-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Dependabot #1423
Remove Dependabot #1423
Conversation
@nathanhammond is attempting to deploy a commit to the Vercel Team on Vercel. A member of the Team first needs to authorize it. |
ea437eb
to
89eb1ae
Compare
This is being tested over in: https://github.com/nathanhammond/pnpm-dependabot |
Not only is Dependabot non-ergonomic it is failing to identify lots of updates because it isn't detecting the pnpm lock file. The only way to make this play nicely is to actually get pnpm support into Dependabot, which, well, that's not a priority for us (or them). You can see that failure happening here: https://github.com/nathanhammond/pnpm-dependabot/network/updates/396289119 Dependabot sees this as a feature, not a bug (which is fine, it'd work if Dependabot supported pnpm): Tagging in the |
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed, pnpm
being unsupported by dependabot makes dependabot not the best choice. TBD on replacement.
Renovate works alright with Pnpm (used it on Gitlab) |
Dependabot doesn't meet our needs, and should be removed from the project. vercel/turbo#1423 (comment)
Dependabot doesn't meet our needs, and should be removed from the project.
#1423 (comment)