Skip to content

.github/dependabot.yml: adjust rules for typescript#4483

Merged
tdonohue merged 1 commit intoDSpace:mainfrom
alanorth:dependabot-typescript
Jul 29, 2025
Merged

.github/dependabot.yml: adjust rules for typescript#4483
tdonohue merged 1 commit intoDSpace:mainfrom
alanorth:dependabot-typescript

Conversation

@alanorth
Copy link
Contributor

@alanorth alanorth commented Jun 17, 2025
edited
Loading

References

Add references/links to any related issues or PRs. These may include:

Description

Our package.json uses the "~" specifier to pin typescript to patch versions so dependabot should not try to update minor versions here.

Also see the Angular version compatibility matrix: https://angular.dev/reference/versions

Instructions for Reviewers

Please add a more detailed description of the changes made by your PR. At a minimum, providing a bulleted list of changes in your PR is helpful to reviewers.

List of changes in this PR:

  • Update dependabot configuration to only attempt patch / subminor version updates for typescript

Include guidance for how to test or review your PR. This may include: steps to reproduce a bug, screenshots or description of a new feature, or reasons behind specific changes.

Checklist

This checklist provides a reminder of what we are going to look for when reviewing your PR. You do not need to complete this checklist prior creating your PR (draft PRs are always welcome).
However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!

  • My PR is created against the main branch of code (unless it is a backport or is fixing an issue specific to an older branch).
  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes ESLint validation using npm run lint
  • My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • My PR aligns with Accessibility guidelines if it makes changes to the user interface.
  • My PR uses i18n (internationalization) keys instead of hardcoded English text, to allow for translations.
  • My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
  • If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
  • If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
  • If my PR fixes an issue ticket, I've linked them together.

@alanorth alanorth added dependencies Pull requests that update a dependency file 1 APPROVAL pull request only requires a single approval to merge labels Jun 17, 2025
@tdonohue tdonohue added this to the 10.0 milestone Jun 23, 2025
@tdonohue tdonohue self-requested a review June 23, 2025 14:49
@tdonohue tdonohue moved this to 👀 Under Review in DSpace 10.0 Release Jun 23, 2025
@alanorth
.github/dependabot.yml: adjust rules for typescript
460cef4 
Our package.json uses the "~" specifier to pin typescript to patch
versions so dependabot should not try to update minor versions here.
@alanorth alanorth force-pushed the dependabot-typescript branch from 33ddc56 to 460cef4 Compare July 29, 2025 04:48
@alanorth alanorth added the port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release label Jul 29, 2025
@tdonohue tdonohue removed the port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release label Jul 29, 2025
tdonohue
tdonohue approved these changes Jul 29, 2025
View reviewed changes
Copy link
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks @alanorth . This also makes sense to me.

(Quick note, I removed the port to dspace-9_x label from this. Dependabot rules only "apply" if they are on the main branch...which is why we have to list all other branch rules in the single dependabot.yml on main.)

@github-project-automation github-project-automation bot moved this from 👀 Under Review to 👍 Reviewer Approved in DSpace 10.0 Release Jul 29, 2025
@tdonohue tdonohue merged commit 813f9ba into DSpace:main Jul 29, 2025
15 checks passed
@github-project-automation github-project-automation bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace 10.0 Release Jul 29, 2025
@alanorth alanorth deleted the dependabot-typescript branch July 29, 2025 18:09
@alanorth alanorth mentioned this pull request Jul 29, 2025
Closed
This was referenced Jul 30, 2025
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

@alanorth alanorth

Labels

1 APPROVAL pull request only requires a single approval to merge dependencies Pull requests that update a dependency file

Projects

DSpace 10.0 Release
Status: ✅ Done

Milestone

10.0

Development

Successfully merging this pull request may close these issues.

2 participants

@alanorth @tdonohue