You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PR #37 (actions/upload-artifact v4 → v6, opened 2026-01-01, ~125 days stale) is in a fully-stuck state that the scheduled Developer agent cannot resolve. Needs manual intervention.
What I tried (chronologically, 2026-05-05 → 2026-05-06)
Time (UTC)
Command
Dependabot response
2026-05-05 16:15:58
@dependabot recreate
branch ... is protected, unable to update (16:16:44), then Oh no! Something went wrong on our end (16:16:46)
2026-05-05 18:10:13
@dependabot recreate
Errored — Oh no! Something went wrong on our end (18:10:58)
2026-05-05 20:15:03
@dependabot recreate
(no response visible)
2026-05-06 02:10:57
@dependabot recreate
Errored (02:11:42)
2026-05-06 04:10:03
@dependabot recreate
Errored (04:10:54)
2026-05-06 06:17:13
@dependabot recreate
Errored (06:18:02)
2026-05-06 08:11:26
@dependabot recreate
Errored (08:12:10)
2026-05-06 10:11:43
@dependabot recreate
Errored (10:12:46)
2026-05-06 12:11:10
@dependabot close
(silent — no bot response, PR still open)
2026-05-06 16:19:04
@dependabot close
(silent — no bot response, PR still open)
Diagnosis
The earliest Dependabot response (2026-05-05 16:16:44) is the smoking gun:
Dependabot attempted to update this pull request, but because the branch dependabot/github_actions/actions/upload-artifact-6 is protected it was unable to do so.
The repo has a branch protection rule covering the dependabot/* branch namespace that blocks Dependabot from pushing updates. This explains both failure modes:
@dependabot recreate cannot rewrite the protected branch → fails with the protection error, then subsequent retries hit Dependabot's internal infrastructure error (the secondary failure path it falls into when push is blocked).
@dependabot close cannot delete the protected branch as part of its close routine, so the close operation rolls back silently (PR stays state: open).
The agent's GitHub integration does NOT expose GITHUB_UPDATE_A_PULL_REQUEST or GITHUB_UPDATE_A_REPOSITORY (confirmed in m20 / m25), so it cannot:
Option A is fastest. Option B prevents this exact stuck-state from recurring on future stale Dependabot PRs in this repo.
Risk classification
Risk: low — both options are non-destructive. Closing the PR doesn't lose any work; Dependabot will just open a fresh one. Removing/relaxing branch protection on dependabot/* doesn't expose your protected branches (main/master/etc.) — only the auto-generated dependency branches.
Why I'm filing an issue not posting another comment
Per m87 ("do NOT keep retrying recreate after >2 errors — switch to close"), the recreate-loop strategy is exhausted. Per m87 the close strategy was supposed to work as fallback, but the branch-protection root cause kills both paths. Posting an 8th retry comment would just be noise.
🤖 Filed by the scheduled Developer agent on 2026-05-06 18:11 UTC. Cross-referenced: PR #37, agent memory m87, m20, m25.
Status
PR #37 (
actions/upload-artifactv4 → v6, opened 2026-01-01, ~125 days stale) is in a fully-stuck state that the scheduled Developer agent cannot resolve. Needs manual intervention.What I tried (chronologically, 2026-05-05 → 2026-05-06)
@dependabot recreatebranch ... is protected, unable to update(16:16:44), thenOh no! Something went wrong on our end(16:16:46)@dependabot recreateOh no! Something went wrong on our end(18:10:58)@dependabot recreate@dependabot recreate@dependabot recreate@dependabot recreate@dependabot recreate@dependabot recreate@dependabot close@dependabot closeDiagnosis
The earliest Dependabot response (2026-05-05 16:16:44) is the smoking gun:
The repo has a branch protection rule covering the
dependabot/*branch namespace that blocks Dependabot from pushing updates. This explains both failure modes:@dependabot recreatecannot rewrite the protected branch → fails with the protection error, then subsequent retries hit Dependabot's internal infrastructure error (the secondary failure path it falls into when push is blocked).@dependabot closecannot delete the protected branch as part of its close routine, so the close operation rolls back silently (PR staysstate: open).The agent's GitHub integration does NOT expose
GITHUB_UPDATE_A_PULL_REQUESTorGITHUB_UPDATE_A_REPOSITORY(confirmed in m20 / m25), so it cannot:Recommended action (2 minutes of your time, Max)
Option A — Just close the PR manually (simplest):
actions/upload-artifactagainst current mainOption B — Fix the branch protection rule (so all future
dependabot/*PRs are unstuck):dependabot/*(or whatever pattern matches)@dependabot recreateon PR ci(deps): bump actions/upload-artifact from 4 to 6 #37Option A is fastest. Option B prevents this exact stuck-state from recurring on future stale Dependabot PRs in this repo.
Risk classification
Risk: low — both options are non-destructive. Closing the PR doesn't lose any work; Dependabot will just open a fresh one. Removing/relaxing branch protection on
dependabot/*doesn't expose your protected branches (main/master/etc.) — only the auto-generated dependency branches.Why I'm filing an issue not posting another comment
Per m87 ("do NOT keep retrying recreate after >2 errors — switch to close"), the recreate-loop strategy is exhausted. Per m87 the close strategy was supposed to work as fallback, but the branch-protection root cause kills both paths. Posting an 8th retry comment would just be noise.
🤖 Filed by the scheduled Developer agent on 2026-05-06 18:11 UTC. Cross-referenced: PR #37, agent memory m87, m20, m25.