Skip to content

Follow-up fixes for ts-package-json-approved-dependencies rule#39129

Merged
xirzec merged 2 commits into
mainfrom
xirzec-cuddly-waddle
Jun 29, 2026
Merged

Follow-up fixes for ts-package-json-approved-dependencies rule#39129
xirzec merged 2 commits into
mainfrom
xirzec-cuddly-waddle

Conversation

@xirzec

@xirzec xirzec commented Jun 29, 2026

Copy link
Copy Markdown
Member

Addresses post-merge review feedback on #39105.

Changes

1. Fix CODEOWNERS ordering for the allow-list (maorleger, jeremymeng)

The eng/approved-third-party-dependencies.yml entry was placed near the top of .github/CODEOWNERS, above the general /eng/ @mikeharder @benbp rule. Because CODEOWNERS resolves by last-matching pattern, the broad /eng/ rule overrode the specific entry, so @Azure/azure-sdk-js-dev did not actually own the allow-list file. Moved the entry into the eng block (after /eng/) so it is the last match and takes effect.

2. Derive allow-list paths from a single source of truth (maorleger)

APPROVED_DEPENDENCIES_RELATIVE_PATH and APPROVED_DEPENDENCIES_DISPLAY_PATH independently spelled out the path segments, so renaming the file could update one and miss the other. Both now derive from a shared APPROVED_DEPENDENCIES_PATH_SEGMENTS array. Resulting values are byte-for-byte identical to before (relative path uses platform separators; display path forces /).

Feedback intentionally not actioned

  • mtime cache invalidation, @scope/ vs @scope/*, and the events dependency were all resolved by discussion on the original PR.
  • The @file first-party-scopes comment nit and the "throw on undefined root" suggestion were considered and left as-is.

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

xirzec and others added 2 commits June 29, 2026 14:52
The entry for eng/approved-third-party-dependencies.yml was placed above the general /eng/ rule. Since CODEOWNERS resolves by last-matching pattern, the broad /eng/ rule was overriding it. Move the entry into the eng block so @Azure/azure-sdk-js-dev actually owns the allow-list file.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
APPROVED_DEPENDENCIES_RELATIVE_PATH and APPROVED_DEPENDENCIES_DISPLAY_PATH previously duplicated the path segments, so a rename could update one and miss the other. Derive both from a shared APPROVED_DEPENDENCIES_PATH_SEGMENTS array to prevent drift.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 29, 2026 19:55

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR is a small follow-up to #39105, which introduced the ts-package-json-approved-dependencies ESLint rule and its central allow-list (eng/approved-third-party-dependencies.yml). It addresses two post-merge review items: fixing CODEOWNERS so the allow-list file is actually owned by the right team, and removing path duplication in the rule's supporting utility.

Changes:

  • Moved the eng/approved-third-party-dependencies.yml CODEOWNERS entry from near the top of the file into the eng block (after /eng/), so it becomes the last-matching pattern and @Azure/azure-sdk-js-dev actually owns the file.
  • Introduced a private APPROVED_DEPENDENCIES_PATH_SEGMENTS array as a single source of truth, deriving both APPROVED_DEPENDENCIES_RELATIVE_PATH and APPROVED_DEPENDENCIES_DISPLAY_PATH from it (values unchanged).
Show a summary per file
File Description
.github/CODEOWNERS Relocates the allow-list ownership entry below the broad /eng/ rule so last-match resolution applies correctly.
common/tools/eslint-plugin-azure-sdk/src/utils/approvedDependencies.ts Derives the relative and display allow-list paths from a shared segments array to prevent drift; exported constant names and values are unchanged.

Review details

  • Files reviewed: 2/2 changed files
  • Comments generated: 0
  • Review effort level: Medium

@xirzec xirzec merged commit 4bda993 into main Jun 29, 2026
21 of 23 checks passed
@xirzec xirzec deleted the xirzec-cuddly-waddle branch June 29, 2026 20:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants