Merge pull request #9427 from dependabot/note-assumptions-in-two-places

Add a note about assumptions being made
dependabot · Apr 5, 2024 · 1369564 · 1369564
2 parents 005dd73 + 38ce107
commit 1369564
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/updater/lib/dependabot/dependency_group_engine.rb b/updater/lib/dependabot/dependency_group_engine.rb
@@ -33,6 +33,11 @@ def self.from_job_config(job:) # rubocop:disable Metrics/PerceivedComplexity
         # - We're using the DependencyGroupEngine which means this is a grouped update
         # - This is a security update and there are multiple dependencies passed in
         # Since there are no groups, the default behavior is to group all dependencies, so create a fake group.
+        #
+        # The service doesn't have record of this group, but makes similar assumptions.
+        # If we change this, we need to update the service to match.
+        #
+        # See: https://github.com/dependabot/dependabot-core/issues/9426
         job.dependency_groups << {
           "name" => job.package_manager,
           "rules" => { "patterns" => ["*"] },