Address review comments: fix misleading comment, remove redundant stubs

Copilot · pavera · pavera · commit 9deb6eb9f46c · 2026-03-13T09:37:22.000-06:00
- Update comment in bun PackageJsonUpdater to accurately describe
  the raise behavior (matches npm_and_yarn version)
- Remove redundant enable_private_registry_for_corepack stub in
  file_updater_spec.rb (was stubbed true then overridden to false)
- Remove same redundant stub in npm_lockfile_updater_spec.rb

Co-authored-by: pavera &lt;660677+pavera@users.noreply.github.com&gt;
diff --git a/bun/lib/dependabot/bun/file_updater/package_json_updater.rb b/bun/lib/dependabot/bun/file_updater/package_json_updater.rb
@@ -61,8 +61,9 @@ def updated_package_json_content
               # "dependencies" list. For example, the dependencies object can contain same name dependency
               # "dep" => "1.0.0" and "dev" => "1.0.1" while package.json can only contain "dep" => "1.0.0".
               # The other dependency is not present in package.json so we don't have to update it — this is
-              # most likely a transitive dependency which only needs an update in the lockfile. We avoid
-              # throwing an exception and let the update continue.
+              # most likely a transitive dependency which only needs an update in the lockfile. For a batch
+              # with a single unique dependency name we tolerate this no-op update, but when multiple unique
+              # dependencies are being updated and none change the content we treat that as unexpected and raise.
               raise "Expected content to change!" if content == new_content && unique_deps_count > 1
 
               content = new_content
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater/npm_lockfile_updater_spec.rb
@@ -69,8 +69,6 @@
     FileUtils.mkdir_p(tmp_path)
     allow(Dependabot::Experiments).to receive(:enabled?)
       .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn)
-    allow(Dependabot::Experiments).to receive(:enabled?)
-      .with(:enable_private_registry_for_corepack).and_return(true)
     allow(Dependabot::Experiments).to receive(:enabled?)
       .with(:enable_private_registry_for_corepack).and_return(false)
   end
diff --git a/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb b/npm_and_yarn/spec/dependabot/npm_and_yarn/file_updater_spec.rb
@@ -66,8 +66,6 @@
     FileUtils.mkdir_p(tmp_path)
     allow(Dependabot::Experiments).to receive(:enabled?)
       .with(:enable_corepack_for_npm_and_yarn).and_return(enable_corepack_for_npm_and_yarn)
-    allow(Dependabot::Experiments).to receive(:enabled?)
-      .with(:enable_private_registry_for_corepack).and_return(true)
     allow(Dependabot::Experiments).to receive(:enabled?)
       .with(:enable_private_registry_for_corepack).and_return(false)
   end
