Skip to content

🔒 chore: update package-lock.json#1878

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
github-actions/update-lockfile
Open

🔒 chore: update package-lock.json#1878
github-actions[bot] wants to merge 1 commit into
mainfrom
github-actions/update-lockfile

Conversation

@github-actions

@github-actions github-actions Bot commented Apr 1, 2026

Copy link
Copy Markdown
Contributor

Automated monthly refresh of package-lock.json to update transitive dependencies within their semver ranges.

This ensures the lockfile stays up-to-date with the latest compatible versions of all dependencies.

@douglasduteil

Copy link
Copy Markdown
Contributor
image

Hum... 🆘 @BenoitSerrano

@github-actions github-actions Bot force-pushed the github-actions/update-lockfile branch from a250a6c to 1d11b1a Compare May 1, 2026 05:58
@github-actions github-actions Bot force-pushed the github-actions/update-lockfile branch from 1d11b1a to 08c7a0b Compare June 1, 2026 08:16
@rdubigny

Copy link
Copy Markdown
Contributor

@douglasduteil, I am not sure what to do with this PR. Are we expected to review all the updates manually? If so, I would rather run the npm upgrade locally and create the PR myself.

If not, I suggest removing this GitHub Action and relying on Dependabot updates instead.

@douglasduteil

Copy link
Copy Markdown
Contributor

That our friends transient dependencies update. You can generate it yourself if you prefer.
I agree that not having the Ci tests check is making it a trust me bro PR. I didn't made that extra mile dude to a PAT token requirements if I remember it correctly.
Today, this PR is mostly a reminder that the our dependabot updates partially lie to us and a fresh install of our direct dependencies can result in less modules installed.
I will not fight to safe this ci job

@github-actions github-actions Bot force-pushed the github-actions/update-lockfile branch from 08c7a0b to 9bd2497 Compare July 1, 2026 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants