Currently, there is an issue in PRs opened by dependabot
- when a dependency is updated in
package.json, the change is not reflected in the package-lock.json - merging such PRs may be dangerous as the CI is not actually running with the updated version of the dependency
- PRs updating only dependencies listed in the
package-lock.json file look correct
clone of #patternfly/react-component-groups#557
Currently, there is an issue in PRs opened by dependabot
package.json, the change is not reflected in thepackage-lock.json- merging such PRs may be dangerous as the CI is not actually running with the updated version of the dependencypackage-lock.jsonfile look correctclone of #patternfly/react-component-groups#557