Dependabot not bumping dependencies in npm workspaces / monorepo structure #5226
Description
Package ecosystem
npm
Package manager version
npm 8.5.5
Language version
node v16.15.0
Manifest location and content before the Dependabot update
Monorepo structure:
- root -> https://github.com/dreamorosi/test-dependabot-issue/blob/main/package.json
dependabot.yml content
version: 2
updates:
# Maintain dependencies for npm
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: "friday"
time: "05:00"
timezone: "Europe/Amsterdam"
open-pull-requests-limit: 20
https://github.com/dreamorosi/test-dependabot-issue/blob/main/.github/dependabot.yml#L25-L32
Updated dependency
https://github.com/dreamorosi/test-dependabot-issue/pull/1
https://github.com/dreamorosi/test-dependabot-issue/pull/2
https://github.com/dreamorosi/test-dependabot-issue/pull/3
https://github.com/dreamorosi/test-dependabot-issue/pull/4
https://github.com/dreamorosi/test-dependabot-issue/pull/5
https://github.com/dreamorosi/test-dependabot-issue/pull/6
What you expected to see, versus what you actually saw
Dependencies being bumped as they should instead of dependabot not updating anything.
Native package manager behavior
N/A
But these dependencies were added by npm i [package-name] -w packages/a using npm workspaces commands.
Images of the diff or a link to the PR, issue, or logs
See links above
🕹 Bonus points: Smallest manifest that reproduces the issue
This is a minimal reproduction repo that shows the issue. There's no actual code only the .github/depdendabot.yml, folder structure, and respective package.json * package-lock.json files:
https://github.com/dreamorosi/test-dependabot-issue