Is there an existing issue for this?

• I have searched the existing issues

Package ecosystem

npm

What you expected to see, versus what you actually saw

I read the reasoning behind this issue: #3253

So it turns out dependabot updated dependencies cannot automatically run in our context due to security reasons. That's fair enough. It causes though that our CI cannot run pnpm install --frozen-lockfile and pull our private packages in because it does not have our token.

What I would need then is a way to vet the change and be able to retrigger CI as myself. Otherwise I don't know how I could get our CI to pass.

The suggestion in that thread to re-run the failed jobs does not work. Re-running triggers CI as my user, but even then the CI does not pass.

What is a reasonable workaround for this problem?