From f0d1c4e21db6d4b873a20df7c8e81ddd4c880172 Mon Sep 17 00:00:00 2001 From: mikemolinet Date: Wed, 6 May 2026 11:56:36 -0700 Subject: [PATCH] chore(deps): ignore major-version bumps for pytest + pytest-asyncio in dependabot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These are test-infra dev deps; major-version bumps (pytest 8→9, pytest-asyncio 0.24→1.3) break the test suite without engineer-side fix work, and there's no urgency to upgrade. Decision per Mike 2026-05-06. Closes the noise from #38 (pytest 8→9) and #40 (pytest-asyncio 0.24→1.3). Re-enable when bandwidth opens to update the test suite for new APIs. Minor + patch bumps for these packages still flow as before via the python-minor-patch group. --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e5c4502..6028dd3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,16 @@ updates: day: "monday" open-pull-requests-limit: 10 labels: ["dependencies", "security"] + # Skip major bumps for test-infra dev deps that have known breaking + # changes between major versions. Re-enable when bandwidth opens to + # update the test suite for the new APIs. Decision: 2026-05-06, + # after #38 (pytest 8→9) and #40 (pytest-asyncio 0.24→1.3) failed + # tests with no urgency to upgrade. + ignore: + - dependency-name: "pytest" + update-types: ["version-update:semver-major"] + - dependency-name: "pytest-asyncio" + update-types: ["version-update:semver-major"] # Group patch + minor updates into a single PR per package-ecosystem. # Major bumps still get their own PR for human review. Mergify # batches the resulting PR group via .mergify.yml's "dependencies"