Skip to content

chore(deps): ignore major version bumps in dependabot#195

Merged
pcarleton merged 1 commit intomainfrom
paulc/dependabot-ignore-majors
Mar 25, 2026
Merged

chore(deps): ignore major version bumps in dependabot#195
pcarleton merged 1 commit intomainfrom
paulc/dependabot-ignore-majors

Conversation

@pcarleton
Copy link
Member

@pcarleton pcarleton commented Mar 25, 2026

Adds ignore rules for version-update:semver-major across all three ecosystems (npm root, npm examples, github-actions).

Why: Major bumps of devDeps like eslint, typescript, prettier need manual config migration and provide no value for conformance testing. They also tend to break CI on peer-dep conflicts (e.g. #193 failed because tsdown doesn't support TS 6 yet).

What still happens:

  • Security advisories → always open a PR regardless of this config
  • Minor/patch bumps → one grouped PR per month per directory

What stops: routine "eslint 9→10" / "typescript 5→6" PRs. We bump majors manually when we decide to.

Closes #193 (superseded by this config change — that PR was failing CI anyway).

@pcarleton
chore(deps): ignore major version bumps in dependabot
6a973f4 
Major bumps of devDeps (eslint, typescript, prettier) need manual config
migration and provide no value for conformance testing. Security updates
still come through regardless; scheduled updates are now minor/patch only.
@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 25, 2026

Open in StackBlitz

npx https://pkg.pr.new/@modelcontextprotocol/conformance@195

commit: 6a973f4

@pcarleton pcarleton merged commit 687d5b4 into main Mar 25, 2026
8 checks passed
@pcarleton pcarleton deleted the paulc/dependabot-ignore-majors branch March 25, 2026 11:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pcarleton