Skip to content

chore(deps): ignore typescript major bumps (workspace consistency)#38

Merged
y1o1 merged 1 commit into
developfrom
chore/dependabot-ignore-typescript-major
May 20, 2026
Merged

chore(deps): ignore typescript major bumps (workspace consistency)#38
y1o1 merged 1 commit into
developfrom
chore/dependabot-ignore-typescript-major

Conversation

@y1o1
Copy link
Copy Markdown
Contributor

@y1o1 y1o1 commented May 20, 2026

Summary

  • TypeScript major bumps require workspace-wide migration across the four auth.* OSS repos
  • A per-repo Dependabot bump would split TS versions and complicate dev-tool onboarding
  • Verified by o3co/auth.policy-verifier#46 failing on TS 6 (Node built-in type resolution tightened) while sibling repos passed
  • TS major upgrades will be deliberate cross-repo PRs, not Dependabot auto-bumps

The four repos receive matching .github/dependabot.yml updates in parallel PRs.

Test plan

  • No code change, only .github/dependabot.yml filter
  • YAML valid
  • Future bumps verified at next weekly Dependabot run

🤖 Generated with Claude Code

@y1o1 @claude
chore(deps): ignore typescript major bumps (workspace consistency)
116a689 
TypeScript major upgrades require coordinated migration across the four
auth.* OSS repos (auth.provider / auth.policy-verifier / auth.proxy /
auth.utils). A per-repo Dependabot bump would split TS versions across
the workspace and complicate dev-tool onboarding.

This is the policy verified by the workspace's response to TS 6.0:
auth.policy-verifier failed to build (Node built-in type resolution
tightened), while the simpler sibling repos passed. Per-repo bumps would
have created divergent TS versions across the workspace.

TS major upgrades are deliberate cross-repo PRs, not Dependabot auto-bumps.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 20, 2026 10:41
Copilot AI reviewed May 20, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Dependabot configuration to prevent automatic major TypeScript upgrades in this repo, keeping TypeScript version alignment across the auth.* OSS workspace and ensuring major TS migrations are handled deliberately via coordinated cross-repo changes.

Changes:

  • Add a Dependabot ignore rule to block typescript semver-major updates for the npm ecosystem.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@y1o1 y1o1 merged commit 0e55cb1 into develop May 20, 2026
5 checks passed
@y1o1 y1o1 deleted the chore/dependabot-ignore-typescript-major branch May 20, 2026 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@y1o1