Skip to content

Commit 3193483

Browse files
authored
Merge branch 'main' into dependabot/npm_and_yarn/samples/react/token-refresh/npm_and_yarn-32e07c5719
2 parents 6c3efba + 6a27807 commit 3193483

11 files changed

Lines changed: 1289 additions & 451 deletions

File tree

.github/CODEOWNERS

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,12 @@
11
# All files require review
22
* @SecureAuthCorp/team-eng-ciam-ui-write
33

4+
# Dependency manifests and lockfiles
5+
**/package.json @ksroda-sa
6+
**/package-lock.json @ksroda-sa
7+
**/yarn.lock @ksroda-sa
8+
**/pom.xml @ksroda-sa
9+
**/*.csproj @ksroda-sa
10+
411
# GitHub Actions and CI config
512
.github/ @SecureAuthCorp/devops

.github/dependabot.yml

Lines changed: 96 additions & 140 deletions
Original file line numberDiff line numberDiff line change
@@ -1,195 +1,151 @@
11
version: 2
2-
updates:
3-
- package-ecosystem: "npm"
4-
directory: "/samples/react/login-pkce"
5-
schedule:
6-
interval: "weekly"
7-
open-pull-requests-limit: 5
8-
labels:
9-
- "dependencies"
10-
commit-message:
11-
prefix: "deps"
12-
13-
- package-ecosystem: "npm"
14-
directory: "/samples/react/token-refresh"
15-
schedule:
16-
interval: "weekly"
17-
open-pull-requests-limit: 5
18-
labels:
19-
- "dependencies"
20-
commit-message:
21-
prefix: "deps"
22-
23-
- package-ecosystem: "npm"
24-
directory: "/samples/angular/login-pkce"
25-
schedule:
26-
interval: "weekly"
27-
open-pull-requests-limit: 5
28-
labels:
29-
- "dependencies"
30-
commit-message:
31-
prefix: "deps"
322

33-
- package-ecosystem: "npm"
34-
directory: "/samples/angular/token-refresh"
35-
schedule:
36-
interval: "weekly"
37-
open-pull-requests-limit: 5
38-
labels:
39-
- "dependencies"
40-
commit-message:
41-
prefix: "deps"
42-
43-
- package-ecosystem: "npm"
44-
directory: "/samples/vue/login-pkce"
45-
schedule:
46-
interval: "weekly"
47-
open-pull-requests-limit: 5
48-
labels:
49-
- "dependencies"
50-
commit-message:
51-
prefix: "deps"
52-
53-
- package-ecosystem: "npm"
54-
directory: "/samples/vue/token-refresh"
55-
schedule:
56-
interval: "weekly"
57-
open-pull-requests-limit: 5
58-
labels:
59-
- "dependencies"
60-
commit-message:
61-
prefix: "deps"
3+
# Each framework groups its login-pkce + token-refresh directories into a
4+
# single entry via `directories:` (plural) — those samples share package.json
5+
# contents, so the bumps always travel together. Combined with
6+
# `groups: minor-and-patch`, this collapses what used to be ~57 open PRs into
7+
# ~5–7 steady-state.
8+
#
9+
# Major bumps still get individual PRs (groups only covers minor/patch) so a
10+
# human reads the changelog before merging.
11+
#
12+
# NOTE: Dependabot's YAML parser does NOT support aliases / merge keys, so the
13+
# common settings are duplicated explicitly below.
6214

15+
updates:
16+
# ── npm samples ─────────────────────────────────────────────────────────
6317
- package-ecosystem: "npm"
64-
directory: "/samples/node/login-auth-code"
18+
directories:
19+
- "/samples/react/login-pkce"
20+
- "/samples/react/token-refresh"
6521
schedule:
6622
interval: "weekly"
67-
open-pull-requests-limit: 5
68-
labels:
69-
- "dependencies"
23+
open-pull-requests-limit: 3
24+
labels: ["dependencies"]
7025
commit-message:
7126
prefix: "deps"
27+
groups:
28+
minor-and-patch:
29+
patterns: ["*"]
30+
update-types: ["minor", "patch"]
7231

7332
- package-ecosystem: "npm"
74-
directory: "/samples/node/saml-sp-login"
33+
directories:
34+
- "/samples/angular/login-pkce"
35+
- "/samples/angular/token-refresh"
7536
schedule:
7637
interval: "weekly"
77-
open-pull-requests-limit: 5
78-
labels:
79-
- "dependencies"
38+
open-pull-requests-limit: 3
39+
labels: ["dependencies"]
8040
commit-message:
8141
prefix: "deps"
42+
groups:
43+
minor-and-patch:
44+
patterns: ["*"]
45+
update-types: ["minor", "patch"]
8246

8347
- package-ecosystem: "npm"
84-
directory: "/samples/node/token-refresh"
48+
directories:
49+
- "/samples/vue/login-pkce"
50+
- "/samples/vue/token-refresh"
8551
schedule:
8652
interval: "weekly"
87-
open-pull-requests-limit: 5
88-
labels:
89-
- "dependencies"
53+
open-pull-requests-limit: 3
54+
labels: ["dependencies"]
9055
commit-message:
9156
prefix: "deps"
57+
groups:
58+
minor-and-patch:
59+
patterns: ["*"]
60+
update-types: ["minor", "patch"]
9261

93-
# React Native samples — the auto-merge workflow excludes
94-
# /samples/react-native/* by directory match, so bumps here always require
95-
# human review. Dep bumps can break native autolinking / API shapes that
96-
# `tsc --noEmit` doesn't catch. The "manual-review" label is informational
97-
# only (the workflow filter is directory-based, not label-based).
9862
- package-ecosystem: "npm"
99-
directory: "/samples/react-native/login-pkce"
63+
directories:
64+
- "/samples/node/login-auth-code"
65+
- "/samples/node/saml-sp-login"
66+
- "/samples/node/token-refresh"
10067
schedule:
10168
interval: "weekly"
102-
open-pull-requests-limit: 5
103-
labels:
104-
- "dependencies"
105-
- "manual-review"
69+
open-pull-requests-limit: 3
70+
labels: ["dependencies"]
10671
commit-message:
10772
prefix: "deps"
73+
groups:
74+
minor-and-patch:
75+
patterns: ["*"]
76+
update-types: ["minor", "patch"]
10877

78+
# React Native — auto-merge workflow excludes /samples/react-native/* by
79+
# directory match, so bumps always require human review. Dep bumps can break
80+
# native autolinking / API shapes that `tsc --noEmit` doesn't catch. The
81+
# "manual-review" label is informational (the workflow filter is dir-based).
10982
- package-ecosystem: "npm"
110-
directory: "/samples/react-native/token-refresh"
83+
directories:
84+
- "/samples/react-native/login-pkce"
85+
- "/samples/react-native/token-refresh"
11186
schedule:
11287
interval: "weekly"
113-
open-pull-requests-limit: 5
114-
labels:
115-
- "dependencies"
116-
- "manual-review"
88+
open-pull-requests-limit: 3
89+
labels: ["dependencies", "manual-review"]
11790
commit-message:
11891
prefix: "deps"
92+
groups:
93+
minor-and-patch:
94+
patterns: ["*"]
95+
update-types: ["minor", "patch"]
11996

12097
- package-ecosystem: "npm"
12198
directory: "/scripts"
12299
schedule:
123100
interval: "weekly"
124101
open-pull-requests-limit: 3
125-
labels:
126-
- "dependencies"
127-
commit-message:
128-
prefix: "deps"
129-
130-
- package-ecosystem: "maven"
131-
directory: "/samples/java/login-auth-code"
132-
schedule:
133-
interval: "weekly"
134-
open-pull-requests-limit: 5
135-
labels:
136-
- "dependencies"
137-
commit-message:
138-
prefix: "deps"
139-
140-
- package-ecosystem: "maven"
141-
directory: "/samples/java/saml-sp-login"
142-
schedule:
143-
interval: "weekly"
144-
open-pull-requests-limit: 5
145-
labels:
146-
- "dependencies"
102+
labels: ["dependencies"]
147103
commit-message:
148104
prefix: "deps"
105+
groups:
106+
minor-and-patch:
107+
patterns: ["*"]
108+
update-types: ["minor", "patch"]
149109

110+
# ── Maven (Java) ────────────────────────────────────────────────────────
111+
# Monthly cadence: Spring Boot + plugin updates move slower than npm.
150112
- package-ecosystem: "maven"
151-
directory: "/samples/java/token-refresh"
113+
directories:
114+
- "/samples/java/login-auth-code"
115+
- "/samples/java/saml-sp-login"
116+
- "/samples/java/token-refresh"
152117
schedule:
153-
interval: "weekly"
154-
open-pull-requests-limit: 5
155-
labels:
156-
- "dependencies"
157-
commit-message:
158-
prefix: "deps"
159-
160-
- package-ecosystem: "nuget"
161-
directory: "/samples/dotnet/login-auth-code"
162-
schedule:
163-
interval: "weekly"
164-
open-pull-requests-limit: 5
165-
labels:
166-
- "dependencies"
167-
commit-message:
168-
prefix: "deps"
169-
170-
- package-ecosystem: "nuget"
171-
directory: "/samples/dotnet/saml-sp-login"
172-
schedule:
173-
interval: "weekly"
174-
open-pull-requests-limit: 5
175-
labels:
176-
- "dependencies"
118+
interval: "monthly"
119+
open-pull-requests-limit: 3
120+
labels: ["dependencies"]
177121
commit-message:
178122
prefix: "deps"
123+
groups:
124+
minor-and-patch:
125+
patterns: ["*"]
126+
update-types: ["minor", "patch"]
179127

128+
# ── NuGet (.NET) ────────────────────────────────────────────────────────
129+
# Monthly cadence: Microsoft.* packages bunch around SDK release cycles.
180130
- package-ecosystem: "nuget"
181-
directory: "/samples/dotnet/token-refresh"
131+
directories:
132+
- "/samples/dotnet/login-auth-code"
133+
- "/samples/dotnet/saml-sp-login"
134+
- "/samples/dotnet/token-refresh"
182135
schedule:
183-
interval: "weekly"
184-
open-pull-requests-limit: 5
185-
labels:
186-
- "dependencies"
136+
interval: "monthly"
137+
open-pull-requests-limit: 3
138+
labels: ["dependencies"]
187139
commit-message:
188140
prefix: "deps"
141+
groups:
142+
minor-and-patch:
143+
patterns: ["*"]
144+
update-types: ["minor", "patch"]
189145

146+
# ── GitHub Actions ──────────────────────────────────────────────────────
190147
- package-ecosystem: "github-actions"
191148
directory: "/"
192149
schedule:
193150
interval: "weekly"
194-
labels:
195-
- "dependencies"
151+
labels: ["dependencies"]

samples/dotnet/saml-sp-login/tests/saml-sp-login.tests.csproj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@
99
</PropertyGroup>
1010
<ItemGroup>
1111
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
12-
<PackageReference Include="xunit" Version="2.9.2" />
13-
<PackageReference Include="xunit.runner.visualstudio" Version="3.0.1" />
12+
<PackageReference Include="xunit" Version="2.9.3" />
13+
<PackageReference Include="xunit.runner.visualstudio" Version="3.1.5" />
1414
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="10.0.0" />
1515
<!-- Override transitive dep with vulnerable System.Drawing.Common 4.7.0 (NU1904 / GHSA-rxg9-xrhp-64gj). -->
1616
<PackageReference Include="System.Drawing.Common" Version="8.0.10" />

samples/react-native/login-pkce/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
},
1717
"dependencies": {
1818
"react": "19.2.3",
19-
"react-native": "0.85.2",
19+
"react-native": "0.85.3",
2020
"react-native-app-auth": "8.1.0",
2121
"react-native-config": "1.6.1",
2222
"react-native-safe-area-context": "5.7.0"

0 commit comments

Comments
 (0)