Dependabot sometimes hoists optional dependencies to dependencies #3648
Labels
dependencies
Pull requests that update a dependency file
github_actions
Pull requests that update GitHub Actions code
small story
tooling
What
For some packages/groups (especially
@types/node
), dependabot will hoist adevDependency
oroptionalDependency
to adependency
.This is likely due to a problem with overrides at the
npm
level, so not something that'll go away any time soon.npm/cli#7018
npm/cli#7019
Why
The fix is simple: we just need to run
npm install
which removes the hoisted dependency, then commit that change. But it is an annoyance to have to do that manually each time!Enough of an annoyance that we have a test to check when it happens:
govuk-design-system/package-lock.json.unit.test.mjs
Line 17 in 1399e23
It'd be good to automate this process, ie: have GitHub Actions run
npm install
if that particular test fails, and commit the changes, so we don't have to manually fix it.Who needs to work on this
Developer
Who needs to review this
Developer
Done when
devDependencies
andoptionalDependencies
are no longer hoisted todependencies
by DependabotThe text was updated successfully, but these errors were encountered: