Skip to content

ci: add dry-aged-deps for dependency freshness checks#44

Closed
tompahoward wants to merge 8 commits into
mainfrom
claude/install-deps-run-tests-POccP
Closed

ci: add dry-aged-deps for dependency freshness checks#44
tompahoward wants to merge 8 commits into
mainfrom
claude/install-deps-run-tests-POccP

Conversation

@tompahoward
Copy link
Copy Markdown
Contributor

@tompahoward tompahoward commented Mar 14, 2026

Summary

  • Install dry-aged-deps as a dev dependency for supply-chain-safe dependency freshness monitoring
  • Add .dry-aged-deps.json config with exclusions for all 20 currently outdated packages (eslint 8.x ecosystem, jest 27.x, projen 0.58.x, typescript 4.x, etc.) with documented reasons
  • Add dry-aged-deps --check step to the GitHub Actions build pipeline
  • Add dry-aged-deps --check to the pre-push git hook
  • Add .dry-aged-deps.json to cspell ignore paths

Test plan

  • dry-aged-deps --check exits 0 with all current outdated deps excluded
  • All existing tests pass (5/5, 100% coverage)
  • Pre-push hook runs successfully with the new check
  • Spellcheck passes with the new config file excluded

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce

@claude
ci: add dry-aged-deps for dependency freshness checks
b28e701 
Install dry-aged-deps and configure exclusions for all currently outdated
dependencies that cannot be updated due to version constraints (eslint 8.x
ecosystem, jest 27.x, projen 0.58.x, etc). Add --check to the build
pipeline and pre-push hook to catch future outdated dependencies.

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: upgrade deprecated GitHub Actions to v4
2025f25 
actions/checkout v3, actions/upload-artifact v2, actions/download-artifact v3,
and actions/setup-node v3 have been deprecated by GitHub. Upgrade all workflow
files to v4 to fix CI failures.

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: add --ignore-engines to yarn install in build workflow
8ac8585 
eslint-plugin-jsdoc@39 declares engine compatibility with Node ^14-18,
but GitHub Actions runners use Node 20+. Add --ignore-engines flag to
allow installation to proceed.

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: add .yarnrc to ignore engine checks globally
1a9f8e0 
eslint-plugin-jsdoc@39 requires Node ^14-18 but modern runners use
Node 20+. Setting --ignore-engines in .yarnrc ensures yarn install
succeeds both locally and in CI (including projen's internal installs).

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: fix npm pack command for newer npm versions
8725d4c 
Newer npm versions output notice lines before the tarball filename,
breaking the mv command in the package task. Pipe through tail -1 to
extract only the filename.

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: configure dry-aged-deps via projenrc for projen compatibility
7a73b8b 
Move all dry-aged-deps configuration into .projenrc.ts so changes
survive projen regeneration:
- Add dry-aged-deps as a dev dependency
- Add dry-aged-deps --check as a post-build step in build workflow
- Add dry-aged-deps --check to the pre-push husky hook
- Add .dry-aged-deps.json to cspell ignore paths

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: upgrade GitHub Actions to v4 via projen overrides
bf3f4f1 
Use projen file overrides to upgrade all deprecated GitHub Actions
(checkout, upload-artifact, download-artifact, setup-node) from v2/v3
to v4 so they survive projen regeneration.

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@claude
ci: eject from projen and replace with direct npm scripts
947025f 
Remove projen dependency and configuration. Replace all projen-managed
scripts with direct commands in package.json. Update CI workflows to
use npm scripts directly. Upgrade all GitHub Actions to v4. Remove
@mountainpass/cool-bits-for-projen dependency.

https://claude.ai/code/session_01HNvBcQzT1SviRqkUpP5Xce
@mergify
Copy link
Copy Markdown

mergify Bot commented Mar 14, 2026

❌ The current Mergify configuration is invalid

Details
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → method → squash
  • Extra inputs are not permitted @ root → pull_request_rules → item 0 → actions → queue → commit_message_template → {{ title }} (#{{ number }})

{{ body }}

@tompahoward
Copy link
Copy Markdown
Contributor Author

tompahoward commented Mar 14, 2026

Splitting into two separate PRs for lower risk.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tompahoward @claude