From 153219af25bb489a36f7ba8905d7c6ce7519d127 Mon Sep 17 00:00:00 2001
From: Sin-Kang <jlc488@gmail.com>
Date: Sat, 23 May 2026 20:50:21 +0900
Subject: [PATCH] build(deps): hold easy-paging at < 0.5 in the SB3 demo block
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Dependabot opened #50 trying to bump easy-paging 0.4.0 → 0.5.0 across the
four SB3 demos. Build went red on all four — 0.5.0 is the SB4 release line
and the SB3 demos pin Spring Boot 3.5.x, so the starter's new
Spring-Framework-7 / Jackson-3 baseline can't load.

The existing `update-types: ["version-update:semver-major"]` ignore
didn't catch this because the starter is pre-1.0: 0.4 → 0.5 reads as a
minor bump to Dependabot even though it's effectively the SB3 → SB4
release-line jump for us.

Replace the major-only ignore with an explicit `versions: [">= 0.5"]`
filter on both easy-paging artifacts. 0.4.x patches will still flow
to the SB3 demos; 0.5+ stays blocked. The SB4 demos under
/easy-paging-sb4-*/ already have no such ignore and continue to track
the 0.5.x line.

Closes PR #50.
---
 .github/dependabot.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1276da4..60fdb03 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -63,10 +63,16 @@ updates:
       # — dependabot bumped to 0.5.0 across the SB3 demos and CI went
       # red on all 4). Hold easy-paging majors so the SB3 demos stay
       # on the 0.4.x line that matches their Spring Boot pin.
+      #
+      # Because the starter is pre-1.0, 0.4 → 0.5 reads to Dependabot
+      # as a *minor* bump but is actually the SB3 → SB4 release-line
+      # jump. The semver-major ignore alone isn't enough — PR #50
+      # (2026-05-23) snuck through it. Pin "< 0.5" explicitly via the
+      # versions: filter so 0.4.x patches still flow but 0.5+ doesn't.
       - dependency-name: "kr.devslab:easy-paging-spring-boot-starter"
-        update-types: ["version-update:semver-major"]
+        versions: [">= 0.5"]
       - dependency-name: "kr.devslab:easy-paging-spring-boot-starter-reactive"
-        update-types: ["version-update:semver-major"]
+        versions: [">= 0.5"]
       # Same shape applies to ssrf-guard's hypothetical SB4-only major
       # release, if/when it ships — guard against it in advance.
       - dependency-name: "kr.devslab:ssrf-guard"