Skip to content

Pin versions if using Renovate: Update config to best practices #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Pin versions if using Renovate: Update config to best practices #47

wants to merge 2 commits into from

Conversation

Copilot
Copy link

@Copilot Copilot AI commented Jul 18, 2025
edited
Loading

Updates the Renovate configuration to align with security best practices for dependency management and GitHub Action digest pinning.

Changes Made

  • Replaced config:recommended with config:best-practices in the extends array
  • Added helpers:pinGitHubActionDigestsToSemver to the extends array for GitHub Action digest pinning

Before

"extends": ["config:recommended"],

After

"extends": ["config:best-practices", "helpers:pinGitHubActionDigestsToSemver"],

This change improves the project's security posture by:

  • Using Renovate's best practices configuration instead of the basic recommended config
  • Enabling automatic pinning of GitHub Action digests to semver for better supply chain security

Related to the OpenTelemetry JS security scorecard findings at https://scorecard.dev/viewer/?uri=github.com/open-telemetry/opentelemetry-js

Fixes #46.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot Copilot AI assigned Copilot and trask Jul 18, 2025
@Copilot @trask
Update Renovate config: replace config:recommended with config:best-p…
8ebb100 
…ractices and add helpers:pinGitHubActionDigestsToSemver

Co-authored-by: trask <[email protected]>
@Copilot Copilot AI changed the title [WIP] Pin versions if using Renovate Pin versions if using Renovate: Update config to best practices Jul 18, 2025
@Copilot Copilot AI requested a review from trask July 18, 2025 00:33
Copilot finished work on behalf of trask July 18, 2025 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trask trask Awaiting requested review from trask

Assignees

@trask trask

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pin versions if using Renovate

2 participants

@Copilot @trask