Yurickh
commented
1 month ago FWIW we also see the same behaviour with pnpm@9.12.1
Open jamescrowley opened 1 month ago
Yurickh
commented
1 month ago FWIW we also see the same behaviour with pnpm@9.12.1
Is there an existing issue for this?
Package ecosystem
npm/pnpm
Package manager version
8.15.9
Language version
No response
Manifest location and content before the Dependabot update
package.json pnpm-lock.yaml pnpm-workspace.yaml front/package.json
dependabot.yml content
https://github.com/boxwise/boxtribute/blob/master/.github/dependabot.yml
Updated dependency
No response
What you expected to see, versus what you actually saw
When explicitly listing
directories, such asdirectories:
Dependabot generates updates for packages in the root package.json and in /front. However, it does not update the pnpm-lock.yaml in PRs for packages in the subfolder (for instance: https://github.com/boxwise/boxtribute/pull/1599)
When only listing the 'root' directory (suggested by https://github.com/dependabot/dependabot-core/issues/4993), dependabot ignores the package.json within /front entirely.
Possibly related to https://github.com/dependabot/dependabot-core/issues/6346 (npm, not pnpm)
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
https://github.com/boxwise/boxtribute/pull/1599
Smallest manifest that reproduces the issue
No response