Skip to content

Keep major dependency upgrades deliberate#7

Merged
ayushhagarwal merged 1 commit into
mainfrom
chore/dependabot-policy
Jun 21, 2026
Merged

Keep major dependency upgrades deliberate#7
ayushhagarwal merged 1 commit into
mainfrom
chore/dependabot-policy

Conversation

@ayushhagarwal

Copy link
Copy Markdown
Owner

What changed?

Configures npm Dependabot updates to ignore semantic major-version bumps while continuing weekly compatible production and development updates and monthly GitHub Actions updates.

Why?

The first automated run grouped multiple breaking migrations into failing PRs: Prisma 7, Zod 4, ESLint 10, and TypeScript 6. Those need focused migration PRs with compatibility testing rather than routine automated merges.

Verification

  • Dependabot configuration is formatted and scoped only to npm version updates
  • Security alerts and compatible dependency updates remain enabled
  • CI passes

Merge strategy

Rebase merge after CI succeeds.

@ayushhagarwal ayushhagarwal left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed the Dependabot policy change. It only suppresses npm semantic major-version PRs; compatible updates, GitHub Actions updates, vulnerability alerts, and security fixes remain active. CI passed and the PR is conflict-free. Ready for rebase merge.

@ayushhagarwal ayushhagarwal merged commit 5b1240f into main Jun 21, 2026
1 check passed
@ayushhagarwal ayushhagarwal deleted the chore/dependabot-policy branch June 21, 2026 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant