You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a developer of the Solid Design System, I would like to have all dependencies regularly updated and checked for vulnerabilities, so that I am sure our project dependencies are secure and well maintained.
Suggested Solution
As dependabot seems to have issues with pnpm (even thought it is supposed to work), I suggest to quickly have a look into possible fixes and, if it cant be fixed right away, switch to renovate as this works fine in the CMS's monorepo with pnpm.
If this is not going to be fixed soon, we at least should remove Dependabot and all related PRs as this doesn't show our repo in a good shape, bloats our PR overview and our mail inbox. @Vahid1919@karlbaumhauer
@Vahid1919 if you have time and there is nothing left in the milestone to focus on, you could start here... If you need access to the mentioned implementation on azure devops, let me know.
User Story
As a developer of the Solid Design System, I would like to have all dependencies regularly updated and checked for vulnerabilities, so that I am sure our project dependencies are secure and well maintained.
Suggested Solution
As dependabot seems to have issues with
pnpm
(even thought it is supposed to work), I suggest to quickly have a look into possible fixes and, if it cant be fixed right away, switch to renovate as this works fine in the CMS's monorepo withpnpm
.Environment (GitHub Actions or Azure DevOps)
GitHub
Technical Information
pnpm
package manager dependabot/dependabot-core#1736DoR
DoD
feature
branchThe text was updated successfully, but these errors were encountered: