Remove source-list-map from package-lock.json

[tnir]

Follows up #660

Signed-off-by: Takuya Noguchi [email protected]

[deivid-rodriguez]

Not sure what happened there 🤷.

[tnir]

Might be a bug from GitHub Dependabot?

[deivid-rodriguez]

Maybe, yeah.

[tnir]

Just create a ticket from https://support.github.com/contact/bug-report:

• URL (@tnir): https://support.github.com/ticket/personal/0/1703389

---

Dependabot suggested inconsistent changes (npm)

What issue are you facing?

In #660, Dependabot suggested inconsistent changes (npm). We need to create a workaround manually at #678.

We would have had a PR from Dependabot including our changes (#678).

What are the steps to reproduce this?

1. Fork https://github.com/rubygems/bundler-site/tree/cafe158170df9ea59836ad9ab4cf346520ee1002 as the default branch.
2. Enable Dependatbot alert in the repository settings.
3. Wait for a week or set frequent to "daily" and wait for a day.

Can you provide any logs? i.e. response headers, output

When we got ttps://github.com//pull/660, we got the following PRs at the same time:

• Bump bootstrap-sass from 3.4.1 to 3.4.3 #659
• Bump mini-css-extract-plugin from 1.4.0 to 2.6.1 #660
• Bump lunr from 0.7.0 to 2.3.9 #661
• Bump imports-loader from 2.0.0 to 4.0.0 #662
• Bump webpack from 5.28.0 to 5.73.0 #663

[deivid-rodriguez]

You might want to report it or look for existing similar issues at https://github.com/dependabot/dependabot-core.

[tnir]

I did not know if @dependabot is still active 😀

It is the public issue tracker for issues related to Dependabot's updating logic. For issues about Dependabot the service, please contact GitHub support. While the distinction between Dependabot Core and the service can be fuzzy, a good rule of thumb is if your issue is with the diff that Dependabot created, it belongs here and for most other things the GitHub support team is best equipped to help you.
-- https://github.com/dependabot/dependabot-core/blob/88451b5aa1d967d2fc2a2fa6af34e4fd290ff1ea/README.md