Skip to content

ci: ignore major bumps for runtime dependencies in Dependabot#189

Merged
gralin merged 1 commit into
masterfrom
chore-dependabot-ignore-majors
Jul 2, 2026
Merged

ci: ignore major bumps for runtime dependencies in Dependabot#189
gralin merged 1 commit into
masterfrom
chore-dependabot-ignore-majors

Conversation

@gralin

@gralin gralin commented Jul 2, 2026

Copy link
Copy Markdown
Member

Adds Dependabot ignore rules so major bumps of the library's runtime dependencies aren't auto-proposed (they raise the floor for every consumer). Minor/patch updates are still offered; majors are taken deliberately.

  • Microsoft.Extensions.Logging — major ignored (keep the bridge's floor low)
  • Microsoft.Extensions.Logging.Abstractions — major ignored (keep the core's floor low)
  • System.IO.Ports — major ignored (it's pinned per-TFM to match the runtime major; a cross-major bump on the net8 pin would force .NET 8 consumers onto 10.x)

This is why #183, #184 (Extensions) and #188 (System.IO.Ports) were closed. MinVer is intentionally left out — it's build-time only and its major bump (#187) should be reviewed and taken after 4.0 ships, not suppressed.

Keep the library's runtime dependency floors low so consumers aren't forced onto a new
major of Microsoft.Extensions.Logging(.Abstractions) or System.IO.Ports. Minor/patch
updates are still proposed; majors are taken deliberately. MinVer is intentionally not
ignored so its major bump can still be reviewed and taken after 4.0 ships.
@gralin
gralin merged commit 80f6a13 into master Jul 2, 2026
3 checks passed
@gralin
gralin deleted the chore-dependabot-ignore-majors branch July 3, 2026 07:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant