Package manager/ecosystem
npm
Manifest contents prior to update
https://gist.github.com/IvanPizhenko/5048a59c161a1208f29615242e97a5fe
Updated dependency
Bump date-fns from 2.16.1 to 2.17.0
What you expected to see, versus what you actually saw
I am using latest npm 7.5.2
After running npm install I have had lockfile package-lock.json of version 2.
After updating dependency by dependabot, lockfile version has changed to 1 and content has significantly changed.
What I expect is lockfile still version 2 and only minimum necessary changes related to that dependency version update are applied.
Images of the diff or a link to the PR, issue or logs
package.json and package-lock.json after update by dependabot and related diffs:
https://gist.github.com/IvanPizhenko/7b2fb0f5e0b390e2db8af21e0fa9ee43
Package manager/ecosystem
npm
Manifest contents prior to update
https://gist.github.com/IvanPizhenko/5048a59c161a1208f29615242e97a5fe
Updated dependency
Bump date-fns from 2.16.1 to 2.17.0
What you expected to see, versus what you actually saw
I am using latest npm 7.5.2
After running
npm installI have had lockfilepackage-lock.jsonof version 2.After updating dependency by dependabot, lockfile version has changed to 1 and content has significantly changed.
What I expect is lockfile still version 2 and only minimum necessary changes related to that dependency version update are applied.
Images of the diff or a link to the PR, issue or logs
package.jsonandpackage-lock.jsonafter update by dependabot and related diffs:https://gist.github.com/IvanPizhenko/7b2fb0f5e0b390e2db8af21e0fa9ee43