TechQA.

Dependabot is not completely updating package-lock.json

113 views Asked by At

I'm using dependabot to update npm packages in a project.

Dependabot seems to be working okay. However I've noticed that regenerating my package-lock.json file every few weeks produces many package updates. By "regenerate", I mean deleting package-lock.json and recreating it via npm install.

A few questions:

  • Is dependabot not updating my package-lock.json correctly or are these regeneration updates expected?

  • If not expected, do I have dependabot misconfigured? Here is my config which seems standard:

- package-ecosystem: npm
  directory: /
  schedule:
    interval: weekly

Perhaps setting versioning-strategy=increase would help (see docs). Looks like it defaults to auto which may mean packages aren't always updated.

Or maybe this is a dependabot bug that I should file an issue for?

npm package-lock.json dependabot
Original Q&A
0

There are 0 answers

Related Questions in NPM

Related Questions in PACKAGE-LOCK.JSON

Related Questions in DEPENDABOT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions