I have a project, git-format-staged, that I build with Nix.
It includes NPM dependencies, and it is convenient to have Dependabot keep
those up-to-date for me.
Dependabot creates pull requests that update package-lock.json when it sees
updates with security fixes and such.
But my Nix configuration includes a hash of the project NPM dependencies -
that hash must be updated when package-lock.json changes.
Unfortunately Dependabot does not know how to do that.
So I came up with a workflow to help that bot out.
…
I’d love to read about it!