Skip to content

ci: stop Dependabot from bundling major-version bumps#89

Merged
aks129 merged 1 commit into
mainfrom
fix-dependabot-major-bumps
May 20, 2026
Merged

ci: stop Dependabot from bundling major-version bumps#89
aks129 merged 1 commit into
mainfrom
fix-dependabot-major-bumps

Conversation

@aks129
Copy link
Copy Markdown
Contributor

@aks129 aks129 commented May 20, 2026

What broke

PR #88 broke the Vercel build because Dependabot's `dev-dependencies` group had no update-types filter, so it bundled five major-version bumps together (Prisma 6→7, TypeScript 5→6, Tailwind 3→4, ESLint 8→10, eslint-config-next 14→16). Prisma 7's schema-format change (`url` / `directUrl` move to a new `prisma.config.ts`) was the immediate failure.

What this PR does

  1. Adds `update-types: minor + patch` to the `dev-dependencies` group (matching the existing `minor-and-patch` group), so majors get their own PRs.
  2. Adds an `ignore: version-update:semver-major` block for nine deps with known migration cost — prisma, @prisma/client, tailwindcss, typescript, eslint, eslint-config-next, next, react, react-dom. Dependabot will stop opening major-bump PRs for these until the ignore rule is removed.

What this PR doesn't do

Each ignored package can be unblocked individually when we want to do the migration. The order I'd suggest tackling them later:

  1. Next 14 → 16 (most behind, most reachable migration via the official codemod)
  2. React 18 → 19 (paired with above; Next 16 supports React 19)
  3. TypeScript 5 → 6 (usually a typecheck pass + a few signature tweaks)
  4. Prisma 6 → 7 (needs `prisma.config.ts` migration; well-documented at https://pris.ly/d/prisma7-client-config)
  5. Tailwind 3 → 4 (most invasive — new `@import` syntax, removed legacy plugins, PostCSS config changes)
  6. ESLint 8 → 10 + eslint-config-next 14 → 16 (paired; do after Next bump)

Closed alongside this

To do after this lands

🤖 Generated with Claude Code

@aks129 @claude
ci: stop Dependabot from bundling major-version bumps into the dev-de…
bec12c9 
…ps group

PR #88 ("dev-dependencies group with 11 updates") broke the Vercel build
because Dependabot's dev-dependencies group had no update-types filter,
so it bundled FIVE major-version bumps together:

- Prisma 6 → 7 (removes url/directUrl from schema.prisma — needs new
  prisma.config.ts; this was the immediate build failure)
- TypeScript 5 → 6
- Tailwind 3 → 4 (major CSS-tooling rewrite)
- ESLint 8 → 10 (peer-dep warnings on eslint-plugin-import/jsx-a11y/react)
- eslint-config-next 14 → 16

Each of those needs a dedicated migration PR.

Fix: add `update-types: minor + patch` to the dev-dependencies group
(matching the minor-and-patch group) so majors land as their own PRs,
and add an `ignore: version-update:semver-major` block for the specific
deps with known migration cost so they don't churn the PR queue until
we're ready to migrate. Currently ignored at the major level:

  prisma, @prisma/client, tailwindcss, typescript, eslint,
  eslint-config-next, next, react, react-dom

Closing PR #88. PR #87 (the minor-and-patch group) is unaffected and
safe to merge.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented May 20, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ainpi Building Building Preview, Comment May 20, 2026 1:47pm

@aks129 aks129 merged commit d006658 into main May 20, 2026
6 of 7 checks passed
@aks129 aks129 deleted the fix-dependabot-major-bumps branch May 20, 2026 13:47
This was referenced May 20, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aks129