I tried this extension in a local Azure DevOps Server instance with a custom port 8443. But it seems the port is lost in the job definition, though it contains the host and the correct endpoint.
Found configuration file cloned at /opt/azagent/_work/106/s/.azuredevops/dependabot.yml
🌎 🠊 [GET] https://on.prem.com:8443/tfs/Coll/Proj/_apis/git/repositories/javascript-project/refs?api-version=5.0
🌎 🠈 [200] OK
🌎 🠊 [GET] https://on.prem.com:8443/tfs/Coll/_apis/connectiondata?api-version=5.0-preview
🌎 🠈 [200] OK
🌎 🠊 [GET] https://on.prem.com:8443/tfs/Coll/Proj/_apis/git/repositories/javascript-project/pullrequests?api-version=5.0&searchCriteria.creatorId=b47349a4-fd1b-40bc-8a15-9dc3bc21e4e6&searchCriteria.status=active
🌎 🠈 [200] OK
API server listening on http://localhost:34929
Pulling image ghcr.io/dependabot/dependabot-updater-npm:v2.0.20260321013749@sha256:ccb857ca00b4f2f430c082998f0e57291e975d978b114b983aa492d3e5215006 (attempt 1)...
Processing 'record_metrics' for job ID '3145143298'
Successfully sent metric (dependabot.action.ghcr_image_pull) to remote API endpoint
Pulled image ghcr.io/dependabot/dependabot-updater-npm:v2.0.20260321013749@sha256:ccb857ca00b4f2f430c082998f0e57291e975d978b114b983aa492d3e5215006
Pulling image ghcr.io/dependabot/proxy:v2.0.20260317021138@sha256:b15dfd93b7f538b5a9a3552d7a3496a64d94f289c0f1a6facb6896fd589d4a58 (attempt 1)...
Processing 'record_metrics' for job ID '3145143298'
Successfully sent metric (dependabot.action.ghcr_image_pull) to remote API endpoint
Pulled image ghcr.io/dependabot/proxy:v2.0.20260317021138@sha256:b15dfd93b7f538b5a9a3552d7a3496a64d94f289c0f1a6facb6896fd589d4a58
Created proxy container: 1dd8d8d0506dddfca5762282af338f22cf50aee31400403c6cc74574574c8a7c
Created container: aadf6f404ed4c116b9365a6f189dab5b97696a524d7abf83f7d8373d9d5c2c82
proxy | 2026/03/31 12:32:02 proxy starting, commit: 85820b3bc57308c239dd0275deb0cc036773e144
proxy | 2026/03/31 12:32:02 GitHubAPIHandler has no app access tokens
proxy | 2026/03/31 12:32:02 Listening (:1080)
Started container aadf6f404ed4c116b9365a6f189dab5b97696a524d7abf83f7d8373d9d5c2c82
updater | Updating certificates in /etc/ssl/certs...
updater | rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
updater | 1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
updater | done.
updater | 2026/03/31 12:32:05 INFO <job_3145143298> Starting job processing
updater | 2026/03/31 12:32:05 INFO <job_3145143298> Job definition: {"job":{"id":"3145143298","command":"update","package-manager":"npm_and_yarn","updating-a-pull-request":false,"dependency-group-to-refresh":null,"dependency-groups":[],"dependencies":null,"allowed-updates":[{"dependency-type":"direct","update-type":"all"}],"ignore-conditions":[],"security-updates-only":false,"security-advisories":[],"source":{"provider":"azure","api-endpoint":"https://on.prem.com:8443/tfs/","hostname":"on.prem.com","repo":"tfs/Coll/Proj/_git/javascript-project","commit":null,"directory":"/src-ts/"},"update-subdependencies":false,"existing-pull-requests":[],"existing-group-pull-requests":[],"commit-message-options":{"prefix":null,"prefix-development":null,"include-scope":null},"experiments":{"record-ecosystem-versions":true,"record-update-job-unknown-error":true,"proxy-cached":true,"enable-corepack-for-npm-and-yarn":true,"enable-private-registry-for-corepack":true,"avoid-duplicate-updates-package-json":true,"allow-refresh-for-existing-pr-dependencies":true,"allow-refresh-group-with-all-dependencies":true,"azure-registry-backup":true,"enable-enhanced-error-details-for-updater":true,"gradle-lockfile-updater":true,"enable-exclude-paths-subdirectory-manifest-files":true,"group-membership-enforcement":true,"enable_beta_ecosystems":true},"reject-external-code":false,"requirements-update-strategy":null,"lockfile-only":false,"vendor-dependencies":false,"repo-private":true,"debug":false,"proxy-log-response-body-on-auth-failure":true,"max-updater-run-time":2700,"enable-beta-ecosystems":false,"multi-ecosystem-update":false,"credentials-metadata":[{"type":"git_source","host":"on.prem.com"}]}}
updater | 2026/03/31 12:32:05 INFO <job_3145143298> Connectivity check starting
updater | 2026/03/31 12:32:05 ERROR <job_3145143298> Connectivity check failed: "tfs/Coll/Proj/_git/javascript-project" is invalid as a repository identifier. Use the user/repo (String) format, or the repository ID (Integer), or a hash containing :repo and :user keys.
proxy | 2026/03/31 12:32:05 [002] GET https://on.prem.com:443/tfs/Coll/Proj/_git/javascript-project.git/info/refs?service=git-upload-pack
proxy | 2026/03/31 12:32:05 [002] * authenticating git server request (host: on.prem.com)
proxy | 2026/03/31 12:32:05 [002] WARN: Cannot read TLS response from mitm'd server dial tcp 158.226.215.73:443: connect: connection refused
After fixing the port issue this resulted in another problem with git not being able to get the configured credentials:
updater | 2026/04/01 07:18:17 INFO <job_2497364961> Started process PID: 1178 with command: {} git clone --no-tags --depth 1 --recurse-submodules --shallow-submodules https://on.prem.com:8443/tfs/Coll/Proj/_git/javascript-project /home/dependabot/dependabot-updater/repo {}
proxy | 2026/04/01 07:18:17 [006] GET https://on.prem.com:8443/tfs/Coll/Proj/_git/javascript-project/info/refs?service=git-upload-pack
proxy | 2026/04/01 07:18:17 [006] 401 https://on.prem.com:8443/tfs/Coll/Proj/_git/javascript-project/info/refs?service=git-upload-pack
2026/04/01 07:18:17 [006] Remote response:
<!DOCTYPE html>
<html>
<head>
<title>TF400813: Resource not available for anonymous access. Client authentication required. - Azure DevOps Server</title>
After fixing this, it started to work. This issue just prepares the pull request for my changes. Ty for providing this for Azure DevOps Users.
Categorization
This is not a permissions issue (Seek help at 403 error when Dependabot tries to create a pull request #1245)
This is an issue specific to Azure DevOps or this repository and does not belong in dependabot-core.
Specific issues for dependabot are solved faster in the core repository. For example, why a package version is skipped.
Trying out this behaviour in the GitHub Hosted version can help you pinpoint where it lies.
I have linked a public reproduction of the specific issue or none is required because the issue is not specific to me.
Please note that you can create a public organization/project and repository to show the issue. This tends to accelerate resolution.
Repository
No response
Steps to reproduce
I tried this extension in a local Azure DevOps Server instance with a custom port 8443. But it seems the port is lost in the job definition, though it contains the host and the correct endpoint.
This is the instance example URL including collection and project: https://on.prem.com:8443/tfs/Coll/Proj
Here is the log:
After fixing the port issue this resulted in another problem with git not being able to get the configured credentials:
After fixing this, it started to work. This issue just prepares the pull request for my changes. Ty for providing this for Azure DevOps Users.
Expected behavior
Works with Azure DevOps Server (On Prem) with custom ports
Logs and screenshots
No response
Extension Host
Azure DevOps Server
Extension Version
2.65.5
Server Region
No response
Server Version
2022
Additional context
No response