Update npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb

pavera · Copilot · web-flow · commit f2ef409e563d · 2026-03-12T12:50:18.000-06:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb b/npm_and_yarn/lib/dependabot/npm_and_yarn/file_updater/package_json_updater.rb
@@ -61,8 +61,9 @@ def updated_package_json_content
               # "dependencies" list. For example, the dependencies object can contain same name dependency
               # "dep" => "1.0.0" and "dev" => "1.0.1" while package.json can only contain "dep" => "1.0.0".
               # The other dependency is not present in package.json so we don't have to update it — this is
-              # most likely a transitive dependency which only needs an update in the lockfile. We avoid
-              # throwing an exception and let the update continue.
+              # most likely a transitive dependency which only needs an update in the lockfile. For a batch
+              # with a single unique dependency name we tolerate this no-op update, but when multiple unique
+              # dependencies are being updated and none change the content we treat that as unexpected and raise.
               raise "Expected content to change!" if content == new_content && unique_deps_count > 1
 
               content = new_content
