You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've got a private GitHub repo with a pnpm workspace, i.e. there's a root project with package.json and pnpm-lock.yml plus a nested project (part of the workspace) with it's own package.json and pnpm-lock.yml. I want dependabot to update depdendencies for both root and nested project.
Expected behavior
PR for /deploy (nested) project must affect /deploy/package.json and /deploy/pnpm-lock.yml only.
Actual behavior
PR for /deploy (nested) project affects /deploy/package.json (correct one) and pnpm-lock.yml of the root project (incorrect one).
Native package manager behavior
pnpm install <dependency-name> in /deploy (nested) project affects /deploy/package.json and /deploy/pnpm-lock.yml only - i.e., what I expect from dependabot to do.
Images of the diff or a link to the PR, issue, or logs
Is there an existing issue for this?
Package ecosystem
pnpm
Package manager version
9.5.0
Language version
Node.js 20
Manifest location and content before the Dependabot update
/package.json
/pnpm-lock.yml
/deploy/package.json
/deploy/pnpm-lock.yml
dependabot.yml content
version: 2
updates:
directory: '/'
schedule:
interval: monthly
open-pull-requests-limit: 10
Description
I've got a private GitHub repo with a pnpm workspace, i.e. there's a root project with
package.json
andpnpm-lock.yml
plus a nested project (part of the workspace) with it's ownpackage.json
andpnpm-lock.yml
. I want dependabot to update depdendencies for both root and nested project.Expected behavior
PR for
/deploy
(nested) project must affect/deploy/package.json
and/deploy/pnpm-lock.yml
only.Actual behavior
PR for
/deploy
(nested) project affects/deploy/package.json
(correct one) andpnpm-lock.yml
of the root project (incorrect one).Native package manager behavior
pnpm install <dependency-name>
in/deploy
(nested) project affects/deploy/package.json
and/deploy/pnpm-lock.yml
only - i.e., what I expect from dependabot to do.Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
Create a pnpm workspace, i.e.:
The text was updated successfully, but these errors were encountered: