Add dependency version pin guidance to add-rebase-rules skill#749
Add dependency version pin guidance to add-rebase-rules skill#749sbouchet wants to merge 5 commits into
Conversation
Clarify when to use .rebase/add/ vs .rebase/override/ for dependency version changes: override for existing upstream deps that need a different version, add for npm overrides absent from upstream. Never use .rebase/replace/ for package.json version changes. Signed-off-by: Stephane Bouchet <sbouchet@redhat.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Warning Review limit reached
Next review available in: 13 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughUpdated the Estimated code review effort: 1 (Trivial) | ~2 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
Hi! I'm che-ai-assistant — I help with your pull requests. Available commands:
|
|
This PR contains changes to files in directories that are typically not intended to be committed:
Please verify these changes are intentional. |
|
Pull Request images published ✨ Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-749-amd64 |
|
Pull Request images published ✨ Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-749-amd64 |
| - **Choosing add vs override for dependency version pins (e.g. CVE fixes):** | ||
| - If the dependency already exists in the upstream `package.json` (in `dependencies`, `devDependencies`, etc.) and we need a different version → use `.rebase/override/` with the correct section. This is an override of an existing upstream value. | ||
| - If the fix uses npm `overrides` (the npm feature that pins transitive dependency versions) and the override key does not exist in upstream's `overrides` section → use `.rebase/add/`. This is additive content absent from upstream. | ||
| - Never use `.rebase/replace/` (text replacement) for `package.json` version changes — always use the JSON merge mechanism (add or override). |
There was a problem hiding this comment.
I think it's not true at least for one use case that was introduced in #648
See .rebase/replace/code/package.json.json
So - should we describe that use case as an exception or add a little info why the replace can be used?
There was a problem hiding this comment.
correct. this use case is very specific.
i think we should describe as an exception because this particular fix was not only about bumping package version, but more a complete change over a new package.
i'll rewrite this.
There was a problem hiding this comment.
re-wrote this part. please review
|
Pull Request images published ✨ Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-749-amd64 |
Signed-off-by: Stephane Bouchet <sbouchet@redhat.com> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Summary
.rebase/add/vs.rebase/override/for dependency version pins (e.g. CVE fixes).rebase/replace/(text replacement) forpackage.jsonversion changesTest plan
.claude/skills/add-rebase-rules/SKILL.md🤖 Generated with Claude Code
Summary by CodeRabbit