Action to update pnpm-lock.yaml when Dependabot opens a PR. Be warned that this...
source link: https://gist.github.com/Purpzie/8ed86ae38c73f440881bbee0523a324b
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Does this work or is this pending the feature request from dependabot/dependabot-core#1736 ?
donferi commented 26 days ago
Thanks for this, the main issue I see is that dependabot also open PRs for transitive dependencies. This action can't do much about those right? It will only work for the ones that change package.json
@donferi Yes, currently that's a limitation of dependabot not having proper pnpm support yet.
I wonder... You could maybe force it to work by having a regular package-lock.json
in your repository. Since dependabot would keep that up to date, this action would trigger for transitive dependencies, and you never need to stop using pnpm
locally (except to generate package-lock.json
the first time). Just make sure anyone working on the repo knows to use pnpm
instead of npm
.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK