Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

chore: Add cursor rules for dependency upgrades #16669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: develop
Choose a base branch
Loading
from
Open

chore: Add cursor rules for dependency upgrades #16669

wants to merge 7 commits into from
+417 −65

Conversation

AbhiPrasad
Copy link
Member

I want to unleash an army of background agents to crunch through https://github.com/getsentry/sentry-javascript/security/dependabot?q=is%3Aopen+

To do this, I added some cursor rules for upgrading dependencies within the repo.

I also tested this out with two dependabot security warnings:

resolves https://github.com/getsentry/sentry-javascript/security/dependabot/615
resolves https://github.com/getsentry/sentry-javascript/security/dependabot/613

@AbhiPrasad AbhiPrasad requested a review from a team June 20, 2025 17:23
@AbhiPrasad AbhiPrasad self-assigned this Jun 20, 2025
@AbhiPrasad AbhiPrasad requested review from stephanie-anderson and andreiborza and removed request for a team June 20, 2025 17:23
@AbhiPrasad AbhiPrasad changed the title chore: Add cursor rules for dependency upgrade chore: Add cursor rules for dependency upgrades Jun 20, 2025
armenzg
armenzg reviewed Jun 20, 2025
View reviewed changes
.cursor/rules/publishing_release.mdc Outdated Show resolved Hide resolved
andreiborza
andreiborza reviewed Jun 22, 2025
View reviewed changes
.cursor/rules/sdk_dependency_upgrades.mdc

When upgrading OpenTelemetry dependencies:
1. Check the dependency's `package.json` after upgrade
2. Verify none of its dependencies use `@opentelemetry/*` packages at v2.0.0 or higher
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

m: What's important is that any otel package is not on

  • 2.x.x or
  • 0.2xx.x or
  • Any of its deps is bumping to those, e.g. @opentelemetry/instrumentation-pg@0.52.0 bumped to core 2.0.0 and instrumentation 0.200.0

yarn.lock
@@ -10264,6 +10264,11 @@ atob@^2.1.2:
resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
integrity sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==

atomic-sleep@^1.0.0:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

m: Why are there lockfile changes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@armenzg armenzg armenzg left review comments

@andreiborza andreiborza andreiborza left review comments

@stephanie-anderson stephanie-anderson Awaiting requested review from stephanie-anderson stephanie-anderson was automatically assigned from getsentry/team-web-sdk-frontend

At least 1 approving review is required to merge this pull request.

Assignees

@AbhiPrasad AbhiPrasad

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AbhiPrasad @armenzg @andreiborza
Morty Proxy This is a proxified and sanitized view of the page, visit original site.