Skip to content

Add allow-bypass option to exclude-newer for allowing direct pinned dependencies#18921

Draft
zanieb wants to merge 2 commits intoastral-sh:mainfrom
zaniebot:claude/exclude-newer-allow-bypass-V4gsG
Draft

Add allow-bypass option to exclude-newer for allowing direct pinned dependencies#18921
zanieb wants to merge 2 commits intoastral-sh:mainfrom
zaniebot:claude/exclude-newer-allow-bypass-V4gsG

Conversation

@zanieb
Copy link
Copy Markdown
Member

@zanieb zanieb commented Apr 8, 2026
edited
Loading

(not ready for review)

claude added 2 commits April 3, 2026 13:20
@claude
Add allow-bypass = ["direct-pinned"] option to exclude-newer
014c9b8 
When `allow-bypass` contains `"direct-pinned"`, direct dependencies
that are pinned with `==` bypass the exclude-newer date filter. This
allows users to lock reproducible environments while still being able
to pin specific newer versions of direct dependencies.

The new config format is:
  exclude-newer = { timestamp = "2024-03-01", allow-bypass = ["direct-pinned"] }

https://claude.ai/code/session_01ThogGqi1cAqy7bsUd6KFdr
@claude
Detect allow-bypass changes in lock file staleness check
2f36c9f 
Add `AllowBypassChanged` variant to `ExcludeNewerChange` so that
adding or removing `allow-bypass` from the exclude-newer config
correctly invalidates the lock file. Also fix a missing blank line.

https://claude.ai/code/session_01ThogGqi1cAqy7bsUd6KFdr
@zanieb zanieb mentioned this pull request Apr 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zanieb @claude