Describe the bug
Dependabot seems to be failing to properly update the package-lock.json. See #401 as the latest example.
Actions workflows that install dependencies fail with the following on dependabot PRs:
npm error `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
npm error
npm error Missing: @octokit/plugin-paginate-rest@9.2.2 from lock file
npm error
npm error Clean install a project
npm error
npm error Usage:
npm error npm ci
npm error
npm error Options:
npm error [--install-strategy <hoisted|nested|shallow|linked>] [--legacy-bundling]
npm error [--global-style] [--omit <dev|optional|peer> [--omit <dev|optional|peer> ...]]
npm error [--include <prod|dev|optional|peer> [--include <prod|dev|optional|peer> ...]]
npm error [--strict-peer-deps] [--foreground-scripts] [--ignore-scripts] [--no-audit]
npm error [--no-bin-links] [--no-fund] [--dry-run]
npm error [-w|--workspace <workspace-name> [-w|--workspace <workspace-name> ...]]
npm error [-ws|--workspaces] [--include-workspace-root] [--install-links]
npm error
npm error aliases: clean-install, ic, install-clean, isntall-clean
npm error
npm error Run "npm help ci" for more info
npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2026-01-15T00_31_39_817Z-debug-0.log
This seems related to #330, which will no longer be needed when #329 lands.
To Reproduce
- Trigger a dependabot update
Expected behavior
Dependabot makes a valid lock file update
Screenshots
No response
Additional context
If you npm install on the change locally, it will update the package-lock.json with the following diff:
diff --git a/package-lock.json b/package-lock.json
index 198ec4e..fa46fb6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -2694,6 +2694,21 @@
"node": ">= 18"
}
},
+ "node_modules/@octokit/app/node_modules/@octokit/plugin-paginate-rest": {
+ "version": "9.2.2",
+ "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.2.tgz",
+ "integrity": "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ==",
+ "license": "MIT",
+ "dependencies": {
+ "@octokit/types": "^12.6.0"
+ },
+ "engines": {
+ "node": ">= 18"
+ },
+ "peerDependencies": {
+ "@octokit/core": "5"
+ }
+ },
which resolves the issue.
Describe the bug
Dependabot seems to be failing to properly update the
package-lock.json. See #401 as the latest example.Actions workflows that install dependencies fail with the following on dependabot PRs:
This seems related to #330, which will no longer be needed when #329 lands.
To Reproduce
Expected behavior
Dependabot makes a valid lock file update
Screenshots
No response
Additional context
If you
npm installon the change locally, it will update thepackage-lock.jsonwith the following diff:which resolves the issue.