Is there an existing issue for this?
Package ecosystem
yarn
Package manager version
yarn 4.15.0
Language version
Should be irrelevant, but I noticed it with a Node 24 project.
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
I expected Dependabot to make a security update PR to fix the advisory but instead it was showing an error that the fixed version was too recent for Yarn to allow it.
Native package manager behavior
yarn up @sveltejs/kit failed for the same quarantine reason.
yarn up --no-time-gate @sveltejs/kit works.
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
Is there an existing issue for this?
Package ecosystem
yarn
Package manager version
yarn 4.15.0
Language version
Should be irrelevant, but I noticed it with a Node 24 project.
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
I expected Dependabot to make a security update PR to fix the advisory but instead it was showing an error that the fixed version was too recent for Yarn to allow it.
Native package manager behavior
yarn up @sveltejs/kitfailed for the same quarantine reason.yarn up --no-time-gate @sveltejs/kitworks.Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response