Skip to content
/ renovate-config Public

Commit cf25ef6

Browse files
ErisDSErisDS
committed
Adopt best-practices preset and automerge packageManager updates
Align the shared preset with Renovate's best-practices baseline while preserving explicit lockfile and minimum release-age safeguards. Include packageManager dep type in the automerge rule so pnpm version bumps can merge automatically once checks pass.
1 parent 71f05eb commit cf25ef6

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

quiet.json5

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,24 +2,24 @@
22
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
33
"description": "Base configuration rules with quiet automerging",
44
"extends": [
5-
// https://docs.renovatebot.com/presets-config/#configrecommended
6-
"config:recommended",
5+
// https://docs.renovatebot.com/presets-config/#configbest-practices
6+
"config:best-practices",
77
// This is helpful for seeing the state of dependencies
88
":dependencyDashboard",
99
// Don't limit the number of PRs we can open
1010
":disableRateLimiting",
11-
// Lock file maintenance is really critical to keeping a repository healthy
12-
":maintainLockFilesWeekly",
1311
// We don't use semantic commits
1412
":semanticCommitsDisabled",
1513
// We pin dependencies to keep dependencies deterministic
1614
":pinDependencies",
1715
":pinDevDependencies",
18-
// This isn't part of the recommended config, so adding it as we use vite
16+
// This isn't part of the core recommendation, so adding it as we use Vite
1917
"group:vite",
20-
// Force waiting 3 days for NPM packages before updating
21-
// This helps protect us against any compromised packages and
22-
// from pacakges being deleted from NPM
18+
// These are included via config:best-practices, but kept explicit because
19+
// they are critical safeguards we never want to accidentally drop.
20+
// - Weekly lockfile maintenance keeps dependency metadata healthy.
21+
// - Minimum release age reduces risk from compromised/fresh npm releases.
22+
":maintainLockFilesWeekly",
2323
"security:minimumReleaseAgeNpm"
2424
],
2525
// Don't separate out PRs for individual major jumps
@@ -50,7 +50,8 @@
5050
"matchDepTypes": [
5151
"devDependencies",
5252
"dependencies",
53-
"optionalDependencies"
53+
"optionalDependencies",
54+
"packageManager"
5455
],
5556
"automerge": true,
5657
"automergeType": "pr",

0 commit comments

Comments
 (0)