You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before we've fetched all packages through Artifactory as a proxy, but in order to get the most out of Dependabot we moved to this setup. Since this way all public packages are listed as public and will therefore get rich info PRs with changelogs etc, unlike those that update private packages.
The PRs we get now looks good, but they move our packages from registry.npmjs.org to artifacts.companyname.com. My guess is that the problem stems from first_registry_with_dependency_details which will start by looking at the private registry and since my company has a proxy setup it will always get a hit from there.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.
In our project we have an
.npmrc
file that looks like this:Before we've fetched all packages through Artifactory as a proxy, but in order to get the most out of Dependabot we moved to this setup. Since this way all public packages are listed as public and will therefore get rich info PRs with changelogs etc, unlike those that update private packages.
The PRs we get now looks good, but they move our packages from
registry.npmjs.org
toartifacts.companyname.com
. My guess is that the problem stems fromfirst_registry_with_dependency_details
which will start by looking at the private registry and since my company has a proxy setup it will always get a hit from there.dependabot-core/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb
Lines 42 to 60 in 11c25c7
dependabot-core/npm_and_yarn/lib/dependabot/npm_and_yarn/update_checker/registry_finder.rb
Lines 108 to 120 in 11c25c7
I would prefer that either:
.npmrc
file and goes by that, orAny thoughts?
Side note: Our setup is based on the dependabot-script
generic-update-script
.Also, I feel this is semi-related to: #1396
The text was updated successfully, but these errors were encountered: