Ignore ESM-only and VS Code engine-coupled major bumps in Dependabot#1961
Merged
Conversation
*Why* Several Dependabot major-version PRs are blocked on prerequisite work, not ready to merge, and will otherwise be re-raised repeatedly under new version numbers. Adding scoped `ignore` rules parks them until the prerequisite work is done, keeping the PR queue clean without losing the "why". *What* In `.github/dependabot.yml`, ignore the following (scoped to the packages that declare them): - ESM-only majors, blocked until the build/test tooling migrates off ts-node (CommonJS) to an ESM runner (tsx): `yargs >=18`, `chai >=5`, `@types/chai >=5` (see PRs #1934, #1932). - `@types/vscode >=1.87`: it must track `engines.vscode` (^1.86.0); the two should be bumped together only when the minimum supported VS Code version is deliberately raised (see PR #1933). Each rule has an inline comment pointing to the tracking PR and the unblock condition, so the ignore can be removed intentionally later. *Verification* - `.github/dependabot.yml` parses as valid YAML; ignore rules confirmed applied to `/packages/databricks-vscode` (yargs, chai, @types/chai, @types/vscode) and `/packages/databricks-vscode-types` (@types/vscode). Backward compatibility: CI/dependency-automation config only; no runtime, API, or build-output change. Co-authored-by: Isaac
Contributor
|
If integration tests don't run automatically, an authorized user can run them manually by following the instructions below: Trigger: Inputs:
Checks will be approved automatically on success. |
Contributor
Author
|
🤖 Integration tests ❌ 6 of 35 test jobs failed for |
misha-db
approved these changes
Jul 3, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Several Dependabot major-version PRs are blocked on prerequisite work and aren't ready to merge. Left as open PRs (or closed), Dependabot keeps re-raising them under new version numbers. Scoped
ignorerules park them until the prerequisite work is done — keeping the PR queue clean without losing the rationale.This directly answers "if I close these, will the bot reopen them?" — yes, under new versions, unless we add these ignore rules.
What
In
.github/dependabot.yml, addignorerules (scoped to the packages that declare each dep):ESM-only majors — blocked until the build/test tooling migrates off
ts-node(CommonJS) to an ESM runner (tsx):yargs >=18(see Bump yargs from 17.7.3 to 18.0.0 in /packages/databricks-vscode #1934)chai >=5,@types/chai >=5(see Bump @types/chai from 4.3.20 to 5.2.3 in /packages/databricks-vscode #1932)VS Code engine-coupled —
@types/vscodemust trackengines.vscode(^1.86.0); bump both together only when the minimum supported VS Code is deliberately raised (see #1933):@types/vscode >=1.87(in both/packages/databricks-vscodeand/packages/databricks-vscode-types)Each rule carries an inline comment pointing to its tracking PR and unblock condition, so the ignore can be removed intentionally later.
Verification
.github/dependabot.ymlparses as valid YAML; ignore rules confirmed on both affected directory entries.Backward compatibility: dependency-automation config only; no runtime, API, or build-output change.
Once this merges, PRs #1932 / #1933 / #1934 can be closed without Dependabot re-raising those major lines. (#1931 typescript and #1935 eslint are not ignored — those aren't version-availability issues, they're migrations we may still want prompts for.)
This pull request and its description were written by Isaac.