Update pnpm version support in dependabot options#44029
Update pnpm version support in dependabot options#44029raf2k07 wants to merge 1 commit intogithub:mainfrom
Conversation
According to this discussion dependabot/dependabot-core#11246 and this page https://docs.github.com/en/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories#supported-ecosystems-and-repositories, pnpm v10 is supported for both version and security updates, but the dependabot-options-reference says that v9 and v10 only have version updates.
How to review these changes 👓Thank you for your contribution. To review these changes, choose one of the following options: A Hubber will need to deploy your changes internally to review. Table of review linksNote: Please update the URL for your staging server or codespace. The table shows the files in the
Key: fpt: Free, Pro, Team; ghec: GitHub Enterprise Cloud; ghes: GitHub Enterprise Server 🤖 This comment is automatically generated. |
github-actions
Bot
added
the
triage
There was a problem hiding this comment.
Pull request overview
Updates the Dependabot options reference to reflect current pnpm version support in the package-ecosystem table.
Changes:
- Updates the pnpm row to list
v7, v8, v9, v10as supported versions (removing the “version updates only” qualifier).
|
@raf2k07 It looks like you're probably right, but since this is code security I'm going to double check with the Dependabot team to be sure. |
Sharra-writes
added
content
According to this discussion and this page, pnpm v10 is supported for both version and security updates, but the dependabot-options-reference says that v9 and v10 only have version updates.
Why:
Closes: #44030
What's being changed (if available, include any code snippets, screenshots, or gifs):
A single line change to update the package support table in the dependabot reference docs.
Check off the following: