renovate-bot
747e0e1574
Security / scan (pull_request) Successful in 16s
Moves prPriority out of vulnerabilityAlerts (only allowed in packageRules per schema). Fixes the recurring 'Found renovate config warnings' issue.
55 lines
1.8 KiB
JSON
55 lines
1.8 KiB
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"extends": [
|
|
"config:recommended",
|
|
":dependencyDashboard",
|
|
":semanticCommits",
|
|
":timezone(Europe/Berlin)",
|
|
"schedule:weekly"
|
|
],
|
|
"labels": ["dependencies", "renovate"],
|
|
"assignees": ["JonKazama-Hellion"],
|
|
"prHourlyLimit": 10,
|
|
"prConcurrentLimit": 20,
|
|
"rebaseWhen": "behind-base-branch",
|
|
"packageRules": [
|
|
{
|
|
"description": "Group all minor and patch updates per ecosystem in one PR",
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"groupName": "minor and patch updates ({{manager}})"
|
|
},
|
|
{
|
|
"description": "Major updates always get their own PR with breaking-change label",
|
|
"matchUpdateTypes": ["major"],
|
|
"labels": ["dependencies", "major-update", "breaking-change"],
|
|
"addLabels": ["needs-review"]
|
|
},
|
|
{
|
|
"description": "TypeScript type definitions stay grouped with each other",
|
|
"groupName": "type definitions",
|
|
"matchPackageNames": ["@types/{/,}**"]
|
|
},
|
|
{
|
|
"description": "Dev dependencies in their own group",
|
|
"matchDepTypes": ["devDependencies"],
|
|
"groupName": "dev dependencies"
|
|
},
|
|
{
|
|
"description": "Pin GitHub Action versions by SHA for supply-chain hygiene",
|
|
"matchManagers": ["github-actions"],
|
|
"pinDigests": true,
|
|
"ignorePaths": [".gitea/workflows/**"]
|
|
}
|
|
],
|
|
"vulnerabilityAlerts": {
|
|
"labels": ["security", "vulnerability"],
|
|
"schedule": ["at any time"]
|
|
},
|
|
"lockFileMaintenance": {
|
|
"enabled": true,
|
|
"schedule": ["before 6am on monday"],
|
|
"commitMessageAction": "Refresh"
|
|
},
|
|
"osvVulnerabilityAlerts": true
|
|
}
|