fix(deps): hold kr.devslab starter majors on the SB3 demos line#47
Merged
Merged
Conversation
PR #40 (closed) was Dependabot bumping `kr.devslab:easy-paging-spring-boot-starter` from 0.4.0 → 0.5.0 across the 4 SB3 demos. The SB3 demos are pinned to the SB3 line of the starter on purpose — 0.5.x is the SB4 line and carries Jackson 3, Spring Framework 7, modularization changes, etc. that aren't compile- compatible with what those demos declare. All 4 builds went red, confirming the policy gap. Tighten the SB3 demos' `ignore` block: - kr.devslab:easy-paging-spring-boot-starter — hold major bumps - kr.devslab:easy-paging-spring-boot-starter-reactive — same - kr.devslab:ssrf-guard — hold majors preemptively (if/when ssrf-guard ships an SB4-only major, the same rationale will apply) - kr.devslab:ssrf-guard-* — same Patch/minor of these starters still flow through as grouped PRs (the existing `easy-paging` / `ssrf-guard` groups), so security/feature patches within each line land normally. The SB4 demos entry (the second gradle block below) is intentionally NOT touched — that entry is where major bumps of these starters SHOULD eventually land, alongside whichever new SB major the starter certifies against.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Quick policy fix surfaced by #40 (closed). The SB3 demos'
ignoreblock held Spring Boot majors but didn't holdkr.devslabstarter majors — so when easy-paging 0.5.0 (the SB4 release line) landed on Maven Central, Dependabot bumped the SB3 demos to it across all 4 directories and CI went red on all 4.Adds these ignore rules to the SB3 demos entry:
kr.devslab:easy-paging-spring-boot-starter(major hold)kr.devslab:easy-paging-spring-boot-starter-reactive(major hold)kr.devslab:ssrf-guard(preemptive)kr.devslab:ssrf-guard-*(preemptive)Patch/minor still flows through grouped PRs as before. The SB4 demos entry is intentionally NOT touched — that's where these starters' SB4 majors should land.
Docs-only/config-only change.