Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure Renovate #1154

Merged
merged 4 commits into from
Nov 18, 2024
Merged

Configure Renovate #1154

merged 4 commits into from
Nov 18, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 15, 2024

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.


Detected Package Files

  • .github/workflows/ci.yml (github-actions)
  • dc-commons-file/pom.xml (maven)
  • dc-commons-jdbi/pom.xml (maven)
  • dc-commons-server/pom.xml (maven)
  • dc-commons-springaop/pom.xml (maven)
  • dc-commons-springboot/pom.xml (maven)
  • dc-commons-springdata/pom.xml (maven)
  • dc-commons-springmvc/pom.xml (maven)
  • dc-commons-springsecurity/pom.xml (maven)
  • dc-commons-validation/pom.xml (maven)
  • dc-commons-web/pom.xml (maven)
  • dc-commons-xml/pom.xml (maven)
  • dc-commons-yaml/pom.xml (maven)
  • pom.xml (maven)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Show all Merge Confidence badges for pull requests.
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Preserve (but continue to upgrade) any existing SemVer ranges.
  • Enable Renovate Dependency Dashboard creation.
  • Rebase existing PRs any time the base branch has been updated.
  • Raise PR when vulnerability alerts are detected with label 'security'.
  • Use curated list of recommended non-monorepo package groupings.
  • Run Renovate on following schedule: every weekend

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.


What to Expect

With your current configuration, Renovate will create 9 Pull Requests:

fix(deps): update dependency org.springframework.boot:spring-boot-actuator to v2.7.18 [security]
fix(deps): update dependency org.springframework.security:spring-security-core to v5.7.12 [security]
fix(deps): update dependency org.springframework.security:spring-security-web to v5.7.13 [security]
chore(deps): update dependency org.springframework:spring-webmvc to v6 [security]
chore(deps): update dependency org.yaml:snakeyaml to v2 [security]
  • Branch name: renovate/maven-org.yaml-snakeyaml-vulnerability
  • Merge into: main
  • Upgrade org.yaml:snakeyaml to 2.0
fix(deps): update dependency org.springframework:spring-context to v6 [security]
fix(deps): update dependency org.springframework:spring-web to v6 [security]
chore(deps): update all dependencies
chore(deps): update all dependencies (major)

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.


❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.


This PR was generated by Mend Renovate. View the repository job log.

@stefan-it stefan-it merged commit bb746e0 into main Nov 18, 2024
2 checks passed
@stefan-it stefan-it deleted the renovate/configure branch November 18, 2024 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant