I have a monorepo which I manage with turborepo. I use Dependabot on GitHub to manage dependencies.
As far as I can tell, the Dependabot pull requests always have merge conflicts for the lock file (in my case pnpm-lock.yaml).
Why does that happen? I expected it to base the change on the main branch. Presumably, if the main branch is updated, the PR should also be updated.
How can I address it so lock file merge conflicts do not occur?
Edit:
From the Dependabot docs:
When rebase-strategy is set to auto, Dependabot attempts to rebase pull requests in the following cases:
- When a Dependabot pull request is in conflict after a recent push to the target branch.
I have not set the rebase-strategy in dependabot.yml, as it is supposed to default to auto.
Edit 2:
I am using Dependabot alongside the changeset Github action that creates a new commit and PR with app version numbers updated, which I manually merge back onto main. Not sure if that is causing the issue.