Update dependabot config to sync lockfile

[hkumar1729]

What kind of change does this PR introduce?

Updates Dependabot config to keep package-lock.json in sync with package.json.

Issue Number:
#3983

Snapshots/Videos:
NA

Reference:
Run npm help ci for info.

If relevant, did you update the documentation?

Summary

Does this PR introduce a breaking change?
No

Summary by CodeRabbit

• Chores
  • Updated automated dependency management settings to ensure lockfiles are updated with each dependency update.
  • Changed the package manager specification from Yarn to npm.

[coderabbitai]

Walkthrough

The package manager specification in package.json was changed from Yarn 1.22.22 to npm 11.1.0. Additionally, the trailing newline was removed from the .github/dependabot.yaml file without any functional changes.

Changes

File(s)	Change Summary
package.json	Changed package manager from Yarn 1.22.22 to npm 11.1.0.
.github/dependabot.yaml	Removed trailing newline without modifying configuration.

Suggested labels

ignore-sensitive-files-pr

Suggested reviewers

• palisadoes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Our Pull Request Approval Process

Thanks for contributing!

Testing Your Code

Remember, your PRs won't be reviewed until these criteria are met:

1. We don't merge PRs with poor code quality.
   1. Follow coding best practices such that CodeRabbit.ai approves your PR.
2. We don't merge PRs with failed tests.
   1. When tests fail, click on the Details link to learn more.
   2. Write sufficient tests for your changes (CodeCov Patch Test). Your testing level must be better than the target threshold of the repository
   3. Tests may fail if you edit sensitive files. Ask to add the ignore-sensitive-files-pr label if the edits are necessary.
3. We cannot merge PRs with conflicting files. These must be fixed.

Our policies make our code better.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.45%. Comparing base (4341f6f) to head (01f9489).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3984      +/-   ##
===========================================
- Coverage    86.46%   86.45%   -0.02%     
===========================================
  Files          357      357              
  Lines         9083     9083              
  Branches      1916     1916              
===========================================
- Hits          7854     7853       -1     
  Misses         852      852              
- Partials       377      378       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[varshith257]

I think update-lockfile field does not exist in the Dependabot configuration reference. Look at this
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference?utm_source=perplexity#versioning-strategy--

Here is related discussion and solution, refer here - dependabot/dependabot-core#6346 (comment)

[hkumar1729]

@varshith257 Yes, you’re right that was a mistake on my part, update-lockfile isn’t a supported field in Dependabot. I’ve reviewed the documentation and the discussion, and I’m making the appropriate changes now.

[varshith257]

@hkumar1729 The fix in the issue us discussed around packageManager in package.json. Maybe you need to get there to fix this issue

[varshith257]

@hkumar1729 Currently we have packageManager as yarn in package.json check if yarn.lock is syncing with it(I think it is in sync with package.json.

Maybe you can update to use two package managers. Check if it is supported?

[hkumar1729]

I think if yarn.lock and package.json are in sync, npm ci will still raise an error cuz it requires package.json and package-lock.json to be in sync.

[hkumar1729]

@varshith257 If this is required, I’d like to look into it further and get back to you if I find anything.

Maybe you can update to use two package managers. Check if it is supported?

[hkumar1729]

@varshith257 Yes sir, packageManager is responsible for this. I updated it to the current version of npm now the pr raised by dependabot also includes package-lock.json. Check this pr

[varshith257]

@hkumar1729 Looks good! Apply same changes here and will merge PR

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b7d7199 and 1fd4641.

📒 Files selected for processing (2)

• .github/dependabot.yaml (1 hunks)
• package.json (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/dependabot.yaml

[error] 18-18: no new line character at the end of file

(new-line-at-end-of-file)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Performs linting, formatting, type-checking, checking for different source and target branch
• GitHub Check: Analyse Code With CodeQL (javascript)

🔇 Additional comments (1)

package.json (1)

200-200: Confirm lockfile synchronization by running npm ci
The packageManager field is now [email protected], which Dependabot uses to update package-lock.json. Please run npm ci locally to verify that the lockfile is present and in sync with package.json.

[marcomura]

@varshith257 It looks like dependabot is still trying to update package.json without updating the package-lock.json file:
atlassian/atlascode#908