ci: dependabot minimum package age check #23118
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomasklim
reviewed
Nov 12, 2025
| npmMinimalAgeGate: 4320 | ||
| # Skip age gate for experimental, rapidly changing packages | ||
| npmPreapprovedPackages: | ||
| - "@evolu/*" |
Member
There was a problem hiding this comment.
Suggested change
| - "@evolu/*" | |
| - "@evolu/*" | |
| - "@types/invity-api" |
our package
Contributor
Author
There was a problem hiding this comment.
Added ✔️
In case of .yarnrc.yml it works with names in form @scope/name@resolver, in our case resolver is always npm, so I wrote it @* at the end, which will mean any version
Lemonexe
force-pushed
the
ci/yarn-min-age
branch
2 times, most recently
from
e680678 to
313b9be
Compare
Contributor
|
✅ Previously successful run of [Test] PR Suite Web e2e tests workflow has been found. |
Contributor
|
✅ Previously successful run of [Test] PR Suite Desktop e2e tests workflow has been found. |
Lemonexe
force-pushed
the
ci/yarn-min-age
branch
from
313b9be to
ad7d487
Compare
This was referenced Nov 13, 2025
Lemonexe
force-pushed
the
ci/yarn-min-age
branch
from
ad7d487 to
aab3aa3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Exclusions
Exclusions are ofc possible for experimental, rapidly changing packages. Adding a few that we know about right away.
How to bump deps now?
When you run for example
yarn list-outdated TEAM, the age gate is honored. So for example it suggests eslint 9.38 (old enough), not 9.39.1 (too young), which is amazing, otherwise it'd be really annoying 🙂yarn uphonors the age gate automaticallyncudoesn't do it automatically, but since 19.1.0 you can specify-calias--cooldownyourself, so for example:ncu --deep -u -c 14 -t greatest --pre 0 -f @eslint/jswill update
eslintto the age gated version in all package.jsons 🚀 🙂greatestmust be specified; defaultlatestmay not match anything with-c(more on that here)Related Issue
Resolve #22681
Screenshots
I installed eslint 9.39.1, which is 9 days old as of writing this PR, and it won't let me install:
🔍🖥️ Suite web test results: View in Currents
🔍🖥️ Suite desktop test results: View in Currents