sr2/link-stack
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Configure Renovate #1

Open
renovate wants to merge 1 commit from renovate/configure into main
pull from: renovate/configure
merge into: sr2:main
Conversation 0 Commits 1 Files changed 1 +8
renovate commented 2026-05-20 09:26:52 +00:00
Member
Copy link

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

Detected Package Files

  • apps/bridge-frontend/Dockerfile (dockerfile)
  • apps/bridge-whatsapp/Dockerfile (dockerfile)
  • apps/bridge-worker/Dockerfile (dockerfile)
  • apps/link/Dockerfile (dockerfile)
  • docker/buildx/Dockerfile (dockerfile)
  • docker/memcached/Dockerfile (dockerfile)
  • docker/nginx-proxy/Dockerfile (dockerfile)
  • docker/opensearch-dashboards/Dockerfile (dockerfile)
  • docker/opensearch/Dockerfile (dockerfile)
  • docker/postgresql/Dockerfile (dockerfile)
  • docker/redis/Dockerfile (dockerfile)
  • docker/signal-cli-rest-api/Dockerfile (dockerfile)
  • docker/zammad/Dockerfile (dockerfile)
  • .gitlab-ci.yml (gitlabci)
  • apps/bridge-frontend/package.json (npm)
  • apps/bridge-migrations/package.json (npm)
  • apps/bridge-whatsapp/package.json (npm)
  • apps/bridge-worker/package.json (npm)
  • apps/link/package.json (npm)
  • package.json (npm)
  • packages/bridge-common/package.json (npm)
  • packages/bridge-ui/package.json (npm)
  • packages/eslint-config/package.json (npm)
  • packages/jest-config/package.json (npm)
  • packages/logger/package.json (npm)
  • packages/signal-api/package.json (npm)
  • packages/typescript-config/package.json (npm)
  • packages/ui/package.json (npm)
  • packages/zammad-addon-bridge/package.json (npm)
  • packages/zammad-addon-common/package.json (npm)
  • packages/zammad-addon-hardening/package.json (npm)
  • pnpm-workspace.yaml (npm)
  • .nvmrc (nvm)
  • packages/zammad-addon-bridge/src/.ruby-version (ruby-version)
  • packages/zammad-addon-hardening/src/.ruby-version (ruby-version)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Run lock file maintenance (updates) early Monday mornings.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show all Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title
  • Pin github-action digests.
  • Pin Docker digests.
  • Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title
  • Only update dependencies if vulnerabilities have been detected.
  • Show OpenSSF badge on pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title

What to Expect

With your current configuration, Renovate will create 6 Pull Requests:

Update dependency next to v15.5.18 [SECURITY]
  • Branch name: renovate/npm-next-vulnerability
  • Merge into: main
  • Upgrade next to 15.5.18
Update dependency kysely to v0.28.17 [SECURITY]
  • Branch name: renovate/npm-kysely-vulnerability
  • Merge into: main
  • Upgrade kysely to 0.28.17
Update dependency turbo to v2.9.14 [SECURITY]
  • Branch name: renovate/npm-turbo-vulnerability
  • Merge into: main
  • Upgrade turbo to 2.9.14
Update dependency link-preview-js to v4 [SECURITY]
  • Branch name: renovate/npm-link-preview-js-vulnerability
  • Merge into: main
  • Upgrade link-preview-js to ^4.0.0
Update pnpm to v10 [SECURITY]
  • Branch name: renovate/npm-pnpm-vulnerability
  • Merge into: main
  • Upgrade pnpm to 10.28.2
  • Upgrade pnpm to >=10.28.2
Lock file maintenance
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/lock-file-maintenance
  • Merge into: main
  • Regenerate lock files to use latest dependency versions

🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prHourlyLimit for details.

Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR has been generated by Mend Renovate.

Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. 📚 See our [Reading List](https://docs.renovatebot.com/reading-list/) for relevant documentation you may be interested in reading. 🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to `renovate.json` in this branch. Renovate will update the Pull Request description the next time it runs. --- ### Detected Package Files * `apps/bridge-frontend/Dockerfile` (dockerfile) * `apps/bridge-whatsapp/Dockerfile` (dockerfile) * `apps/bridge-worker/Dockerfile` (dockerfile) * `apps/link/Dockerfile` (dockerfile) * `docker/buildx/Dockerfile` (dockerfile) * `docker/memcached/Dockerfile` (dockerfile) * `docker/nginx-proxy/Dockerfile` (dockerfile) * `docker/opensearch-dashboards/Dockerfile` (dockerfile) * `docker/opensearch/Dockerfile` (dockerfile) * `docker/postgresql/Dockerfile` (dockerfile) * `docker/redis/Dockerfile` (dockerfile) * `docker/signal-cli-rest-api/Dockerfile` (dockerfile) * `docker/zammad/Dockerfile` (dockerfile) * `.gitlab-ci.yml` (gitlabci) * `apps/bridge-frontend/package.json` (npm) * `apps/bridge-migrations/package.json` (npm) * `apps/bridge-whatsapp/package.json` (npm) * `apps/bridge-worker/package.json` (npm) * `apps/link/package.json` (npm) * `package.json` (npm) * `packages/bridge-common/package.json` (npm) * `packages/bridge-ui/package.json` (npm) * `packages/eslint-config/package.json` (npm) * `packages/jest-config/package.json` (npm) * `packages/logger/package.json` (npm) * `packages/signal-api/package.json` (npm) * `packages/typescript-config/package.json` (npm) * `packages/ui/package.json` (npm) * `packages/zammad-addon-bridge/package.json` (npm) * `packages/zammad-addon-common/package.json` (npm) * `packages/zammad-addon-hardening/package.json` (npm) * `pnpm-workspace.yaml` (npm) * `.nvmrc` (nvm) * `packages/zammad-addon-bridge/src/.ruby-version` (ruby-version) * `packages/zammad-addon-hardening/src/.ruby-version` (ruby-version) ### Configuration Summary Based on the default config's presets, Renovate will: - Start dependency updates only once this onboarding PR is merged - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests (except for nuget) directories. - Enable Renovate configuration migration PRs when needed. - Pin dependency versions for development dependencies. - Run lock file maintenance (updates) early Monday mornings. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Show all Merge Confidence badges for pull requests. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff - Correctly link to the source code for golang.org/x packages - Link to pkg.go.dev/... for golang.org/x packages' title - Pin `github-action` digests. - Pin Docker digests. - Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides. - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests (except for nuget) directories. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Show only the Age and Confidence Merge Confidence badges for pull requests. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff - Correctly link to the source code for golang.org/x packages - Link to pkg.go.dev/... for golang.org/x packages' title - Only update dependencies if vulnerabilities have been detected. - Show OpenSSF badge on pull requests. - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests (except for nuget) directories. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Show only the Age and Confidence Merge Confidence badges for pull requests. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff - Correctly link to the source code for golang.org/x packages - Link to pkg.go.dev/... for golang.org/x packages' title --- ### What to Expect With your current configuration, Renovate will create 6 Pull Requests: <details> <summary>Update dependency next to v15.5.18 [SECURITY]</summary> - Branch name: `renovate/npm-next-vulnerability` - Merge into: `main` - Upgrade [next](https://github.com/vercel/next.js) to `15.5.18` </details> <details> <summary>Update dependency kysely to v0.28.17 [SECURITY]</summary> - Branch name: `renovate/npm-kysely-vulnerability` - Merge into: `main` - Upgrade [kysely](https://github.com/kysely-org/kysely) to `0.28.17` </details> <details> <summary>Update dependency turbo to v2.9.14 [SECURITY]</summary> - Branch name: `renovate/npm-turbo-vulnerability` - Merge into: `main` - Upgrade [turbo](https://github.com/vercel/turborepo) to `2.9.14` </details> <details> <summary>Update dependency link-preview-js to v4 [SECURITY]</summary> - Branch name: `renovate/npm-link-preview-js-vulnerability` - Merge into: `main` - Upgrade [link-preview-js](https://github.com/OP-Engineering/link-preview-js) to `^4.0.0` </details> <details> <summary>Update pnpm to v10 [SECURITY]</summary> - Branch name: `renovate/npm-pnpm-vulnerability` - Merge into: `main` - Upgrade [pnpm](https://github.com/pnpm/pnpm) to `10.28.2` - Upgrade [pnpm](https://github.com/pnpm/pnpm) to `>=10.28.2` </details> <details> <summary>Lock file maintenance</summary> - Schedule: ["* 0-3 * * 1"] - Branch name: `renovate/lock-file-maintenance` - Merge into: `main` - Regenerate lock files to use latest dependency versions </details> 🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See [docs for `prHourlyLimit`](https://docs.renovatebot.com/configuration-options/#prhourlylimit) for details. --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-config-hash:502ebf825a4b902490bb68341c01d49048b946a2b88c07e246eaf78990775887-->
renovate added 1 commit 2026-05-20 09:26:53 +00:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/configure:renovate/configure
git checkout renovate/configure

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git checkout main
git merge --no-ff renovate/configure
git checkout renovate/configure
git rebase main
git checkout main
git merge --ff-only renovate/configure
git checkout renovate/configure
git rebase main
git checkout main
git merge --no-ff renovate/configure
git checkout main
git merge --squash renovate/configure
git checkout main
git merge --ff-only renovate/configure
git checkout main
git merge renovate/configure
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: sr2/link-stack#1
No description provided.
Delete branch "renovate/configure"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?