package.json not always updated for monorepo with Lerna

Question

package.json not always updated for monorepo with Lerna

loremaps opened this issue 5 years ago · 6 comments

Many thanks for this script 👍 !

I have a lerna monorepo and the MRs do not always include updates for the package.json files. The dependencies seems to be tracked correctly and the package-lock.json files are always updated.

For example:

Here only one package.json got updated, although both packages have exactly the same version. The other was not updated.

For other dependencies I get only updates on the package-lock.json only.
For some other dependency everything got updated correctly.

Any ideas? Should I report this upstream?

Answer 1 · 2019-06-07T10:23:43.000Z

Yes, this is a dependabot-core issue. Thanks for reporting!
I am planning to use lerna soon.

Answer 2 · 2019-06-07T11:39:55.000Z

This will be because of the update strategy you're using here. If you want Dependabot to always update your package.json set bump_versions as the update strategy.

Answer 3 · 2019-06-07T11:55:55.000Z

Will do! @greysteil thanks for your help!

Answer 4 · 2019-06-07T12:04:18.000Z

No worries! For reference, the current possible strategies are:

{
  "npm_and_yarn" => %w(auto widen_ranges bump_versions bump_versions_if_necessary),
  "composer" => %w(auto widen_ranges bump_versions bump_versions_if_necessary),
  "dep" => %w(auto widen_ranges bump_versions),
  "bundler" => %w(auto bump_versions bump_versions_if_necessary),
}

Answer 5 · 2019-06-07T12:12:12.000Z

@loremaps feel free to reopen if something does not work for you. 👍

Answer 6 · 2019-06-07T12:59:32.000Z

Many thanks @sobolevn and @greysteil. Just a small fix in #40