Using Debian's unattended-upgrades package

Question

I'm trying to have all official packages from Debian be upgraded on a Wheezy box - I've set the following:

"o=Debian,a=oldstable";
"o=Debian,a=oldstable-updates";
"o=Debian,a=oldstable-backports";

And I also have an internal company repo which should have the same thing happen:

"o=CompanyName";

There's an update to an internal package which I can pull in with apt-get, however unattended upgrades seems to ignore it as it is also going to pull in 2 new packages (which are newly-added dependencies):

Checking: some-task-common (["<Origin component:'wheezy' archive:'production' origin:'CompanyName' label:'' site:'internal.repo.url' isTrusted:True>"])
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
blacklist: []
Packages that are auto removed: ''
InstCount=0 DelCount=0 BrokenCout=0
No packages found that can be upgraded unattended

However, a dry-run with apt-get gives this:

The following NEW packages will be installed:
  disktype python-pil
The following packages will be upgraded:
  some-task-common

Is this the expected behaviour when an entirely new package would be pulled in?

Answer 1

Posting from a comment on the original question:

As far as I could discover, this is the intended behaviour - unattended-upgrades will only upgrade packages - any action which involves installing/removing other packages won't happen. This means if new dependencies are added, or a package's dependencies want to remove another package then the responsible packages won't be upgraded. I can see the thinking behind this - you don't want it to destroy your system if something critical is to be removed.