Thanks to visit codestin.com
Credit goes to github.com

Skip to content

misc: adjust renovabot config #2516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 10, 2025
Merged

misc: adjust renovabot config #2516

merged 1 commit into from
Oct 10, 2025

Conversation

@ansmonjol
Copy link
Contributor

@ansmonjol ansmonjol commented Oct 10, 2025
edited
Loading

Changing some options for renovabot after it ran few times.

  • increase the minimumReleaseAge value from 3 to 7.
    We know that recently there were some malicious upgrade from some packages. Even tho they have been catch fast let's be safe here. It also let time to the community to report some bugs and see of the version is "really" working
  • add "pinVersions": true
    Makes sure the version in package.json is pined and does not allow patch to be installed without them to be referenced in the package.json. Feel giving more control and we'll have renovate update the version in the package.json anyway
  • remove bumpVersion option
    It has not the effect I expected. Thought it would bump the package.json of the upgraded package when it has a new version. Otherwise it does update the root version of our package.json. Not sure about our strategy there and we may need to consider other aspects before starting to often bump our version

@ansmonjol ansmonjol self-assigned this Oct 10, 2025
@ansmonjol ansmonjol added the 🥷 chore This doesn't seem right label Oct 10, 2025
@ansmonjol ansmonjol force-pushed the renovate-adjustments branch from c8f2fe4 to 7e15cf4 Compare October 10, 2025 14:20
AllanMichay
AllanMichay reviewed Oct 10, 2025
View reviewed changes
@ansmonjol ansmonjol requested a review from AllanMichay October 10, 2025 16:24
@ansmonjol ansmonjol enabled auto-merge (squash) October 10, 2025 16:27
@ansmonjol ansmonjol merged commit ea2952a into main Oct 10, 2025
8 checks passed
@ansmonjol ansmonjol deleted the renovate-adjustments branch October 10, 2025 16:32
ansmonjol added a commit that referenced this pull request Oct 10, 2025
@ansmonjol
misc: adjust renovabot config (#2516)
6a5e718 
Changing some options for renovabot after it ran few times.
- increase the `minimumReleaseAge` value from 3 to 7. 
We know that recently there were some malicious upgrade from some
packages. Even tho they have been catch fast let's be safe here. It also
let time to the community to report some bugs and see of the version is
"really" working
- add `"pinVersions": true`
Makes sure the version in package.json is pined and does not allow patch
to be installed without them to be referenced in the package.json. Feel
giving more control and we'll have renovate update the version in the
package.json anyway
- remove `bumpVersion` option
It has not the effect I expected. Thought it would bump the package.json
of the upgraded package when it has a new version. Otherwise it does
update the root version of our package.json. Not sure about our strategy
there and we may need to consider other aspects before starting to often
bump our version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AllanMichay AllanMichay AllanMichay approved these changes

Assignees

@ansmonjol ansmonjol

Labels

🥷 chore This doesn't seem right

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ansmonjol @AllanMichay