From 116a689486fd5d53b02e40da51f7897328594971 Mon Sep 17 00:00:00 2001 From: yoshi49535 Date: Wed, 20 May 2026 19:41:40 +0900 Subject: [PATCH] chore(deps): ignore typescript major bumps (workspace consistency) TypeScript major upgrades require coordinated migration across the four auth.* OSS repos (auth.provider / auth.policy-verifier / auth.proxy / auth.utils). A per-repo Dependabot bump would split TS versions across the workspace and complicate dev-tool onboarding. This is the policy verified by the workspace's response to TS 6.0: auth.policy-verifier failed to build (Node built-in type resolution tightened), while the simpler sibling repos passed. Per-repo bumps would have created divergent TS versions across the workspace. TS major upgrades are deliberate cross-repo PRs, not Dependabot auto-bumps. Co-Authored-By: Claude Opus 4.7 --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 2ba298d..ac1cab1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,3 +5,12 @@ updates: schedule: interval: "weekly" open-pull-requests-limit: 10 + ignore: + # TypeScript major bumps require workspace-wide migration across the four + # auth.* OSS repos (auth.provider / auth.policy-verifier / auth.proxy / + # auth.utils). A per-repo Dependabot bump would split TS versions across + # the workspace and complicate dev-tool onboarding. TS major upgrades are + # handled as a deliberate cross-repo PR, not auto-bumped. + - dependency-name: "typescript" + update-types: + - "version-update:semver-major"