action-dependabot-auto-merge
action-dependabot-auto-merge copied to clipboard
devDependencies are recognized as production
Our devDependencies are NOT recognized as dependency type: development
.
Extract from package.json
:
"devDependencies": {
"@testing-library/react-hooks": "^5.1.3",
"serve": "^11.3.2"
}
And output from the GithubAction:
loaded merge config:
- match:
dependency_type: development
update_type: all
- match:
dependency_type: production
update_type: security:minor
- match:
dependency_type: production
update_type: semver:minor
title: "Bump @testing-library/react-hooks from 5.1.3 to 7.0.2 in /frontend"
depName: @testing-library/react-hooks
from: 5.1.3
to: 7.0.2
dependency type: production
security critical: false
config: production:security:minor
config: production:semver:minor
manual merging required
and
loaded merge config:
- match:
dependency_type: development
update_type: all
- match:
dependency_type: production
update_type: security:minor
- match:
dependency_type: production
update_type: semver:minor
title: "Bump serve from 11.3.2 to 12.0.1 in /frontend"
depName: serve
from: 11.3.2
to: 12.0.1
dependency type: production
security critical: false
config: production:security:minor
config: production:semver:minor
manual merging required
Any suggestions?
I found the problem. It's because the package.json
is not directly in the root directory. It is in a subdirectory. Will create a PR.
The same seems to be true for php / composer. Although phpunit is declared (as it should be) under require-dev
, it is identified as a production type.
I ran into this as well. Is there a way to specify a working dir?
Same is happening for ruby dependencies