Skip to content

Add allow-bypass option to exclude-newer for allowing direct pinned dependencies#18921

Draft
zanieb wants to merge 2 commits intoastral-sh:mainfrom
zaniebot:claude/exclude-newer-allow-bypass-V4gsG
Draft

Add allow-bypass option to exclude-newer for allowing direct pinned dependencies#18921
zanieb wants to merge 2 commits intoastral-sh:mainfrom
zaniebot:claude/exclude-newer-allow-bypass-V4gsG

Conversation

@zanieb
Copy link
Copy Markdown
Member

@zanieb zanieb commented Apr 8, 2026

(not ready for review)

claude added 2 commits April 3, 2026 13:20
When `allow-bypass` contains `"direct-pinned"`, direct dependencies
that are pinned with `==` bypass the exclude-newer date filter. This
allows users to lock reproducible environments while still being able
to pin specific newer versions of direct dependencies.

The new config format is:
  exclude-newer = { timestamp = "2024-03-01", allow-bypass = ["direct-pinned"] }

https://claude.ai/code/session_01ThogGqi1cAqy7bsUd6KFdr
Add `AllowBypassChanged` variant to `ExcludeNewerChange` so that
adding or removing `allow-bypass` from the exclude-newer config
correctly invalidates the lock file. Also fix a missing blank line.

https://claude.ai/code/session_01ThogGqi1cAqy7bsUd6KFdr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants