npm update --depth command no longer working correctly (v6.9.0)

What I Wanted to Do

I wanted to run npm update command to update a dependency (module-B) which is being pulled in by a direct dependency of my app (module-A)

So the dependency graph looks like:
–> Module-A
–> Module-B
My app has a package-lock file.

To update the dependency I ran the following commands:

  1. npm i
  2. npm update --depth 1 module-B

I expected the package-lock.json will get updated with an updated version of module-B
(The version of module-B in package-lock.json is v2.1.0. The new published version is v2.2.0)
Module-A has a dependency specified as: β€œmodule-B”:^2.0.0

What Happened Instead

npm did not update the dependency. The command just returned w/o any output or modification.

Same command works as expected with v6.4.1

Reproduction Steps

I think this should be reproducible for any scenario similar to the one described above.
I have created a small public repo with a lock file. If any of the nested dependencies get a new version, I’ll link the repo here to reproduce the issue.


Platform Info

$ npm --versions
{ npm: '6.9.0',
  ares: '1.10.1-DEV',
  cldr: '32.0',
  http_parser: '2.8.0',
  icu: '60.1',
  modules: '57',
  napi: '3',
  nghttp2: '1.32.0',
  node: '8.11.3',
  openssl: '1.0.2o',
  tz: '2017c',
  unicode: '10.0',
  uv: '1.19.1',
  v8: '6.2.414.54',
  zlib: '1.2.11' }

$ node -p process.platform

Probably related: npm outdated --depth 9999 also fails to report any outdated dependencies past the first level.

This problem seems to have started with v6.6.0. Works as expected in v6.5.0 as well.

I found that I can not update sub-dependencies using npm update --depth 999 nested-package which is suggested by the doc and npm audit. It it related to this issue?