Comments (3)
We haven't changed this for quite a while, but the logic is non-trivial, so it might just be that you're hitting a different path.
For apps (which we identify by checking they're not listed on npm) we update the requirement in the package.json
unless the requirement is a range that is still satisfied. (If you're setting ranges in your package.json
then we think it's unlikely you want them updating for in-range updates.)
For libraries (whose description in the package.json
matches the description on npm) we only update the requirement in the package.json
if the update is out of range. The assumption there is that library maintainers would want to keep their supported version ranges wide, in case they have integrators using --flat
.
What's the repo you're seeing this behaviour on, and the thinking behind updating the package.json
?
Thanks for the feedback!
from dependabot-core.
This is the repository.
The last commit from Dependabot to update package.json
was severen/disposition@e950db75c3f5cd02985791c93c780727b631a125. So it seems this behavior has been going on for a while now and I've just not noticed. Either way it would be nice if there was an option for it.
from dependabot-core.
Thanks for the link - looks like Dependabot is definitely picking that up as a library, hence the update behaviour.
Can you give me a bit more detail on why you'd like updates to always affect the package.json
? I can look into adding a setting for this, but it would really help to know why it would be useful.
from dependabot-core.
Related Issues (20)
- Multi Directory Not Working for Helm Charts HOT 3
- dependabot-action for github enterprise is not using the latest docker image for dependabot-updater-gomod
- b0ff2adb8289ccb2514663136d8aade517b836ea
- ...`@dependabot recreate` is a bit of a misnomer. It should really be called `@dependabot force-rebase`. The only difference between `recreate` and `rebase` is that `rebase` fails if there are any additional commits in the branch, while `recreate` skips that check.
- [,.NET] System.IO.InvalidDataException when using MSBuild property functions
- Dependabot not pulling submodules before maven pom.xml since February 1
- Comment was adjusted instead of version in `cargo.toml`
- Dependabot updating packages from GitHub Packages has high data transfer out usage HOT 2
- Dependabot Gradle version update fails with "dependency_file_not_found" for files in git submodule HOT 1
- Dependabot sees updates but does not create PRs HOT 8
- [pub] Unexpected requirements_update_strategy bump_versions HOT 1
- Dependabot does not consider ignore rule
- Measure test coverage HOT 8
- not able to parse pyproject.toml if contain property" package-mode=false" HOT 2
- Dependabot security alerts for Rust recommend updating a dependency that is only indirect, which is not the right fix
- Timeout HOT 13
- Dependabot::Sorbet::Runtime::InformationalError: Parameter 'requirements': Expected type T::Array[T::Hash[T.any(String, Symbol), T.untyped]], got ...
- Dependabot::Sorbet::Runtime::InformationalError: Return value: Expected type String, got type NilClass
- Dependabot::Sorbet::Runtime::InformationalError: Parameter 'source_url': Expected type String, got type NilClass
- NuGet update checker can return `nil` for `latest_version`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependabot-core.