|
1 | 1 | { |
| 2 | + $schema: 'https://docs.renovatebot.com/renovate-schema.json', |
| 3 | + extends: ['config:recommended', ':approveMajorUpdates'], |
| 4 | + |
| 5 | + dependencyDashboardLabels: ['dependencies', 'repo maintenance'], |
2 | 6 | enabledManagers: ['github-actions', 'npm'], |
| 7 | + |
3 | 8 | ignoreDeps: [ |
4 | | - // AJV is out-of-date, but it's intentionally synced with ESLint - https://github.com/eslint/eslint/blob/ad9dd6a933fd098a0d99c6a9aa059850535c23ee/package.json#L70 |
| 9 | + // AJV is intentionally synced with ESLint. |
| 10 | + // https://github.com/eslint/eslint/blob/13dbecdea749abf51951ce61662eec2621a4b9af/package.json#L77 |
5 | 11 | 'ajv', |
6 | | - // globby is ESM so we can't go any higher right now |
| 12 | + // ESM only so we can't go higher until we natively run ESM internally. |
7 | 13 | 'globby', |
8 | | - // this dep is now ESM only |
| 14 | + // Blocked until we enable ESLint v9 locally in our own PR (#9119). |
| 15 | + 'eslint', |
| 16 | + // ESM only so we can't go higher until we natively run ESM internally. |
9 | 17 | 'execa', |
10 | | - // the nx packages get updated using the nx migrate CLI |
11 | | - '@nrwl/cli', |
12 | | - '@nx/cli', |
13 | | - '@nrwl/devkit', |
14 | | - '@nx/devkit', |
15 | | - '@nx/jest', |
16 | | - '@nx/jest', |
17 | | - '@nrwl/nx-cloud', |
18 | | - 'nx-cloud', |
19 | | - '@nrwl/tao', |
20 | 18 | ], |
21 | 19 | ignorePaths: [ |
22 | | - // integration test package.json's should never be updated as they're purposely fixed tests |
| 20 | + // Integration test package.json's should never be updated as they're purposely fixed tests. |
23 | 21 | 'tests/integration/fixtures', |
24 | 22 | ], |
25 | | - internalChecksFilter: 'strict', |
| 23 | + |
26 | 24 | labels: ['dependencies'], |
27 | | - dependencyDashboard: true, |
28 | | - dependencyDashboardLabels: ['dependencies', 'repo maintenance'], |
29 | | - major: { |
30 | | - // most majors will require some manual effort to upgrade to, so we don't want to create |
31 | | - // PRs automatically or else we'll just spam ourselves. |
32 | | - dependencyDashboardApproval: true, |
33 | | - }, |
34 | | - // by default renovate will auto-rebase whenever the dep pranch falls behind main. |
35 | | - // this is annoying as it spams notifications and creates unnecessary action runs. |
36 | | - // instead only auto-rebase when conflicted, and we can trigger a manual rebase if required. |
37 | | - rebaseWhen: 'conflicted', |
38 | | - packageRules: [ |
39 | | - // automerge everything but major updates |
40 | | - { |
41 | | - matchUpdateTypes: ['minor', 'patch', 'pin', 'digest'], |
42 | | - automerge: true, |
43 | | - automergeStrategy: 'squash', |
44 | | - }, |
45 | 25 |
|
46 | | - // label PRs appropriately |
| 26 | + // Wait well over npm's three day window for any new package as a precaution against malicious publishes. |
| 27 | + // https://docs.npmjs.com/policies/unpublish/#packages-published-less-than-72-hours-ago |
| 28 | + minimumReleaseAge: '7 days', |
| 29 | + |
| 30 | + packageRules: [ |
47 | 31 | { |
48 | | - matchManagers: ['npm'], |
49 | 32 | addLabels: ['javascript'], |
| 33 | + description: 'Label JS ecosystem PRs appropriately.', |
| 34 | + matchManagers: ['npm'], |
50 | 35 | }, |
51 | 36 | { |
52 | | - matchManagers: ['github-actions'], |
53 | 37 | addLabels: ['github-actions'], |
54 | | - }, |
55 | | - |
56 | | - // batch package sets together |
57 | | - { |
58 | | - extends: ['packages:react'], |
59 | | - groupName: 'react', |
60 | | - }, |
61 | | - { |
62 | | - extends: ['monorepo:docusaurus'], |
63 | | - groupName: 'docusaurus', |
64 | | - }, |
65 | | - { |
66 | | - extends: ['monorepo:nrwl'], |
67 | | - groupName: 'nx', |
68 | | - }, |
69 | | - { |
70 | | - matchPackagePrefixes: ['@babel', 'babel-'], |
71 | | - groupName: 'babel', |
72 | | - }, |
73 | | - { |
74 | | - matchPackageNames: ['ts-jest', 'pretty-format'], |
75 | | - matchPackagePrefixes: ['@types/jest', 'jest', '@jest'], |
76 | | - groupName: 'jest', |
77 | | - }, |
78 | | - { |
79 | | - matchPackageNames: ['eslint'], |
80 | | - matchPackagePrefixes: ['@eslint'], |
81 | | - groupName: 'eslint', |
| 38 | + description: 'Label GHA ecosystem PRs appropriately.', |
| 39 | + matchManagers: ['github-actions'], |
82 | 40 | }, |
83 | 41 | { |
84 | | - matchPackageNames: ['stylelint'], |
85 | | - matchPackagePrefixes: ['@stylelint'], |
86 | | - groupName: 'stylelint', |
| 42 | + description: 'Ignore Nrwl/Nx packages updated using the nx migrate CLI.', |
| 43 | + enabled: false, |
| 44 | + packagePatterns: ['^@nrwl/', '^@nx/', 'nx-cloud'], |
87 | 45 | }, |
88 | 46 | ], |
| 47 | + |
| 48 | + // We've found enabling patch updates on all dependencies is a lot of noise. |
| 49 | + patch: { |
| 50 | + enabled: false, |
| 51 | + }, |
| 52 | + |
89 | 53 | postUpdateOptions: [ |
90 | | - // run yarn dedupe to cleanup the lockfile after updates |
| 54 | + // Run yarn dedupe to cleanup the lockfile after updates. |
91 | 55 | 'yarnDedupeHighest', |
92 | 56 | ], |
93 | | - stabilityDays: 3, |
| 57 | + |
| 58 | + // By default renovate will auto-rebase whenever the dep pranch falls behind main. |
| 59 | + // This is annoying as it spams notifications and creates unnecessary action runs. |
| 60 | + // Instead only auto-rebase when conflicted, and we can trigger a manual rebase if required. |
| 61 | + rebaseWhen: 'conflicted', |
94 | 62 | } |
0 commit comments