Skip to content

Configure Renovate #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Configure Renovate #9

wants to merge 1 commit into from
+6 −0

Conversation

@renovate
Copy link

@renovate renovate bot commented Aug 6, 2025

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • .github/workflows/dependency-review.yml (github-actions)
  • go.mod (gomod)
  • package.json (npm)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 5 Pull Requests:

Update dependency spdx-expression-parse to v4
  • Schedule: ["at any time"]
  • Branch name: renovate/spdx-expression-parse-4.x
  • Merge into: main
  • Upgrade spdx-expression-parse to ^4.0.0
Update dependency spdx-satisfies to v6
  • Schedule: ["at any time"]
  • Branch name: renovate/spdx-satisfies-6.x
  • Merge into: main
  • Upgrade spdx-satisfies to ^6.0.0
Update dependency zod to v4
  • Schedule: ["at any time"]
  • Branch name: renovate/zod-4.x
  • Merge into: main
  • Upgrade zod to ^4.0.0
Update jest monorepo to v30 (major)
  • Schedule: ["at any time"]
  • Branch name: renovate/major-jest-monorepo
  • Merge into: main
  • Upgrade @types/jest to ^30.0.0
  • Upgrade jest to ^30.0.0
Update octokit monorepo (major)

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link

github-actions bot commented Aug 6, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Trusty Scores

No changes require immediate attention.

Trusty is a free service that helps developers evaluate the risk profile of open-source packages. Packages are rated 0 to 10 with higher ratings indicating safer packages. Learn how.

Scanned Manifest Files

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant