Back to changelog

Release

February 4, 20251 Minute Read

Dependabot now supports pnpm workspace catalogs (GA)

Starting today, Dependabot offers full support for pnpm workspace catalogs.

pnpm workspace catalogs are widely used in monorepos, and improper dependency handling can lead to:

Broken dependency trees due to unintended modifications.
Install failures in CI environments due to lockfile mismatches.
`NoChangeErrors` when workspaces conflict with each other.

Starting today, Dependabot fully supports pnpm workspace catalogs. This means that Dependabot now:

Ensures safe, scoped updates for each workspace.
Prevents lockfile inconsistencies that break dependency resolution.
Improves the reliability of updates in `pnpm` monorepos.

Learn more about Dependabot
Learn more about pnpm catalogs
Join the community discussion to share feedback and tips

Related Posts

JUN.17Improvement
Secret scanning updates – June 2026
- Application Security
JUN.16Release
GitHub Code Quality generally available July 20, 2026
- Application Security
JUN.16Release
Organization-level enablement for GitHub Code Quality
- Application Security
JUN.10Improvement
Incremental analysis for Go, C/C++, and CodeQL CLI
- Application Security
JUN.10Improvement
Dedicated security review command now available in Copilot CLI
- Application Security
JUN.9Release
Periodic code scanning of inactive repositories
- Application Security
JUN.9Improvement
Security validation for third-party coding agents
- Application Security
JUN.5Improvement
CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage
- Application Security
JUN.2Release
Cloud and local sandboxes for GitHub Copilot now in public preview
- Application Security

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

Dependabot now supports pnpm workspace catalogs (GA) - GitHub Changelog