Dependabot-core: Dependabot not updating package.json

Created on 5 Oct 2020  路  7Comments  路  Source: dependabot/dependabot-core

Package manager/ecosystem
npm, Javascript

Manifest contents prior to update
Link https://github.com/Lucaslah/InkStatus/pull/40/files

Updated dependency
systeminformation

What you expected to see, versus what you actually saw

It updated systeminformation in the package-lock.json but not in the package.json, I wanted it to update it in my package.json as well.
Images of the diff or a link to the PR, issue or logs

Link to pull request that dependabot opened: https://github.com/Lucaslah/InkStatus/pull/40
Link to package-lock.json https://github.com/Lucaslah/InkStatus/blob/master/package-lock.json
Link to package.json: https://github.com/Lucaslah/InkStatus/blob/master/package.json

bug 馃悶
Source
picture Lucaslah

All 7 comments

You can set the versioning-strategy to increase as per these docs: https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/configuration-options-for-dependency-updates#versioning-strategy

jurre picture jurre on 6 Oct 2020

Ok, I鈥檒l try that out.

Lucaslah picture Lucaslah on 6 Oct 2020
👍1

It now has been one day since I changed the dependabot.yml file, still no open pull requests to bump systeminformation up to date.
Any ideas?

Lucaslah picture Lucaslah on 7 Oct 2020

It now has been one day since I changed the dependabot.yml file, still no open pull requests to bump systeminformation up to date.
Any ideas?

That dependency is already on the latest version (https://www.npmjs.com/package/systeminformation/v/4.27.7) so it cannot/does not need to be updated.

jurre picture jurre on 8 Oct 2020

https://github.com/Lucaslah/InkStatus/blob/cb169bc36d38b1cbc1afa2cd79d5efa06bfd6f0c/package.json#L30 shows that in package.json, systeminformation is at 4.27.3 not 4.27.7.
In package-lock.json dependabot updated systeminformation to 4.27.7, but not in my package.json.

Lucaslah picture Lucaslah on 8 Oct 2020

The ^4.27.3 means use any version greater than 4.27.3 but smaller than 5.0, the package.lock is what holds the actual version that's being used.

jurre picture jurre on 8 Oct 2020

The ^4.27.3 means use any version greater than 4.27.3 but smaller than 5.0, the package.lock is what holds the actual version that's being used.

Ok, Thanks
I did not know that.

Lucaslah picture Lucaslah on 9 Oct 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

byjrack picture byjrack  路  3Comments
tjwallace picture tjwallace  路  3Comments
exequiel09 picture exequiel09  路  4Comments
bennycode picture bennycode  路  3Comments
glenn-jocher picture glenn-jocher  路  3Comments