You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There seems to be a discrepancy between the npm version Dependabot appears to be using and what is indicated by its logs. Based on this, the NPM version should be 9.6.5, but Dependabot's logs indicate the usage of version 10.2.4.
Specifically, our project setup enforces strict engine versions with the following configurations, resulting in errors when attempting to use Dependabot:
dependency_file_not_resolvable {:message=>"Dependabot uses Node.js v20.11.1\n and NPM 10.2.4\n. Due to the engine-strict setting, the update will not succeed."}
This scenario forces a dilemma where we must allow older NPM versions than we would want, or disable strict engine versions altogether.
Dependabot's Node-version was bumped to v20 recently here.
Reproduction Steps
Set up a Node.js project with engine-strict=true in .npmrc and "engines": {"node": ">=20 <21", "npm": ">=10.2 <11"} in package.json.
Initiate a Dependabot update check.
Workaround
Disable engine-strict in .npmrc or adjust package.json to accept "npm": ">=9.6.5" to resolve the issue.
The text was updated successfully, but these errors were encountered:
The error you're seeing is definitely confusing and the version of NPM cannot stay behind node for long as it will cause this confusion. I am trying to address it with #9213
and it gives me this message: dependency_file_not_resolvable {:message=>"Dependabot uses Node.js v20.12.2\n and NPM 10.5.0\n. Due to the engine-strict setting, the update will not succeed."}.
There seems to be a discrepancy between the npm version Dependabot appears to be using and what is indicated by its logs. Based on this, the NPM version should be 9.6.5, but Dependabot's logs indicate the usage of version 10.2.4.
Specifically, our project setup enforces strict engine versions with the following configurations, resulting in errors when attempting to use Dependabot:
.npmrc
withengine-strict=true
package.json
specifying"engines": {"node": ">=20 <21", "npm": ">=10.2 <11"}
Dependabot fails with an error due to version mismatches:
This scenario forces a dilemma where we must allow older NPM versions than we would want, or disable strict engine versions altogether.
Dependabot's Node-version was bumped to v20 recently here.
Reproduction Steps
engine-strict=true
in.npmrc
and"engines": {"node": ">=20 <21", "npm": ">=10.2 <11"}
inpackage.json
.Workaround
Disable
engine-strict
in.npmrc
or adjustpackage.json
to accept"npm": ">=9.6.5"
to resolve the issue.The text was updated successfully, but these errors were encountered: