dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

Published 20 hours ago verified publisher icon dependabot

Says no update needed for private npm package even though new patch version available

Open papatelst opened this issue 1 year ago • 0 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Package ecosystem

npm

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

/package.json package.json

dependabot.yml content

version: 2 registries: companyname: type: npm-registry url: https://registry.npmjs.org token: ${{secrets.NPM_READONLY_TOKEN}} updates:

  • package-ecosystem: "npm" directory: "/" registries:
    • companyname schedule: interval: "weekly" allow:
    • dependency-name: "@companyname/packagename" reviewers:
    • "reviewername" versioning-strategy: increase

Updated dependency

No response

What you expected to see, versus what you actually saw

Actual: logs says - No update needed for my private npm package whose name I have replaced ie @companyname/packagename 1.0.3, even though it recognizes that "Latest version is 1.0.3" as seen in logs Expected: Create a PR for the reviewer to update the private package name from "@companyname/packagename": "^1.0.1", to "@companyname/packagename": "^1.0.3" in package.json

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

updater | 2024/02/22 18:04:13 INFO <job_790946587> Starting job processing updater | 2024/02/22 18:04:14 INFO <job_790946587> Starting update job for companyname/reponame updater | 2024/02/22 18:04:14 INFO <job_790946587> Checking all dependencies for version updates... updater | 2024/02/22 18:04:14 INFO <job_790946587> Checking if @companyname/packagename 1.0.3 needs updating proxy | 2024/02/22 18:04:14 [015] GET https://registry.npmjs.org:443/@companyname%2Fpackagename proxy | 2024/02/22 18:04:14 [015] * authenticating npm registry request (host: registry.npmjs.org, token auth) proxy | 2024/02/22 18:04:14 [015] 200 https://registry.npmjs.org:443/@companyname%2Fpackagename proxy | 2024/02/22 18:04:14 [019] HEAD https://registry.npmjs.org:443/@companyname/packagename/-/packagename-1.0.3.tgz proxy | 2024/02/22 18:04:14 [019] * authenticating npm registry request (host: registry.npmjs.org, token auth) proxy | 2024/02/22 18:04:15 [019] 200 https://registry.npmjs.org:443/@companyname/packagename/-/packagename-1.0.3.tgz updater | 2024/02/22 18:04:15 INFO <job_790946587> Latest version is 1.0.3 updater | 2024/02/22 18:04:15 INFO <job_790946587> No update needed for @companyname/packagename 1.0.3 updater | 2024/02/22 18:04:15 INFO <job_790946587> Finished job processing updater | time="2024-02-22T18:04:15Z" level=info msg="task complete" container_id=job-790946587-updater exit_code=0 job_id=790946587 step=updater

Smallest manifest that reproduces the issue

No response

papatelst avatar Feb 22 '24 23:02 papatelst