Is there an existing issue for this?
Package ecosystem
yarn
Package manager version
3.2.1
Language version
Node.js 16.x
Manifest location and content before the Dependabot update
No response
dependabot.yml content
version: 2
updates:
- package-ecosystem: "npm"
directory: "/packages/databricks-sdk-js"
schedule:
interval: "daily"
ignore:
- dependency-name: "@databricks/*"
- package-ecosystem: "npm"
directory: "/packages/databricks-vscode"
schedule:
interval: "daily"
ignore:
- dependency-name: "@databricks/*"
- package-ecosystem: "npm"
directory: "/packages/databricks-vscode-types"
ignore:
- dependency-name: "@databricks/*"
schedule:
interval: "daily"Updated dependency
No response
What you expected to see, versus what you actually saw
I'm using the yarn workspace feature to manage a mono repo with several node.js packages. The different packages define dependencies to each other in the form of workspace: links:
"@databricks/databricks-sdk": "workspace:^",
Dependabot failes to resolve these dependencies and instead tries to look them up on npm, which results in the following error:
Dependabot can't authenticate to a private package registry
The following private package registry was used and caused the update to fail: registry.npmjs.org.
From the logs:
proxy | 2022/11/08 17:06:26 [036] GET https://registry.npmjs.org:443/@databricks%2Fdatabricks-sdk
proxy | 2022/11/08 17:06:26 [036] 404 https://registry.npmjs.org:443/@databricks%2Fdatabricks-sdk
proxy | 2022/11/08 17:06:26 [038] GET https://www.npmjs.com:443/package/@databricks/databricks-sdk
proxy | 2022/11/08 17:06:27 [038] 302 https://www.npmjs.com:443/package/@databricks/databricks-sdk
proxy | 2022/11/08 17:06:27 [040] GET https://www.npmjs.com:443/login?next=%2Fpackage%2F%40databricks%2Fdatabricks-sdk
proxy | 2022/11/08 17:06:27 [040] 429 https://www.npmjs.com:443/login?next=%2Fpackage%2F%40databricks%2Fdatabricks-sdk
updater | INFO <job_504761053> Handled error whilst updating @databricks/databricks-sdk: private_source_authentication_failure {:source=>"registry.npmjs.org"}
This is not a surprise since the package doesn't exist on NPM.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
Is there an existing issue for this?
Package ecosystem
yarn
Package manager version
3.2.1
Language version
Node.js 16.x
Manifest location and content before the Dependabot update
No response
dependabot.yml content
Updated dependency
No response
What you expected to see, versus what you actually saw
I'm using the yarn workspace feature to manage a mono repo with several node.js packages. The different packages define dependencies to each other in the form of
workspace:links:"@databricks/databricks-sdk": "workspace:^",Dependabot failes to resolve these dependencies and instead tries to look them up on npm, which results in the following error:
From the logs:
This is not a surprise since the package doesn't exist on NPM.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response