Skip to content

chore(deps): ignore cds-services-bom in dependabot#224

Merged
rjayasinghe merged 5 commits into
mainfrom
chore/ignore-cds-services-bom-dependabot
Jul 1, 2026
Merged

chore(deps): ignore cds-services-bom in dependabot#224
rjayasinghe merged 5 commits into
mainfrom
chore/ignore-cds-services-bom-dependabot

Conversation

@rjayasinghe

Copy link
Copy Markdown
Contributor

Major bumps of com.sap.cds:cds-services-bom require coordinated compat review, so keep them out of the automated dependency PR stream and handle them manually.

Closes #220 (5.0.0 bump) — will be re-evaluated as a manual PR.

Major bumps of com.sap.cds:cds-services-bom require coordinated
compat review; pin via manual PRs instead of automated updates.

Closes #220 (5.0.0 bump) — will be re-evaluated manually.
@hyperspace-insights

Copy link
Copy Markdown
Contributor

Summary

The following content is AI-generated and provides a summary of the pull request:


Ignore cds-services-bom Major Bumps in Dependabot

Chore

🔧 Excludes com.sap.cds:cds-services-bom from automated Dependabot dependency updates to ensure major version bumps are handled manually after a coordinated compatibility review.

Changes

  • .github/dependabot.yml: Added an ignore rule for com.sap.cds:cds-services-bom under the Maven package ecosystem, preventing Dependabot from automatically opening PRs for this dependency.

GitHub Issues

  • #220: Automated bump of com.sap.cds:cds-services-bom from 4.9.0 to 5.0.0 — will be re-evaluated as a manual PR.

  • 🔄 Regenerate and Update Summary
  • ✏️ Insert as PR Description (deletes this comment)
  • 🗑️ Delete comment
PR Bot Information

Version: 1.26.11

@hyperspace-insights hyperspace-insights Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The single substantive issue is the missing update-types filter — without it the rule is broader than intended and will silently suppress patch/minor updates (including security fixes) for cds-services-bom.

PR Bot Information

Version: 1.26.11

  • Event Trigger: pull_request.opened
  • File Content Strategy: Full file content
  • LLM: anthropic--claude-4.6-sonnet
  • Correlation ID: cb953a61-a521-4d6a-a45b-67b05d3a921c

Comment thread .github/dependabot.yml
Co-authored-by: hyperspace-insights[bot] <209611008+hyperspace-insights[bot]@users.noreply.github.com>
Previous edit accidentally dropped the '- package-ecosystem: github-actions'
list marker, causing that block to be merged into the maven block with
duplicate 'directory'/'directories' and 'schedule' keys. Dependabot rejected
the config as invalid.
@rjayasinghe rjayasinghe enabled auto-merge (squash) July 1, 2026 10:33
@rjayasinghe rjayasinghe merged commit d716eaa into main Jul 1, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants