【npm_and_yarn】PR not created silently when PeerDependency unmet, need infomation.

[kazuooooo]

Hi, I want Dependabot provide more information when peerDpendency unmet in npm_and_yarn.

In my project, I noticed update PR for typescript is not created otherwise there is a new version.

I tried dry-run for typescript but, there are no useful information and I don't know why PR is not created.

ruby ./bin/dry-run.rb npm_and_yarn moneyforward/mf_attendance --dep typescript
=> dumping fetched dependency files: ./dry-run/moneyforward/mf_attendance/
=> parsing dependency files
=> updating 1 dependencies: typescript

=== typescript (3.9.10)
 => checking for updates 1/1
 => latest available version is 4.6.2
 => latest allowed version is 3.9.10

 => requirements to unlock: update_not_possible # I don't know why🥺
 => requirements update strategy: bump_versions
    (no update possible 🙅‍♀️)  

Minimum reproduce repository here

To inspect peerDependency problem, I need to add debug log to npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/version_resolver.rb like this commit

ruby ./bin/dry-run.rb npm_and_yarn moneyforward/mf_attendance --dep typescript
...
【❌typescript : 4.0.2】doesn't meet peerDependency >=3.4 <4.0 by ts-jest
【✅typescript : 3.9.10】 meet peerDependency >=3.4 <4.0 by ts-jest

From this log, I noticed ts-jest's peerDependency limit typescript under <4.0.

Moreover,

【❌ ts-jest:26.0.0】 project dependency to jest:^25.5.4 in package.json doesn't meet ts-jest peerDependencies >= 26, < 27
【✅ ts-jest:25.5.0】 project dependency to jest:^25.5.4 in package.json  meet ts-jest peerDependencies >= 25, < 26
...

From this log, I noticed a mismatch project's dependency to jest@25.5.4 and ts-jest's PeerDependency>= 26, < 27 prevents version up of jest.

At last, I've resolve the problem by updating jest and ts-jest manually.
I think

• Many projects have this problem, but it is left unnoticed.
• It's very hard to debug this problem.

So I want Dependabot provide useful peerDependency information of no update possible.

Thanks,

[exvuma]

@kazuooooo Thanks for providing us such beautiful detail! We are looking into this issue of unmet peer dependencies. I am trying to ensure I understood your problem precisely. I toyed with describing this problem in figma too 😄

1. Does the diagram above look somewhere accurate to the behavior you described ?
2. Could you confirm that none of those dependencies were updated?
3. Since I don't see any open PRs in that test repo , Would you share the security alert this was for ? Or even better open that PR again on the test repo :)

Thanks for your help and for opening this issue !

[jeffwidman]

Closing due to lack of user response...

[jeffwidman]

It looks like this might be reproducible here:

• Version update: typescript as a PeerDependency dsp-testing/dependabot-unmet-peer-dependency#3