Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
Typescript's definitely typed dependencies are updated in the version resolver after the main dependency has been updated.
Unfortunately, for grouped updates, when the definitely typed dependency is not a direct dependency or, even when it is a direct dependency, if the update does not change the requirements in the manifest file, then the dependency is not updated.
This may also apply to other dependencies that should be updated when another package updates.
For example, an update would be missing the update for @types/lodash ( from 4.14.181 to 4.14.194 ) when it should look like:
+------------------------------------------------------------------------------------------------------------------------------------+
| Changes to Dependabot Pull Requests |
+---------+--------------------------------------------------------------------------------------------------------------------------+
| created | fetch-factory ( from 0.0.1 to 0.2.1 ), lodash ( from 4.17.15 to 4.17.21 ), @types/lodash ( from 4.14.181 to 4.14.194 ) |
| created | @babel/cli ( from 7.16.0 to 7.21.0 ), @babel/core ( from 7.16.0 to 7.21.4 ), @babel/eslint-parser ( from 7.16.0 to 7.... |
| created | babel-jest ( from 28.1.1 to 29.5.0 ), diff-sequences ( from 28.1.1 to 29.4.3 ), eslint-plugin-jest ( from 26.5.3 to 2... |
| created | @typescript-eslint/eslint-plugin ( from 5.27.1 to 5.59.1 ), @typescript-eslint/parser ( from 5.27.1 to 5.59.1 ), esli... |
| created | @types/node ( from 18.16.2 to 20.1.3 ) |
| created | @types/semver ( from 7.3.13 to 7.5.0 ) |
| created | caniuse-lite ( from 1.0.30001481 to 1.0.30001486 ) |
| created | core-js-compat ( from 3.30.1 to 3.30.2 ) |
| created | electron-to-chromium ( from 1.4.377 to 1.4.392 ) |
| created | espree ( from 9.5.1 to 9.5.2 ) |
+---------+--------------------------------------------------------------------------------------------------------------------------+
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Is there an existing issue for this?
Package ecosystem
npm
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
Typescript's definitely typed dependencies are updated in the version resolver after the main dependency has been updated.
Unfortunately, for grouped updates, when the definitely typed dependency is not a direct dependency or, even when it is a direct dependency, if the update does not change the requirements in the manifest file, then the dependency is not updated.
This was discovered as part of https://github.com/dependabot/dependabot-core/pull/7307#issuecomment-1546022407
This may also apply to other dependencies that should be updated when another package updates.
For example, an update would be missing the update for
@types/lodash ( from 4.14.181 to 4.14.194 )
when it should look like:Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response