justusbunsi
1d063082f2
Some checks failed
renovate / renovate (push) Has been cancelled
Renovate by default doesn't group dependencies. This is to achieve fine-grained changes. However, it can also be the root cause for maintainers getting flooded with notifications. With regards to Renovate [noise reduction](https://docs.renovatebot.com/noise-reduction/) and related to #93, one of the most powerful ways is grouping related dependencies into a single Pull Request. This introduces the following reusable presets: - Golang dependencies - NPM dependencies - Workflow/Actions dependencies - Security fixes (depends on an experimental feature: https://github.com/renovatebot/renovate/discussions/20542) Combining those presets with proper Pull Request scheduling, they can help finding a good workflow to keep up-to-date. --- A heads-up about possible downsides of dependency grouping. If a group contains an update that is not possible, one has to either: - manually adjust the Pull Request to not include that package update - manually adjust the repository `renovate.json5` to ignore a specific package version Reviewed-on: #97 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: justusbunsi <sk.bunsenbrenner@gmail.com> Co-committed-by: justusbunsi <sk.bunsenbrenner@gmail.com>
8 lines
155 B
JSON
8 lines
155 B
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"osvVulnerabilityAlerts": true,
|
|
"vulnerabilityAlerts": {
|
|
"enabled": true
|
|
}
|
|
}
|