GithubHelp home page GithubHelp logo

Comments (3)

greysteil avatar greysteil commented on May 9, 2024

We haven't changed this for quite a while, but the logic is non-trivial, so it might just be that you're hitting a different path.

For apps (which we identify by checking they're not listed on npm) we update the requirement in the package.json unless the requirement is a range that is still satisfied. (If you're setting ranges in your package.json then we think it's unlikely you want them updating for in-range updates.)

For libraries (whose description in the package.json matches the description on npm) we only update the requirement in the package.json if the update is out of range. The assumption there is that library maintainers would want to keep their supported version ranges wide, in case they have integrators using --flat.

What's the repo you're seeing this behaviour on, and the thinking behind updating the package.json?

Thanks for the feedback!

from dependabot-core.

severen avatar severen commented on May 9, 2024

This is the repository.

The last commit from Dependabot to update package.json was severen/disposition@e950db75c3f5cd02985791c93c780727b631a125. So it seems this behavior has been going on for a while now and I've just not noticed. Either way it would be nice if there was an option for it.

from dependabot-core.

greysteil avatar greysteil commented on May 9, 2024

Thanks for the link - looks like Dependabot is definitely picking that up as a library, hence the update behaviour.

Can you give me a bit more detail on why you'd like updates to always affect the package.json? I can look into adding a setting for this, but it would really help to know why it would be useful.

from dependabot-core.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.