Is there an existing issue for this?
Package ecosystem
pnpm
Package manager version
pnpm 9.15.4
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
eslint from 9.20.0 to 9.20.1
What you expected to see, versus what you actually saw
Only eslint and what's necessary should be bumped
Native package manager behavior
Unnecessary bumps occur.
For instance:
ts-node has a "@types/node": "*", dependency, so it should not require a bump of @types/node.
This is a problem, because this results in:
- unexpected patches being applied within the repository, which are not being reviewed and could break production
- in the case of
@types/node, conflicts with other @types/node versions in the repository, resulting in type checking issues
I'm not 100% sure, but it looks like it might only be happening with * transitive dependencies.
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
Is there an existing issue for this?
Package ecosystem
pnpm
Package manager version
pnpm
9.15.4Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
eslint from 9.20.0 to 9.20.1
What you expected to see, versus what you actually saw
Only eslint and what's necessary should be bumped
Native package manager behavior
Unnecessary bumps occur.
For instance:
ts-node has a
"@types/node": "*",dependency, so it should not require a bump of@types/node.This is a problem, because this results in:
@types/node, conflicts with other@types/nodeversions in the repository, resulting in type checking issuesI'm not 100% sure, but it looks like it might only be happening with
*transitive dependencies.Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response