Dependabot failed to fully bump the dependency; duplicated it instead #11369
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Is there an existing issue for this?
Package ecosystem
npm (using Yarn)
Package manager version
4.3.0
Language version
Node.js 22
Manifest location and content before the Dependabot update
https://github.com/wojtekmaj/react-clock/
dependabot.yml content
Empty (just opted in for security updates)
Updated dependency
vite, 6.0.5 to 6.0.9
What you expected to see, versus what you actually saw
I expected vite@^5.0.0 || ^6.0.0, ^6.0.0 to be resolved to 6.0.9
Instead I got vite@^6.0.0 resolved to 6.0.9, while ^5.0.0 || ^6.0.0 remained on 6.0.5, duplicating the dependency.
Native package manager behavior
TBD
Images of the diff or a link to the PR, issue, or logs
wojtekmaj/react-clock#239
Interestingly, a very similar repository did not experience this issue:
wojtekmaj/country-code-to-flag-emoji#93
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: