{"id":21894387,"url":"https://github.com/pocket/renovate-config","last_synced_at":"2026-01-28T22:37:01.927Z","repository":{"id":42668541,"uuid":"453802890","full_name":"Pocket/renovate-config","owner":"Pocket","description":"Renovate config for Pocket","archived":false,"fork":false,"pushed_at":"2024-11-26T22:24:33.000Z","size":36,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":14,"default_branch":"main","last_synced_at":"2025-04-07T22:04:24.268Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Pocket.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-30T21:10:32.000Z","updated_at":"2024-11-26T22:24:37.000Z","dependencies_parsed_at":"2024-11-26T23:33:15.666Z","dependency_job_id":null,"html_url":"https://github.com/Pocket/renovate-config","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Pocket/renovate-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pocket%2Frenovate-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pocket%2Frenovate-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pocket%2Frenovate-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pocket%2Frenovate-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Pocket","download_url":"https://codeload.github.com/Pocket/renovate-config/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Pocket%2Frenovate-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28853671,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T15:15:36.453Z","status":"ssl_error","status_checked_at":"2026-01-28T15:15:13.020Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-28T13:22:20.392Z","updated_at":"2026-01-28T22:37:01.898Z","avatar_url":"https://github.com/Pocket.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Renovate Config\n\nThis repository holds a re-usable configuration for [Renovate](https://www.whitesourcesoftware.com/free-developer-tools/renovate/) across Pocket.\n\n# Usage \n\nSet up a `renovate.json` in your repo's root directory with the following contents:\n\n```json\n{\n  \"extends\": [\n    \"github\u003ePocket/renovate-config\"\n  ]\n}\n```\n\nThis will use the default.json that is defined in this repository. [In the future we may have other json files representing different presets.](https://docs.renovatebot.com/config-presets/#github)\n\nYou also need to ensure the following:\n* [renovate](https://github.com/apps/renovate) is allowed on your repository\n* [renovate-approve](https://github.com/apps/renovate-approve) is allowed on your repository\n* All dependabot and auto-merge files are removed from your repository. While, not necessary, they will conflict with each other.\n* Allow auto-merge is enabled in your GitHub repository settings. While not necessary this will allow Renovate to use Github's default auto-merging strategy.\n* If you want support for Vulnerability Alerts, ensure that the `Dependency graph` and `Dependabot alerts` options are enabled in `Code security and analysis` for your repo. Checks for vulnerability alerts are based off dependabot alerts, which reference the [GitHub Advisory Database](https://github.com/advisories) for packages with reported vulnerabilities. Checks for dependencies with active advisories:\n  * Are performed freely at any time.\n  * Do not wait for release stability.\n  * Open PRs immediately, ignoring limits to the number of active PRs.\n  * Do not attempt to group dependencies.\n  * Are marked up differently from other PRs in order to enable driving alerts.\n    * Commit messages are appended with the string `[SECURITY]`.\n    * Branch names end with `*-vulnerability`\n\n\n# Testing\n\nRun the following to validate your renovate json\n\n`cp default.json5 renovate.json5 \u0026\u0026 npx --package renovate -c 'renovate-config-validator'`\n\nNote: We need to cp default.json5 because the renovate-validator only looks for files named renovate.\n\n# Default Preset\nBecause JSON doesn't support comments, this readme walks through all the options.\n\n## Extends\n\nConfig Block:\n```json\n{\n  \"extends\": [\n    \"config:base\",\n    \"group:recommended\",\n    \":semanticCommits\"\n  ]\n}\n```\n\n[Ref](https://docs.renovatebot.com/configuration-options/#extends)\n\n`\"config:base\"` - [Use a set of defaults defined by Renovate](https://docs.renovatebot.com/presets-config/#configbase)\n\n`\"group:recommended\"` - [Use a default group that will group monorepos and known packages that must be upgrade together, like apollo server together](https://docs.renovatebot.com/presets-config/#configbase)\n\n`\":semanticCommits\"` - [Use a default group that will enable semantic commits for production dependencies](https://docs.renovatebot.com/semantic-commits/#manually-enabling-or-disabling-semantic-commits)\n\n`\"workarounds:typesNodeVersioning\"` - [Use node versioning for @types/node](https://docs.renovatebot.com/presets-workarounds/#workaroundstypesnodeversioning)\n\n`\"preview:dockerCompose\"` - [Use docker-compose preview updating](https://docs.renovatebot.com/presets-preview/#previewdockercompose)\n\n## Labels\n\n`\"labels\": [\"dependencies\"],` - [Apply the label `dependencies` to all prs by renovate](https://docs.renovatebot.com/configuration-options/#labels)\n\n## Pin Digests\n\n`\"pinDigests\": true,` - [Pins docker images to their digest version so that if an upstream image is updated we get the pinned one and renovate will update the pinned version](https://docs.renovatebot.com/configuration-options/#labels)\n\n## Platform Automerge\n\n`\"platformAutomerge\": true,` - [Use github's automerge functionality if it is enabled, instead of Renovates auto-merging](https://docs.renovatebot.com/configuration-options/#platformautomerge)\n\n## Suppress Notifications\n\n`\"suppressNotifications\": [\"prIgnoreNotification\",\"onboardingClose\"],` - [Use this field to suppress various types of warnings and other notifications from Renovate](https://docs.renovatebot.com/configuration-options/#suppressnotifications)\n\n## Support Policy \n\n`\"supportPolicy\": \"lts\",` - Tells Renovate to prefer LTS releases of packages\n\n## Package Rules\n\nhttps://docs.renovatebot.com/configuration-options/#packagerules\n\nThe following are a set of custom package rules that we have enabled.\n\n### Docker\n\nFor each docker update, add the label `docker-update`\n\n```json\n{\n  \"matchDatasources\": [\"docker\"],\n  \"labels\": [\"docker-update\"]\n}\n```\n\n### NPM Stability\n\nFor all npm packages, make sure they have been around for at least 3 days. NPM packages can be pulled for up to 3 days after publishing.\n\n```json\n    {\n  \"matchDatasources\": [\"npm\"],\n  \"stabilityDays\": 3\n}\n```\n\n\n### Automerge Versions\n\nAuto merge patch, pinned, and digest updates.\n\nPatch are patch updates to all types of packages, docker images.\nPinned are updates to the repo to pin a package to it's currently installed version.\nDigest updates are updates to docker upstream images.\n\n```json    \n{\n  \"matchUpdateTypes\": [\"patch\", \"pin\", \"digest\"],\n  \"dependencyDashboardApproval\": false,\n  \"automerge\": true\n}\n```\n\n### Dependency Dashboard Minor/Major\n\nThis makes it so that Minor \u0026 Major versions of any package require a developer to click a checkbox on the issues to create a PR. \n\nThis helps reduce GitHub Notification noise for developers.\n\nhttps://docs.renovatebot.com/configuration-options/#dependencydashboardapproval\n\n```json    \n{\n  \"matchUpdateTypes\": [\"minor\", \"major\"],\n  \"dependencyDashboardApproval\": true\n}\n```\n\n\n### Automerge Dev\n\nAuto merge any type of dev dependencies. These are almost always safe.\n```json    \n{\n  \"matchDepTypes\": [\"devDependencies\"],\n  \"automerge\": true\n}\n```\n\n### Group CDKTF\n\nGroups all the CDKTF package updates together. This is because when CDKTF provider packages are updated they are almost always updated together and require the latest version of the CDKTF package. This also marks the commits as a fix type which will trigger a release.\n\n```json\n{\n  \"matchUpdateTypes\": [\"minor\", \"major\", \"patch\", \"pin\"],\n  \"separateMajorMinor\": false,\n  \"semanticCommitType\": \"fix\",\n  \"matchPackagePrefixes\": [\n    \"cdktf\",\n    \"cdktf-cli\",\n    \"constructs\",\n    \"@cdktf/\"\n  ],\n  \"groupName\": \"cdktf\"\n}\n```\n\n### Node Update\n\nMatch all the node packages in our repos at the same time and use the Node versioning scheme that is defined. The package names will match in any of the package managers (docker, npm, node).\n\n```json\n{\n  \"matchDatasources\": [\"docker\",\"node\",\"npm\"],\n  \"semanticCommitType\": \"ci\",\n  \"matchPackageNames\": [\"node\", \"circleci/node\", \"cimg/node\"],\n  \"versioning\": \"node\"\n}\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpocket%2Frenovate-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpocket%2Frenovate-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpocket%2Frenovate-config/lists"}