Skip to content

fix: address Dependabot major version updates and markdownlint v23 compatibility#68

Merged
don-petry merged 1 commit intomainfrom
claude/issue-36-20260406-0341
Apr 6, 2026
Merged

fix: address Dependabot major version updates and markdownlint v23 compatibility#68
don-petry merged 1 commit intomainfrom
claude/issue-36-20260406-0341

Conversation

@claude
Copy link
Copy Markdown
Contributor

@claude claude Bot commented Apr 6, 2026

Summary

Addresses actionable fixes from issue #36 — Dependabot major version review:

  • .markdownlint-cli2.yaml: Pre-emptively disables new default-enabled rules added in markdownlint-cli2 v9→v23 (MD049, MD050, MD054, MD055, MD056, MD058). These rules enforce style choices (emphasis style, link formats, table formatting) that conflict with the intentional variety used in org documentation. This prevents CI failures when Dependabot PR chore(deps): Bump DavidAnson/markdownlint-cli2-action from 9.0.0 to 23.0.0 #19 is merged.

  • standards/workflows/dependency-audit.yml: Syncs the shared template to action versions currently deployed in the live workflow — actions/checkout v6.0.2, actions/setup-node v6.3.0, and updated patch SHAs for pnpm/action-setup and actions/setup-go. This ensures the template stays current so new repos don't inherit outdated action versions.

What Still Needs Manual Edits

The GitHub App token lacks workflows write permission, so these .github/workflows/ changes must be applied by a maintainer:

  1. dependabot-automerge.yml — add skip-commit-verification: true to fix PR chore(deps): bump anthropics/claude-code-action from 1.0.83 to 1.0.89 #22 and future signed-commit auto-merges (this is already present in standards/workflows/dependabot-automerge.yml)
  2. dependency-audit.yml — correct 6 stale # v4 / # v5 version comments (SHAs were updated by merged Dependabot PRs but comments weren't)

Remaining Dependabot PRs to Review

PR Update Notes
#17 pnpm/action-setup v4 → v5 Review: requires Node.js 18+
#19 markdownlint-cli2-action v9 → v23 Config update in this PR pre-empts lint failure
#20 actions/setup-go v5 → v6.4 Review Go version compatibility
#22 anthropics/claude-code-action Fix skip-commit-verification first

Closes #36

Generated with Claude Code

@github-actions @don-petry
fix: address Dependabot major version updates and markdownlint v23 co…
9bcc183 
…mpatibility

- Disable new markdownlint rules enabled by default in v23 (MD049, MD050,
  MD054, MD055, MD056, MD058) to prevent CI failures when Dependabot PR #19
  (markdownlint-cli2-action v9→v23) is merged
- Sync standards/workflows/dependency-audit.yml to action versions currently
  in the live workflow: actions/checkout v6.0.2, actions/setup-node v6.3.0,
  and updated pnpm/action-setup and actions/setup-go patch SHAs

Note: .github/workflows/ files require manual edits (no workflow write permission):
  - dependabot-automerge.yml: add skip-commit-verification: true to fix PR #22
  - dependency-audit.yml: correct 6 version comments (SHA updated but comment still says v4/v5)

Closes #36

Co-authored-by: don-petry <don-petry@users.noreply.github.com>
@claude claude Bot mentioned this pull request Apr 6, 2026
Closed
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 6, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@don-petry don-petry merged commit 4cc87df into main Apr 6, 2026
17 checks passed
@don-petry don-petry deleted the claude/issue-36-20260406-0341 branch April 6, 2026 12:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

enhancement: Review Dependabot PRs with major version jumps in .github repo

1 participant

@don-petry