I'm using dependabot to update npm packages in a project.
Dependabot seems to be working okay. However I've noticed that regenerating my package-lock.json file every few weeks produces many package updates. By "regenerate", I mean deleting package-lock.json and recreating it via npm install.
A few questions:
Is dependabot not updating my
package-lock.jsoncorrectly or are these regeneration updates expected?If not expected, do I have dependabot misconfigured? Here is my config which seems standard:
- package-ecosystem: npm
directory: /
schedule:
interval: weekly
Perhaps setting versioning-strategy=increase would help (see docs). Looks like it defaults to auto which may mean packages aren't always updated.
Or maybe this is a dependabot bug that I should file an issue for?
