-
Notifications
You must be signed in to change notification settings - Fork 2k
/
renovate.json5
173 lines (173 loc) · 7.44 KB
/
renovate.json5
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
{
extends: [
"github>apollographql/renovate-config-apollo-open-source:default.json5",
"group:monorepos",
"group:jestPlusTSJest",
"group:jestPlusTypes",
],
// Override this value set in apollo-open-source back to the default.
// It's nice to be able to see PRs for everything in the Dependency Dashboard.
prCreation: "immediate",
// Disable circleci manager; see apollographql/federation's renovate file for details.
enabledManagers: ["npm"],
dependencyDashboard: true,
// It seems like a nice idea to let Renovate use GitHub's native "automerge" since PRs
// can get merged between Renovate runs. The downsides are:
// - Renovate doesn't seem to set up the automerges to use squash-and-merge (this is
// likely going to be fixed, see eg https://github.com/renovatebot/renovate/issues/12290)
// - When Renovate does the merge itself, it does its best to ensure that the PR is fully
// rebased on main so that the CI that ran is based on main rather than a possibly slightly
// old branch point. GH auto-merge doesn't have that property so it's a bit more likely that
// a deps update could break the build if there are recent related changes.
platformAutomerge: false,
packageRules: [
// Bunch up all non-major dependencies into a single PR. In the common case
// where the upgrades apply cleanly, this causes less noise and is resolved faster
// than starting a bunch of upgrades in parallel for what may turn out to be
// a suite of related packages all released at once.
{
groupName: "all non-major dependencies",
matchUpdateTypes: ["patch", "minor"],
groupSlug: "all-minor-patch",
},
// TypeScript minor versions don't follow semver, and typically require a
// few changes on our end to take the upgrade. Break them out from the
// all-minor-patch group so they don't block other upgrades.
{
groupName: "typescript",
matchPackageNames: ["typescript"],
matchUpdateTypes: ["minor"],
},
// Also, we're currently stuck at v5.4.x because v5.5 ships a lib.dom.d.ts
// that's incompatible with `@types/node@14` which we are pinning until we
// drop Node v14 support. See
// https://github.com/DefinitelyTyped/DefinitelyTyped/issues/66617
{
matchPackageNames: ["typescript"],
allowedVersions: "5.4.x",
},
// The testsuite depends directly on the tests in `graphql-http`.
// Because of this, updates to `graphql-http` affect the contents of
// published packages, require a changeset, and cannot be auto-merged.
// So we split it into its own Renovate PRs so that it doesn't block
// other upgrades.
{
groupName: "graphql-http",
matchPackageNames: ["graphql-http"],
matchFileNames: ["packages/integration-testsuite/package.json"],
rangeStrategy: "pin",
},
// We want the testsuite to explicitly pin the version of @apollo/server
// since they are supposed to be in lockstep.
{
matchPackageNames: ["@apollo/server"],
matchFileNames: ["packages/integration-testsuite/package.json"],
rangeStrategy: "pin",
},
// We need to support Node v14, so we don't allow ourselves to use type definitions
// that would let us write v16-specific code.
{
matchPackageNames: ["@types/node"],
allowedVersions: "14.x"
},
// lru-cache@8 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["lru-cache"],
allowedVersions: "7.x"
},
// @apollo/utils@3 drop support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["/^@apollo/utils/"],
allowedVersions: "2.x"
},
// @graphql-codegen@4 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["/^@graphql-codegen/"],
allowedVersions: "3.x"
},
// @graphql-tools/mock@8 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["@graphql-tools/mock"],
allowedVersions: "8.x"
},
// @graphql-tools/schema@9 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["@graphql-tools/schema"],
allowedVersions: "9.x"
},
// @typescript-eslint@6 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["/^@typescript-eslint/"],
allowedVersions: "5.x"
},
// cspell@7 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["cspell"],
allowedVersions: "6.x",
},
// whatwg-mimetype@4 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["whatwg-mimetype"],
allowedVersions: "3.x",
},
// node-fetch v3 only ships as ESM. We currently build as both CommonJS and
// ESM, so let's stay on v2.
// (Once we drop support for node older than v18, we can switch our default
// fetch implementation to be Node's built-in implementation and drop this
// very old node-fetch implementation.)
{
matchPackageNames: ["node-fetch", "@types/node-fetch"],
allowedVersions: "2.x"
},
{
// Major upgrade rollup plugins along with rollup itself.
matchSourceUrls: ["https://github.com/rollup/{/,}**"],
matchUpdateTypes: ["major"],
groupName: "rollup",
},
// rollup@4 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["rollup"],
allowedVersions: "3.x",
},
// eslint@9 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["eslint"],
allowedVersions: "8.x",
},
// uuid@10 drops support for node v14. We can take this when we drop node
// v14 support. (This isn't in the engines property, but they made this
// change in https://github.com/uuidjs/uuid/pull/750 and then later started
// using the new-in-v16 `??=` operator.)
{
matchPackageNames: ["uuid", "@types/uuid"],
allowedVersions: "9.x",
},
// negotiator@1 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["negotiator"],
allowedVersions: "0.x",
},
// npm@10 drops support for node v14. We can take this when we drop node v14 support.
{
matchPackageNames: ["npm"],
allowedVersions: "9.x",
},
// We specifically provide a first-party integration (`expressMiddleware`
// imported from `@apollo/server/express4`) for Express v4 because it is the
// most common web framework. (Additionally, as an internal implementation
// detail, it is what powers `startStandaloneServer`, though users of that
// function should not rely on anything other than that it uses standard
// Node `http` request and response objects.) It is easy to build
// integrations for other web servers, including Express v5, which is not
// yet as popular as Express v4. So we don't plan to provide a built-in
// Express v5 implementation any time soon (most likely as part of a new
// major version); we appreciate the simplicity of a build system that only
// installs one version of any given practice. See
// https://github.com/apollographql/apollo-server/issues/7928.
{
matchPackageNames: ["express", "@types/express", "@types/express-serve-static-core"],
allowedVersions: "4.x",
},
]
}