dependabit / manifest/src / updateDependency
Function: updateDependency()
function updateDependency(
path,
dependencyId,
updates): Promise<{
dependencies: {
accessMethod: "context7" | "arxiv" | "openapi" | "github-api" | "http";
auth?: {
secretEnvVar?: string;
type: "token" | "oauth" | "basic" | "none";
};
changeHistory: {
detectedAt: string;
falsePositive: boolean;
issueNumber?: number;
newVersion?: string;
oldVersion?: string;
severity: "breaking" | "major" | "minor";
}[];
currentStateHash: string;
currentVersion?: string;
description?: string;
detectedAt: string;
detectionConfidence: number;
detectionMethod: | "llm-analysis"
| "manual"
| "package-json"
| "requirements-txt"
| "code-comment";
id: string;
lastChanged?: string;
lastChecked: string;
monitoring?: {
checkFrequency: "hourly" | "daily" | "weekly" | "monthly";
enabled: boolean;
ignoreChanges: boolean;
severityOverride?: "breaking" | "major" | "minor";
};
name: string;
referencedIn: {
context?: string;
file: string;
line?: number;
}[];
type: | "reference-implementation"
| "schema"
| "documentation"
| "research-paper"
| "api-example"
| "other";
url: string;
}[];
generatedAt: string;
generatedBy: {
action: string;
llmModel?: string;
llmProvider: string;
version: string;
};
repository: {
branch: string;
commit: string;
name: string;
owner: string;
};
statistics: {
averageConfidence: number;
byAccessMethod: Record<string, number>;
byDetectionMethod: Record<string, number>;
byType: Record<string, number>;
falsePositiveRate?: number;
totalDependencies: number;
};
version: "1.0.0";
}>;Defined in: packages/manifest/src/manifest.ts:102
Updates a single dependency entry in the on-disk manifest by ID.
Parameters
| Parameter | Type | Description |
|---|---|---|
path | string | Path to the manifest file. |
dependencyId | string | UUID of the dependency to update. |
updates | Partial<DependencyEntry> | Partial DependencyEntry fields to merge. |
Returns
Promise<{ dependencies: { accessMethod: "context7" | "arxiv" | "openapi" | "github-api" | "http"; auth?: { secretEnvVar?: string; type: "token" | "oauth" | "basic" | "none"; }; changeHistory: { detectedAt: string; falsePositive: boolean; issueNumber?: number; newVersion?: string; oldVersion?: string; severity: "breaking" | "major" | "minor"; }[]; currentStateHash: string; currentVersion?: string; description?: string; detectedAt: string; detectionConfidence: number; detectionMethod: | "llm-analysis" | "manual" | "package-json" | "requirements-txt" | "code-comment"; id: string; lastChanged?: string; lastChecked: string; monitoring?: { checkFrequency: "hourly" | "daily" | "weekly" | "monthly"; enabled: boolean; ignoreChanges: boolean; severityOverride?: "breaking" | "major" | "minor"; }; name: string; referencedIn: { context?: string; file: string; line?: number; }[]; type: | "reference-implementation" | "schema" | "documentation" | "research-paper" | "api-example" | "other"; url: string; }[]; generatedAt: string; generatedBy: { action: string; llmModel?: string; llmProvider: string; version: string; }; repository: { branch: string; commit: string; name: string; owner: string; }; statistics: { averageConfidence: number; byAccessMethod: Record<string, number>; byDetectionMethod: Record<string, number>; byType: Record<string, number>; falsePositiveRate?: number; totalDependencies: number; }; version: "1.0.0"; }>
The updated manifest.
Throws
If no dependency with dependencyId is found.
Throws
If the merged entry fails schema validation.
Pitfalls
- This function performs a read–modify–write cycle. Concurrent calls with the same
pathand differentdependencyIdvalues will race and one write will silently overwrite the other. Use a file lock or serialise calls if running multiple monitors in parallel.