openplayerjs/renovate.json at master · openplayerjs/openplayerjs

99 lines (90 loc) · 3.65 KB
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  // config:recommended gives automerge/grouping primitives without the
  // :pinDevDependencies preset that config:best-practices pulls in.
  // All dependencies (dev and published) are pinned to exact versions.
  // pnpm-lock.yaml provides reproducible installs; pinning in package.json
  // additionally prevents surprise version drift if the lockfile is bypassed
  // or a consumer installs the package directly.
  "extends": [
    "config:recommended",
    "helpers:pinGitHubActionDigests",
    ":disableDependencyDashboard"
  // Pin everything to exact versions — no ^ or ~ ranges anywhere.
  "rangeStrategy": "pin",
  "semanticCommits": "enabled",
  // Batch all non-major updates on Mondays to keep the PR queue manageable.
  "schedule": ["before 9am on Monday"],
  "packageRules": [
    // ── peerDependencies ──────────────────────────────────────────────────
    // Never touch peerDependencies automatically; semver ranges are
    // intentional contracts between the plugin and its host.
      "matchDepTypes": ["peerDependencies"],
      "enabled": false
    // ── Root devDependencies: patch + minor ───────────────────────────────
    // Safe to automerge; CI validates correctness.
      "matchManagers": ["npm"],
      "matchDepTypes": ["devDependencies"],
      "matchUpdateTypes": ["patch", "minor"],
      "automerge": true,
      "automergeType": "pr",
      "labels": ["dependencies"]
    // ── Root devDependencies: major ───────────────────────────────────────
    // Require manual review; majors may have breaking API changes.
      "matchManagers": ["npm"],
      "matchDepTypes": ["devDependencies"],
      "matchUpdateTypes": ["major"],
      "labels": ["dependencies", "major"],
      "automerge": false
    // ── Published package dependencies ────────────────────────────────────
    // Pinned to exact versions for the same reason as devDeps; exact versions
    // in published packages give consumers a deterministic dependency graph
    // and prevent transitive vulnerability drift.
      "matchManagers": ["npm"],
      "matchDepTypes": ["dependencies"],
      "automerge": false,
      "labels": ["dependencies"]
    // ── Tooling groups (reduces PR noise) ────────────────────────────────
      "groupName": "ESLint",
      "matchPackageNames": ["/^eslint/", "/^@eslint/", "/^@typescript-eslint/", "typescript-eslint"]
      "groupName": "TypeScript",
      "matchPackageNames": ["/^typescript$/", "/^ts-/", "tslib"]
      "groupName": "Jest",
      "matchPackageNames": ["/^jest/", "/^@jest/", "/^babel-jest/", "/^ts-jest/", "jest-environment-jsdom"]
      "groupName": "Rollup",
      "matchPackageNames": ["/^rollup/", "/^@rollup/"]
      "groupName": "PostCSS",
      "matchPackageNames": ["/^postcss/", "cssnano", "stylelint", "stylelint-order"]
      "groupName": "Commitlint",
      "matchPackageNames": ["/^@commitlint/"]
      "groupName": "Release tooling",
      "matchPackageNames": ["/^release-it/", "/^@release-it/", "/^@release-it-plugins/", "dotenv-cli"]
      "groupName": "Git hooks",
      "matchPackageNames": ["husky", "lint-staged"]
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

renovate.json

Latest commit

History

renovate.json

File metadata and controls
