Configure Renovate #1

Merged

cswimr merged 1 commit from renovate/configure into main

2026-04-27 23:11:44 -04:00

Renovate bot commented

2026-04-18 14:02:04 -04:00

Member

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

Detected Package Files

.forgejo/workflows/actions.yaml (github-actions)
pyproject.toml (pep621)
renovate.json (renovate-config-presets)

Configuration Summary

Based on the default config's presets, Renovate will:

Start dependency updates only once this onboarding PR is merged
Enable Renovate Dependency Dashboard creation.
Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
Group known monorepo packages together.
Use curated list of recommended non-monorepo package groupings.
Show only the Age and Confidence Merge Confidence badges for pull requests.
Apply crowd-sourced package replacement rules.
Apply crowd-sourced workarounds for known problems with packages.
Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
Correctly link to the source code for golang.org/x packages
Link to pkg.go.dev/... for golang.org/x packages' title
Pin Docker digests.
Pin github-action digests.
Enable Renovate configuration migration PRs when needed.
Pin dependency versions for development dependencies.
Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
Run lock file maintenance (updates) early Monday mornings.

What to Expect

With your current configuration, Renovate will create 6 Pull Requests:

Update actions/setup-uv digest to d0cc045

Schedule: ["at any time"]
Branch name: renovate/actions-setup-uv-digest
Merge into: main
Upgrade actions/setup-uv to d0cc045d04ccac9d8b7881df0226f9e82c39688e

Update catthehacker/ubuntu:act-latest Docker digest to baa7466

Schedule: ["at any time"]
Branch name: renovate/catthehacker-ubuntu-act-latest
Merge into: main
Upgrade catthehacker/ubuntu to sha256:baa7466787828a2b006e0d765c4592ded1dda0159aa17a9cb93f99d6b64c5571

Update dependency basedpyright to ~=1.39.3

Schedule: ["at any time"]
Branch name: renovate/basedpyright-1.x
Merge into: main
Upgrade basedpyright to ~=1.39.3

Update dependency ruff to ~=0.15.12

Schedule: ["at any time"]
Branch name: renovate/ruff-0.x
Merge into: main
Upgrade ruff to ~=0.15.12

Update dependency typer to ~=0.25.0

Schedule: ["at any time"]
Branch name: renovate/typer-0.x
Merge into: main
Upgrade typer to ~=0.25.0

Lock file maintenance

Schedule: ["* 0-3 * * 1"]
Branch name: renovate/lock-file-maintenance
Merge into: main
Regenerate lock files to use latest dependency versions

🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prHourlyLimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR has been generated by Mend Renovate.

Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. 📚 See our [Reading List](https://docs.renovatebot.com/reading-list/) for relevant documentation you may be interested in reading. 🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to `renovate.json` in this branch. Renovate will update the Pull Request description the next time it runs. --- ### Detected Package Files * `.forgejo/workflows/actions.yaml` (github-actions) * `pyproject.toml` (pep621) * `renovate.json` (renovate-config-presets) ### Configuration Summary Based on the default config's presets, Renovate will: - Start dependency updates only once this onboarding PR is merged - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests (except for nuget) directories. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Show only the Age and Confidence Merge Confidence badges for pull requests. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff - Correctly link to the source code for golang.org/x packages - Link to pkg.go.dev/... for golang.org/x packages' title - Pin Docker digests. - Pin `github-action` digests. - Enable Renovate configuration migration PRs when needed. - Pin dependency versions for development dependencies. - Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides. - Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds. - Run lock file maintenance (updates) early Monday mornings. --- ### What to Expect With your current configuration, Renovate will create 6 Pull Requests: <details> <summary>Update actions/setup-uv digest to d0cc045</summary> - Schedule: ["at any time"] - Branch name: `renovate/actions-setup-uv-digest` - Merge into: `main` - Upgrade [actions/setup-uv](https://c.csw.im/actions/setup-uv) to `d0cc045d04ccac9d8b7881df0226f9e82c39688e` </details> <details> <summary>Update catthehacker/ubuntu:act-latest Docker digest to baa7466</summary> - Schedule: ["at any time"] - Branch name: `renovate/catthehacker-ubuntu-act-latest` - Merge into: `main` - Upgrade catthehacker/ubuntu to `sha256:baa7466787828a2b006e0d765c4592ded1dda0159aa17a9cb93f99d6b64c5571` </details> <details> <summary>Update dependency basedpyright to ~=1.39.3</summary> - Schedule: ["at any time"] - Branch name: `renovate/basedpyright-1.x` - Merge into: `main` - Upgrade [basedpyright](https://github.com/detachhead/basedpyright) to `~=1.39.3` </details> <details> <summary>Update dependency ruff to ~=0.15.12</summary> - Schedule: ["at any time"] - Branch name: `renovate/ruff-0.x` - Merge into: `main` - Upgrade [ruff](https://github.com/astral-sh/ruff) to `~=0.15.12` </details> <details> <summary>Update dependency typer to ~=0.25.0</summary> - Schedule: ["at any time"] - Branch name: `renovate/typer-0.x` - Merge into: `main` - Upgrade [typer](https://github.com/fastapi/typer) to `~=0.25.0` </details> <details> <summary>Lock file maintenance</summary> - Schedule: ["* 0-3 * * 1"] - Branch name: `renovate/lock-file-maintenance` - Merge into: `main` - Regenerate lock files to use latest dependency versions </details> 🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See [docs for `prHourlyLimit`](https://docs.renovatebot.com/configuration-options/#prhourlylimit) for details. --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

Renovate bot added 1 commit

2026-04-18 14:02:04 -04:00

Add renovate.json

Actions / Build (pull_request) Successful in 33s

Details

Actions / Lint (pull_request) Successful in 35s

Details

acbfb56410