Dependabot not working with repo that does not persist package-lock.json file

[sfkaos]

Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

npm

Package manager version

10.4.0

Language version

18.17.0

Manifest location and content before the Dependabot update

/package.json

dependabot.yml content

version: 2
updates:

• package-ecosystem: "npm"
  directory: "/"
  schedule:
  interval: "weekly"
  target-branch: "develop"
  labels:
  • "security vulnerability"

Updated dependency

No response

What you expected to see, versus what you actually saw

We have decided not to persist the package-lock.json as part of our repo (only package.json). I was hoping Dependabot would only suggest package.json changes to support any security vulnerability fixes but continue to get the following error:

Dependabot can't parse your package-lock.json
Dependabot failed to update your dependencies because there was an error parsing the package-lock.json found at /package-lock.json.

Dependabot encountered the following error:

/package-lock.json not parseable

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response