When configuring Dependabot to use pnpm as package ecosystem, the documentation states that it is currently supported. Though, I get an error in my editor because it does not exist in the schema. What is going on?
Also, Dependabot doesn't seem to understand my configuration file as it wants to create a new one. I assume it might be because of this?
Here is my .github/dependabot.yml file:
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "pnpm"
directory: "/"
schedule:
interval: "weekly"
pnpm should be a valid value in the schema as the documentation says.
pnpm is supported, but note (emphasis mine):
The following table shows, for each package manager:
- The YAML value to use in the
dependabot.ymlfile- ...
Package manager YAML value Supported versions Private repositories Private registries Vendoring pnpm npmv7, v8 ✅ ✅ ❌
So you want:
- package-ecosystem: "npm"
"Package ecosystem" is broader than the specific package manager you're using, so npm, pnpm and Yarn are all considered part of the "npm" ecosystem. Within that the appropriate actions are taken by looking for e.g. pnpm-lock.yaml to determine which specific files are relevant.