Dependabot sometimes only edits package-lock.json, not package.json #9071
Labels
T: bug 🐞
Something isn't working
Comments
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Package ecosystem
npm
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
https://github.com/KudoAI/chatgpt.js/blob/main/package.json
https://github.com/adamlui/js-utils/blob/main/scss-to-css/package.json
dependabot.yml content
https://github.com/KudoAI/chatgpt.js/blob/main/.github/dependabot.yml
https://github.com/adamlui/js-utils/blob/main/.github/dependabot.yml
Updated dependency
@adamlui/scss-to-css from 1.0.1 to 1.1.1
sass from 1.70.0 to 1.71.0
What you expected to see, versus what you actually saw
Expected: bumps to new dependency versions in both package.json and package-lock.json
Seen: bump to new dependency version in package-lock.json only
Native package manager behavior
When running
npm update --saveit updates both manifestsImages of the diff or a link to the PR, issue, or logs
KudoAI/chatgpt.js#180
adamlui/js-utils#4
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: