Ensure updated dependencies are correctly included when building dependency change instance #7358
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bdragon
force-pushed
the
bdragon/npm-group-rules
branch
from
699216c
to
8ad38b2
Compare
brrygrdn
approved these changes
May 23, 2023
Nishnha
reviewed
May 23, 2023
There was a problem hiding this comment.
Nice!
I had to walk through this with an example to really understand the change:
- Previously, for an update like
lodash ( from 4.17.15 to 4.17.21 )with the requirement^4.17.15, the guard clause would reject the updated dependency because the requirement has not changed. - Now, with this patch, the guard clause will *fail* since the requirements have not changed. So instead of rejecting the dependency update early, the next line of code can execute.
- The next line of code,
d.version == d.previous_versionsees that the version did change and the dependency update is no longer rejected!
The (now passing) smoke test + the existing unit tests give me some confidence that this won't break anything, but I think we should monitor our dashboards closely when we roll this out
I think this also resolves #7356 ?
Nishnha
approved these changes
May 23, 2023
bdragon
force-pushed
the
bdragon/npm-group-rules
branch
from
a66978a
to
408f8f4
Compare
Ensures that (a) a dependency whose version has changed but whose requirements have not changed is still included in the generated dependency change instance, and (b) a dependency whose requirements have changed but whose version has not changed is still included in the generated dependency change instance.
brrygrdn
force-pushed
the
bdragon/npm-group-rules
branch
from
408f8f4
to
62914f8
Compare
abdulapopoola
added
the
F: grouped-updates 🎳
1 task
This was referenced Jul 6, 2023
brettfo
pushed a commit
to brettfo/dependabot-core
that referenced
this pull request
Oct 11, 2023
…rules Ensure updated dependencies are correctly included when building dependency change instance
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ensures that (a) a dependency whose version has changed but whose requirements have not changed is still included in the generated dependency change instance, and (b) a dependency whose requirements have changed but whose version has not changed is still included in the generated dependency change instance.
Should unblock dependabot/smoke-tests#72