chore(ci): extend dependabot ignore list — block eslint/typescript/recharts/eslint-config-next majors#195
Merged
Merged
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
dackclup
force-pushed
the
claude/dependabot-extend-ignore
branch
from
c51af38 to
e46ca05
Compare
…charts/eslint-config-next majors Durable YAML backstop after Dependabot's first wave (2026-05-22) filed 4 major-bump PRs from the config that landed in PR #185: - PR #190 `eslint 8.57.0 → 10.4.0` — frontend build FAILED (eslint 9+ flat config breaks `eslint-config-next 14.2.x` legacy `.eslintrc`) - PR #191 `typescript 5.4.5 → 6.0.3` — frontend build FAILED (TS6 strict-mode + new lib.dom typings surface previously-silent `any`-flow issues) - PR #192 `@types/node 20.12.7 → 25.9.1` — GREEN (type-only metadata; pending user authorize merge) - PR #193 `recharts 2.12.7 → 3.8.1` — frontend build FAILED (recharts 3 restructured chart-component API; needs touching all 4 chart surfaces in one scoped migration) PR #190 / #191 / #193 closed via `@dependabot ignore this major version` comment commands. This PR adds the same 3 deps PLUS `eslint-config-next` to `.github/dependabot.yml`'s `ignore:` block as a durable YAML-level backstop — survives Dependabot server resets and per-PR comment-ignore-history garbage collection. Total npm ignore entries grow 5 → 9 (existing React-stack: `next`, `react`, `react-dom`, `@types/react`, `@types/react-dom`; new: `eslint`, `eslint-config-next`, `typescript`, `recharts`). Minor + patch + security updates on ALL these packages STILL file automatically — the ignore only blocks `version-update:semver-major` transitions. Issue #41 still owns the scoped breaking-change migration for the React-stack majors. `recharts 3` would be a separate chart-library- migration work item if/when it becomes priority (no security advisories on 2.12.7, so cosmetic-only). No compute / schema / scoring / valuation / Python / TypeScript / frontend code change — `.github/` + docs lockstep only. Also fixes a stale "in flight" → "merged" reference for PR #185 + adds PR #194 cross-link in CLAUDE.md §Phase status. Verification: ruff clean; YAML parses to v2 with 3 ecosystems and 9 npm ignore entries.
dackclup
force-pushed
the
claude/dependabot-extend-ignore
branch
from
e46ca05 to
7520672
Compare
This was referenced May 22, 2026
dackclup
added a commit
that referenced
this pull request
May 22, 2026
… PR #195) (#201) Small backstop after Dependabot's second wave (2026-05-22) filed PR #200 (`tailwindcss 3.4.4 → 4.3.0`), a complete-engine-rewrite major bump that the original PR #195 ignore list missed. Tailwind CSS 4 ships: - New CSS-based `@theme` directive replacing tailwind.config.js - New `@tailwindcss/postcss` plugin chain - Utility class renames + behavior changes - Full frontend design-system re-validation required Migration is a scoped work item, not a routine Dependabot bump. Adds `tailwindcss` to .github/dependabot.yml npm `ignore:` block (10 → 11 npm entries). Minor + patch within `3.x` still flow automatically. Also fixes stale "in flight (this PR)" → "merged via PR #195" reference for the prior ignore-list extension. No compute / schema / scoring / valuation code change. Verification: ruff clean; YAML parses to v2 with 3 ecosystems and 12 total ignore entries (1 pip + 11 npm + 0 actions). Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Durable YAML backstop after Dependabot's first wave (2026-05-22) filed 8 PRs from the config that landed in PR #185.
actions/github-script v7 → v9actions/upload-artifact v4 → v7pandasconstraint<3 → <4eslint 8.57 → 10.4typescript 5.4 → 6.0@types/node 20 → 25recharts 2 → 3This PR adds the 4 closed-major deps to
.github/dependabot.yml'signore:blocks as a durable YAML-level backstop.Ignore list — before / after
pip (
/): 0 → 1npm (
/frontend): 5 → 9github-actions (
/): 0 → 0 (no entries added; #186 + #187 confirmed safe)All on
["version-update:semver-major"]only. Minor + patch + security updates still flow automatically for every package.Scope guardrails
recharts 3andpandas 3are separate scoped migrations if/when priority.github/+ docs lockstep onlyTest plan
ruff check .— cleanpython3 -c "import yaml; yaml.safe_load(...)"— parses to v2 with 3 ecosystems + 10 total ignore entries (1 pip + 9 npm)Rebased on top of #186/#187/#192/#194 (
e123e6be)https://claude.ai/code/session_01HHo4UHKc9iKKytkKfxfVnA