Comments (5)
FYI, this made it into Dependabot a few weeks ago - we now de-dup the yarn.lock
for the dependency we're updating, based on some custom logic (inspired by yarn-tools
). π
from dependabot-core.
π . I'm going to close but add a personal TODO to look into creating a yarn-tools
-like PR into Yarn. The core team there are brilliant, but they've got a lot on their plate!
from dependabot-core.
@greysteil happy to help with that PR
from dependabot-core.
Thanks for the feedback @StephanBijzitter.
I'm not sure there's an easy way to fix this on Dependabot's side - we lean heavily on Yarn's internals for lockfile generation, and if Yarn doesn't behave perfectly (as it hasn't above) then there's not a lot we can do.
There's an issue open on the yarn repo, but it hasn't had as much love as I'd like. There's also yarn-tools
that attempts to fix this, but I'm not 100% sure I trust it...
from dependabot-core.
Alright, that issue indeed seems to be exactly what I saw in one of our(/dependabot's) PRs. Hopefully they'll be able to resolve it soon. As for this issue, I'll leave it to you to close it if wanted, I've got my answer :-)
from dependabot-core.
Related Issues (20)
- Dependabot ignores maven exclusions HOT 5
- Dependabot corrupts gitmodules while trying to update nugets
- Private Maven Repo (GitHub Packages): PR contains no GitHub release notes
- pip with increase-if-necessary strategy fails with TypeError
- NuGet Package With wildcard version throws error HOT 1
- Dependabot doesn't update NuGet version in all projects HOT 3
- Switch out `@octokit/webhooks-types` for `@octokit/openapi-webhooks-types` on upgrade of `@octokit/webhooks` to v13+
- Support for nested terraform code and directories
- dependabot create wrong PR for actions HOT 2
- Regression: Grouped update includes no details about upgrades HOT 11
- dependabot creates pr for sub directory for file in root of module
- ArgumentError: blank strings must not be provided as requirements HOT 1
- "Conversation" tab for commenting on alerts
- Migrate from Ubuntu 22.04 to 24.04
- The process '/usr/bin/docker' failed with exit code 1 HOT 1
- dependabot's security updates remove path prefixes from
- Dependabot not working with repo that does not persist package-lock.json file
- Always run "Get-Project βAll | Add-BindingRedirect"
- Unhandled exception: System.ArgumentException: An item with the same key has already been added. HOT 1
- Docker group updates don't ignore unstable versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependabot-core.