devDependencies are recognized as production

[patricksturm]

Our devDependencies are NOT recognized as dependency type: development.

Extract from package.json:

  "devDependencies": {
    "@testing-library/react-hooks": "^5.1.3",
    "serve": "^11.3.2"
  }

And output from the GithubAction:

loaded merge config: 
- match:
    dependency_type: development
    update_type: all

- match:
    dependency_type: production
    update_type: security:minor

- match:
    dependency_type: production
    update_type: semver:minor
title: "Bump @testing-library/react-hooks from 5.1.3 to 7.0.2 in /frontend"
depName: @testing-library/react-hooks
from: 5.1.3
to: 7.0.2
dependency type: production
security critical: false
config: production:security:minor
config: production:semver:minor
manual merging required

and

loaded merge config: 
- match:
    dependency_type: development
    update_type: all

- match:
    dependency_type: production
    update_type: security:minor

- match:
    dependency_type: production
    update_type: semver:minor
title: "Bump serve from 11.3.2 to 12.0.1 in /frontend"
depName: serve
from: 11.3.2
to: 12.0.1
dependency type: production
security critical: false
config: production:security:minor
config: production:semver:minor
manual merging required

Any suggestions?

[patricksturm]

I found the problem. It's because the package.json is not directly in the root directory. It is in a subdirectory. Will create a PR.

[Dgame]

The same seems to be true for php / composer. Although phpunit is declared (as it should be) under require-dev, it is identified as a production type.

[stebl]

I ran into this as well. Is there a way to specify a working dir?

[julianajuliano]

Same is happening for ruby dependencies