Skip to content

Update Dependency Management Strategy to Use Renovate Best Practices #190

New issue
New issue
Closed
Task
#191
Closed
Update Dependency Management Strategy to Use Renovate Best Practices#190
Task
#191
Assignees
harryswift01
Labels
dependenciesPull requests that update a dependency filegithub_actionsPull requests that update GitHub Actions code
@harryswift01

Description

@harryswift01
harryswift01
opened on Nov 18, 2025

Description

Following the initial implementation of Renovate, we need to update the configuration to align with best practices for stability, security, and reproducibility. The current setup uses config:base and rangeStrategy: bump, which does not fully meet our goals of deterministic builds and automated safe updates.

This update will introduce a stronger configuration based:pinAllExceptPeerDependencies for full pinning. This update will introduce a stronger configuration based on config:best-practices and pinning strategies, ensuring all dependencies are explicitly pinned and CI validates updates before merging.

  • Enable lockfile maintenance.
  • Disable automerge for minor/patch updates until CI passes.
  • Confirm GitHub Actions workflow runs Renovate daily.
  • Validate CI integration on Renovate PRs.

Metadata

Metadata

Assignees

Labels

dependenciesPull requests that update a dependency filegithub_actionsPull requests that update GitHub Actions code

Type

Task

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions