-
Notifications
You must be signed in to change notification settings - Fork 938
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments not respected in package.json #4019
Comments
It doesn't look like this is a comment so much as a dependency named In general, I don't think we're going to change the behavior of special casing package names to not check for them (e.g., we won't change dependabot to ignore all future packages named "//"); it feels like the right answer here is to track those comments elsewhere (e.g. in an issue) or get the npm/yarn teams to support jsonc in |
I have been pointed to npm/feedback#56, which would allow for comments in I would need to think about how Dependabot should handle cases like this, since ideally we'd just hand it off to npm or yarn and they would handle this appropriately (likely just ignoring it if they know they can't update it), but since we do the file parsing ourselves, that's why we're running into this. |
It might be that yarn tries fetching it and ignores it, I'm not sure (ctrl+f "//" in yarn install's |
@A5rocks you're right, looks like |
Package ecosystem
npm
Package manager version
yarn 1.22.10
Language version
N/A
Manifest location and content prior to update
/frontend/package.json
:dependabot.yml content
Updated dependency
not very applicable
What you expected to see, versus what you actually saw
in the logs, I see:
basically, dependabot is checking the version of a json comment.
Native package manager behavior
as far as I can tell, yarn simply ignores the json comment
🕹 Bonus points: Smallest manifest that reproduces the issue
I think the error makes it pretty clear what reproduces this issue :^)
The text was updated successfully, but these errors were encountered: