PRs
Add extensive debug logging to trace composer update issue
Fix variable name mismatch: duration -> scanDuration
Fix generateAllFileUpdates to prevent cross-contamination between update groups and add debug logging for grouping
Add debug logging for update grouping
chore: wip
chore: wip
chore: wip
fix: remove overly restrictive Composer constraint filtering
The previous approach was filtering out ALL updates that didn't match version
constraints, including major updates that users want to see as individual PRs.
Now including all available Composer updates and letting the grouping logic
handle separation of major vs non-major updates naturally:
- Major updates → Individual PRs (even if beyond constraints)
- Minor/patch updates → Grouped PR (naturally respect constraints)
This matches user expectations and fixes the issue where 0 Composer packages
were being found due to overly strict constraint filtering.
fix: remove debug test files
Cleaning up test files that were created during debugging. The core constraint logic fix has been applied to the registry client.
fix: improve tilde constraint handling in Composer
Fixed the tilde constraint logic to properly handle different constraint levels:
- ~1.2.3 allows only patch updates within 1.2.x
- ~1.2 allows minor/patch updates within 1.x.x
- ~1 allows minor/patch updates within 1.x.x
This matches the test logic and ensures correct constraint-based filtering.
debug: add comprehensive logging to Composer scanning
Added detailed debug logging to understand why 0 Composer updates are found:
- Log composer outdated command execution
- Log raw output from composer outdated
- Log parsed JSON data structure
- Log composer.json file path and existence
- Log packages found in composer.json require/require-dev
This will help identify if the issue is:
1. composer outdated returning no packages
2. composer.json not being found/read
3. packages not matching between outdated and composer.json
debug: add logging to Composer constraint filtering
Added debug logs to understand why constraint filtering is excluding all updates:
- Log number of outdated packages found
- Log each package being processed with versions
- Log constraints found in composer.json
- Log why packages are being skipped or accepted
This will help identify the issue with overly restrictive filtering.
chore: wip
fix: implement proper version constraint filtering for Composer updates
Replaced invalid --strict flag with proper constraint-aware filtering:
- Parse version constraints from composer.json (^, ~, etc.)
- Filter composer outdated results to respect constraint boundaries
- For ^ constraints: only allow minor/patch updates within same major
- For ~ constraints: respect tilde semantics (~1.2 vs ~1)
- Skip packages not found in composer.json
This ensures Composer updates respect version constraints like Renovate does:
- laravel/framework ^10.0 → shows 10.48.29 (not v12.x)
- symfony/console ^6.0 → shows 6.4.23 (not v7.x)
Fixes composer command failing with code 1 due to invalid --strict flag.
fix: use composer outdated --strict to respect version constraints
Changed from 'composer outdated' to 'composer outdated --strict' which:
- Respects version constraints in composer.json (e.g., ^10.0, ^6.0)
- Shows minor/patch updates within allowed ranges instead of major updates
- Matches Renovate behavior for constraint-aware updates
This should fix the issue where:
- laravel/framework shows 10.48.29 (minor) instead of v12.21.0 (major)
- symfony/console shows 6.4.23 (minor) instead of v7.3.1 (major)
- All Composer packages now properly appear in non-major grouped PRs
fix: ensure clean working directory between individual major update PRs
Added git reset --hard and git clean -fd to ensure each PR branch starts from
a completely clean state. This prevents individual major update PRs from
inheriting file changes from previous PRs in the same workflow run.
Also added comprehensive tests for Composer updates in non-major grouped PRs.
This resolves the issue where:
- Individual major PRs were applying all major updates instead of just the target package
- Ensures proper isolation between PR creations
chore: wip
debug: show ALL package versions in composer.json during PR creation
This will help identify if the composer.json file being read already contains
updates from other PRs, which would explain why individual major update PRs
are applying all changes instead of just the target package.
debug: add detailed logging to generateComposerUpdates to trace file reading
This will help identify what composer.json content is being read and which
packages are being updated for individual major update PRs. The debug output
will show current versions and target updates for each file.
chore: wip
debug: add logging to trace what updates are passed to each PR group
This will help identify why individual major update PRs are applying all Composer
updates instead of just the target package. The logs will show exactly what
updates each group contains when creating PRs.
chore: wip
fix: treat GitHub Actions updates same as regular dependencies + handle workflow permissions
Major changes:
- Reverted GitHub Actions artificial separation - they now follow same rules as regular deps
- Major GitHub Actions updates get individual PRs: 'chore(deps): update dependency X to Y'
- Non-major GitHub Actions updates grouped with other non-major: 'chore(deps): update all non-major dependencies'
Workflow permission handling:
- Added filtering logic to exclude workflow files when GitHub App lacks 'workflows' permission
- Gracefully handles mixed updates by committing non-workflow files and warning about workflow files
- Prevents complete PR failure when only some files have permission issues
This resolves the 403 Forbidden error while maintaining proper dependency grouping.
fix: separate GitHub Actions updates to avoid workflow permission issues
- GitHub Actions updates now get their own PR: 'chore(ci): update GitHub Actions dependencies'
- Regular non-major updates stay grouped: 'chore(deps): update all non-major dependencies'
- This prevents GitHub App workflow permission errors when updating .github/workflows/ files
- Filters based on file path (.github/workflows/) and action names (actions/, oven-sh/, shivammathur/)
This should resolve the '403 Forbidden' error for non-major updates containing workflow files.
chore: wip
chore: wip
chore: wip
fix: create individual PRs for each major update instead of grouping them
- Major updates now get individual PRs: 'chore(deps): update dependency X to Y'
- Non-major updates stay grouped: 'chore(deps): update all non-major dependencies'
- Improved PR title matching to prevent incorrect PR overwrites
- This ensures major updates get proper individual review
Example: doctrine/dbal, laravel/framework, symfony/console each get separate PRs
chore: wip
chore: wip
fix: add git configuration to workflow to prevent commit failures
Adds git user.name and user.email configuration to prevent the
'Author identity unknown' error that was causing git CLI commits to fail.
fix: improve version classification to handle v-prefixed versions
This fixes the issue where Composer packages like laravel/framework
v10.48.29→v12.21.0 and symfony/console v6.4.23→v7.3.1 were incorrectly
classified as patch updates instead of major updates.
The regex now includes 'v' prefix in the version cleaning pattern.
chore: wip
fix: restore proper rebase matching logic and cleanup empty files
- Remove dangerous fallback to first group that was causing PR overwrites
- Add bidirectional package matching for exact group identification
- Add detailed logging when no matching group found
- Remove accidentally committed empty files
This ensures PR #20 type incidents won't happen again by making
rebase operations fail safely instead of overwriting wrong PRs.
chore: wip
fix: improve rebase PR matching logic to prevent incorrect overwrites
- Remove dangerous fallback to first group that caused wrong PR overwrites
- Add bidirectional package matching to ensure exact group matches
- Add detailed logging when no matching group is found
- Prevent future incidents like PR #20 being overwritten with wrong updates
This fixes the issue where the non-major updates PR was incorrectly
overwritten with a major Composer update during rebase.
fix: update package extraction regex to handle Composer PR format
The regex now correctly extracts package updates from both npm and Composer
PR tables, fixing the issue where 'Could not extract package updates from PR body'
was preventing rebase functionality from working on Composer PRs.
Before: Only handled npm format | [package] | [`version` -> `version`] |
After: Handles both npm and Composer formats including
| [package](link) | `version` -> `version` | file | status |
fix: properly separate major and non-major dependency updates
- Major updates (e.g. doctrine/dbal v3→v4) get individual PRs for careful review
- Non-major updates (minor/patch) get grouped into a single PR
- Uses default grouping behavior instead of custom groups
fix: group all package updates together regardless of version type
This ensures that major updates (like doctrine/dbal v3→v4) are grouped
with other dependency updates instead of being separated into individual PRs.
0 commit comments