-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pnpm: support needed for its new v9 lockfile format #9522
Comments
In case you find it useful: renovatebot/renovate#28470 |
Any eta for this? Thanks |
- Enables automatic dependabot updates - Enables auto-merge of dependabot PRs for patch and minor semver dependency updates - Configured some dependency groups to group common dependencies together, so there's less PR noise - Adds storybook to CI, so we know that storybook still works - Fixes an old import path in storybook
I can choose between my dependeabot workflow becoming manual, or you successfully force me to eat your NPM dogfood. 👎 Please make pnpm a first class citizen. My |
Thanks for the fix! Looks like Dependabot version updates now work with the new lockfile format, but the Dependabot alerts dashboard seems eerily empty. 😰 |
Ever since lockfile v9 support has been added we're no longer getting the error, but it has now been replaced with a different lockfile related error, see https://github.com/keycloak/keycloak/network/updates/824818081 |
Getting a 404 trying to access the link. |
I guess there still needs to be a release sometime, since the PR it created today (08.05.) still downgrades my lockfile to version 6.0 https://github.com/D3strukt0r/weleda-webcenter-text-export/pull/32/files |
See issue #9684 |
Here is the (truncated) log: View log
|
Removed outdated comment, in favor of new. |
That's not what I am seeing, recently our upgrades started working again. Though I did update all the dependencies first and re-generated the lockfile, so perhaps that has something to do with it? Perhaps the lockfile parsing is buggy somehow? |
Dependabot is still downgrading my lockfile to v6 while I have a v9 lockfile in my repository. |
Still not using the right version of pnpm, and as a result the outdated packages are not parsed properly.
The two listed are correctly identified as out of date packages, but it fails to identify the version. |
I recently got exact same issue as @Joozty |
I am seeing the same. |
Same here |
You need to add e.g. |
Is there an existing issue for this?
Package ecosystem
pnpm
Package manager version
pnpm v9
Language version
n/a
Manifest location and content before the Dependabot update
n/a
dependabot.yml content
n/a
Updated dependency
n/a
What you expected to see, versus what you actually saw
Per this comment in the original pnpm support Feature Request thread, it looks like the pnpm package manager just updated to v9, along with an updated lockfile format.
Dependabot is now erroring with:
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: