taze ignores valid updates #189
Description
Describe the bug
When I run taze (npx taze) in a project with the following dependencies:
{
"name": "test",
"version": "1.0.0",
"type": "module",
"main": "./dist/index.js",
"engines": {
"node": ">=22.14.0"
},
"scripts": {
},
"dependencies": {
"fastify": "^5.2.1",
"pino": "^9.6.0",
"prom-client": "^15.1.3",
"smol-toml": "^1.3.1",
"undici": "^7.4.0",
"zod": "^3.24.2"
},
"types": "./dist/index.d.ts",
"exports": {
".": {
"types": "./dist/index.d.ts",
"import": "./dist/index.js"
}
},
"files": [
"dist",
"src",
"tsconfig.json",
"tsconfig.build.json"
],
"devDependencies": {
"@eslint/js": "^9.21.0",
"@types/node": "^22.13.9",
"cobertura": "^1.0.3",
"eslint": "^9.21.0",
"globals": "^15.15.0",
"npm-run-all2": "^7.0.2",
"pino-pretty": "^13.0.0",
"prettier": "^3.5.3",
"rimraf": "^6.0.1",
"tsc-alias": "^1.8.11",
"tsx": "^4.19.3",
"typescript": "~5.8",
"typescript-eslint": "^8.26.0"
}
}
It will not update the dependencies to the maximum allowed versions.
The first time I ran it:
npx taze
xxx - 6 minor, 3 patch
dependencies
zod ~4mo ^3.24.2 → ^3.25.61 ~6d (3.25.67 available)
fastify ~5mo ^5.2.1 → ^5.2.2 ~3mo (5.4.0 available)
smol-toml ~7mo ^1.3.1 → ^1.3.4 ~2mo
devDependencies
@eslint/js ~4mo ^9.21.0 → ^9.24.0 ~2mo (9.29.0 available)
@types/node ~4mo ^22.13.9 → ^22.15.18 ~1mo (24.0.3 available)
eslint ~4mo ^9.21.0 → ^9.24.0 ~2mo (9.29.0 available)
tsx ~4mo ^4.19.3 → ^4.20.2 ~5d (4.20.3 available)
typescript-eslint ~4mo ^8.26.0 → ^8.30.0 ~2mo (8.34.1 available)
typescript ~5.8 → ~5.8.3 ~2mo
Then I run it with -w and execute npm i. When I then check the versions again:
npx taze minor
dependencies are already up-to-date
And:
npx taze major
xxx - 2 major
devDependencies
globals ~4mo ^15.15.0 → ^16.1.0 ~1mo (16.2.0 available)
npm-run-all2 ~6mo ^7.0.2 → ^8.0.4 ~23d
Where has e.g. the update for fastify gone?
npm info fastify
[email protected] | MIT | deps: 15 | versions: 299
[...]
dist-tags:
latest: 5.4.0 four: 4.29.1 three: 3.29.5
In general nearly none of the packages got updated to their allowed max-verison allowed by ^, why?
Reproduction
See description & attached package-lock.json
System Info
System:
OS: macOS 15.5
CPU: (12) arm64 Apple M3 Pro
Memory: 511.41 MB / 36.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 22.16.0 - ~/.local/share/mise/installs/node/22.16.0/bin/node
Yarn: 1.22.22 - ~/.local/share/mise/installs/node/22.16.0/bin/yarn
npm: 11.4.2 - ~/.local/share/mise/installs/node/22.16.0/bin/npm
pnpm: 10.11.1 - ~/.local/share/mise/installs/node/22.16.0/bin/pnpm
Browsers:
Chrome: 137.0.7151.104
Edge: 137.0.3296.83
Safari: 18.5Used Package Manager
npm
Validations
- Follow our Code of Conduct
- Read the Contributing Guide.
- Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
- Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
- The provided reproduction is a minimal reproducible of the bug.
Contributions
- I am willing to submit a PR to fix this issue
- I am willing to submit a PR with failing tests (actually just go ahead and do it, thanks!)