Configure Renovate#8210
Open
renovate[bot] wants to merge 18 commits into
Open
Conversation
|
nebasuke
added
no changeset needed
Contributor
hardhatTotal size of the bundle: List of dependencies (sorted by size) |
Member
|
@alcuadrado this in a quite good place now. A few notes/caveats:
|
Author
Branch Conflicted |
- Weekly Monday schedule, 7d cooldown, 30d for majors - npm: group minor/patch, ungroup pre-1.0 minors (^0.x.y resolves like ~0.x.y, so 0.x→0.y is breaking) - github-actions: group all - @types/node: no automatic major bumps - Disable in-repo dependency dashboard issue (Mend web dashboard covers it)
Schema validation plus a full extraction dry-run. Catches malformed rules and silent matchPackageNames vs matchDepNames mismatches before they merge.
Renovate proposes `@tsconfig/node22` → `@tsconfig/node24` as a 'replacement' update — that's a Node major bump in disguise (Node major is encoded in the package name). Group it with the @types/node manual-bump exception.
- ignorePaths: fixture-projects + Hardhat templates (test scenarios pin versions deliberately; v2/v3 fixtures shouldn't auto-bump) - Block Node majors across nvm, npm engines.node, @types/node, and actions/setup-node node-version (all surface as depName 'node' or '@types/node') - Restructure @tsconfig/nodeXX rule into its own block now that Node major handling moved - Block typescript major bumps (cascades to typescript-eslint and consumers of Hardhat's TS-aware APIs) - Disable @NomicFoundation/edr (tightly coupled to Hardhat releases, rides a -next.N prerelease cadence) - Group vite + @vitejs/plugin-react (peer-dep relationship)
chai is reachable as a public API surface via @nomicfoundation/hardhat-chai-matchers — a major chai bump propagates breaking matcher behaviour to downstream test suites, so handle it as a coordinated decision rather than a Monday auto-bump. Minor/patch within the current major still flow through.
Same reasoning: hardhat-ethers and hardhat-viem re-export their host libraries as a public API surface. A major bump propagates breaking changes to downstream user code, so handle as coordinated decisions rather than Monday auto-bumps. Minor/patch keep flowing.
Renovate's npm manager already skips workspace: deps natively (confirmed via dry-run extraction — they don't appear at all), but adding the explicit rule documents the intent for future maintainers. Suggested by the main hardhat repo owner.
peerDeps are a compatibility contract, not an installed dep. Bumping them is a deliberate API decision tied to a plugin major, not a routine auto-update. Suggested by the main hardhat repo owner.
config:recommended does not include helpers:pinGitHubActionDigests by default — explicitly extending it so Renovate emits SHA + version comment pins for actions (e.g. actions/checkout@<sha> # v6) instead of plain tag pins. On first run Renovate will open one-time 'pin' PRs converting existing tag pins (actions/checkout@v5 etc.) to SHA + comment form. Subsequent updates bump the SHA and comment together.
Each of these is declared as a peerDependency in at least one workspace package and also appears as a dep/devDep in others. Without a major-block Renovate would bump the dep entries while the peerDep contract stays pinned, causing drift between install-time contract and build/test surface. Also rewords the packageRules descriptions for reviewer-friendliness.
- @ledgerhq/* are versioned in lockstep upstream with inter-package deps - eslint + plugins + typescript-eslint move together at the config level - Auto-add 'no docs needed' and 'no peer bump needed' labels to every Renovate PR (these are universally true: Renovate doesn't touch docs/ and peerDependencies bumps are disabled). Changeset decision is left per-PR — the maintainer adds a changeset or 'no changeset needed' label as appropriate.
The previous globs only matched fixture-projects directly under test/ or test-integrations/. Several packages nest fixtures deeper (e.g. packages/hardhat/test/internal/core/plugins/fixture-projects/), which slipped through. Collapsing into a single **/fixture-projects/** glob catches everything regardless of nesting.
Other small "check_" jobs in ci.yml use snake_case IDs (check_dependencies, check_npm_scripts, check_infra_scripts_tests). Renaming for consistency.
Now part of the required 'ci' status check rather than a separate job that could fail without blocking a merge.
- Revert the ci-aggregate wiring (the three sibling check_* jobs are standalone; matching the pattern) - Add is-v3 gating like the others (renovate.json only exists on main, so the gate skips this check cleanly on v2 PRs) - Use actions/setup-node and drop the now-redundant explicit permissions block to mirror the surrounding jobs
nebasuke
force-pushed
the
renovate/configure
branch
from
f0ef750 to
f0437b0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
📚 See our Reading List for relevant documentation you may be interested in reading.
🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to
renovate.jsonin this branch. Renovate will update the Pull Request description the next time it runs.Detected Package Files
.devcontainer/devcontainer.json(devcontainer).github/actions/setup-env/action.yml(github-actions).github/workflows/add-label-to-new-issue.yml(github-actions).github/workflows/autoassign-issues.yml(github-actions).github/workflows/autoassign-prs.yml(github-actions).github/workflows/cache.yml(github-actions).github/workflows/check-changeset-added.yml(github-actions).github/workflows/check-links-to-docs.yml(github-actions).github/workflows/check-peer-bumps.yml(github-actions).github/workflows/check-v2-with-latest-dependencies.yml(github-actions).github/workflows/check-v3-with-latest-dependencies.yml(github-actions).github/workflows/ci.yml(github-actions).github/workflows/deploy-website-on-release.yml(github-actions).github/workflows/lock.yml(github-actions).github/workflows/regression-tests.yml(github-actions).github/workflows/release.yml(github-actions).github/workflows/spellcheck.yml(github-actions)package.json(npm)packages/config/package.json(npm)packages/example-project/package.json(npm)packages/hardhat-errors/package.json(npm)packages/hardhat-ethers-chai-matchers/package.json(npm)packages/hardhat-ethers/package.json(npm)packages/hardhat-foundry/package.json(npm)packages/hardhat-ignition-ethers/package.json(npm)packages/hardhat-ignition-viem/package.json(npm)packages/hardhat-ignition/package.json(npm)packages/hardhat-keystore/package.json(npm)packages/hardhat-ledger/package.json(npm)packages/hardhat-mocha/package.json(npm)packages/hardhat-network-helpers/package.json(npm)packages/hardhat-node-test-reporter/package.json(npm)packages/hardhat-node-test-runner/package.json(npm)packages/hardhat-solx/package.json(npm)packages/hardhat-test-utils/package.json(npm)packages/hardhat-toolbox-mocha-ethers/package.json(npm)packages/hardhat-toolbox-viem/package.json(npm)packages/hardhat-typechain/package.json(npm)packages/hardhat-utils/package.json(npm)packages/hardhat-vendored/package.json(npm)packages/hardhat-verify/package.json(npm)packages/hardhat-viem-assertions/package.json(npm)packages/hardhat-viem/package.json(npm)packages/hardhat-zod-utils/package.json(npm)packages/hardhat/package.json(npm)packages/ignition-core/package.json(npm)packages/ignition-ui/package.json(npm)packages/template-package/package.json(npm)pnpm-workspace.yaml(npm).nvmrc(nvm)packages/config/tsconfig.base.json(regex)Configuration Summary
Based on the default config's presets, Renovate will:
fixfor dependencies andchorefor all others if semantic commits are in use.node_modules,bower_components,vendorand various test/tests (except for nuget) directories.github-actiondigests.What to Expect
With your current configuration, Renovate will create 38 Pull Requests:
chore(deps): update dependency mermaid to v10.9.4 [security]
renovate/npm-mermaid-vulnerabilitymain10.9.4chore(deps): update dependency undici to v6.24.0 [security]
renovate/npm-undici-vulnerabilitymain6.24.0fix(deps): update dependency lodash-es to v4.18.1 [security]
renovate/npm-lodash-es-vulnerabilitymain4.18.1chore(deps): update dependency vite to v6 [security]
renovate/npm-vite-vulnerabilitymain^6.0.0chore(deps): pin dependencies
renovate/github-actionsmain0057852bfaa89a56745cba8c7296529d2fc3983093cb6efe18208431cddfb8368fd83d5badbf9bfd634f93cb2916e3fdff6788551b99b062d0335ce0d3f86a106a0bac45b974a628896c90dbdf5c8093f28e40c7f34bde8b3046d885e986cb6290c5673b49933ea5288caeca8642d1e84afbd3f7d6820020a0853c24544627f65ddf259abe73b1d18a591444ea165f8d65b6e75b540449e92b4886f43607fa02d1c1ffe0248fe513906c8e24db8ea791d46f859029eef336d9b2848a0b548edc03f92a220660cdb8773744901bac0e8cbb5a0dc842800d45e9b2b405b906affcce14559ad1aafd4ab0e942779e9f58b1fcfb566f8b0aab22203f066d80ca1d7e4b5d05b3chore(deps): update dependency @changesets/changelog-github to ^0.7.0
renovate/changesets-changelog-github-0.xmain^0.7.0chore(deps): update eslint-stack
renovate/eslint-stackmain4.7.19.39.44.4.42.32.03.4.016.5.08.59.1chore(deps): update ledgerhq
renovate/ledgerhqmain6.34.01.12.46.47.16.35.16.33.16.105.0fix(deps): update dependency adm-zip to ^0.5.0
renovate/adm-zip-0.xmain^0.5.0fix(deps): update dependency micro-eth-signer to ^0.18.0
renovate/micro-eth-signer-0.xmain^0.18.0fix(deps): update npm minor/patch
renovate/npm-minorpatchmain2.31.05.8.05.2.107.58.71.3.01.8.05.6.19.47.122.0.50.5.82.0.422.19.1724.12.218.3.285.1.369.8.06.16.01.3.0v1.16.110.2.011.7.512.3.07.0.410.33.23.8.36.30.35.30.15.3.114.21.0~5.9.06.5.22.48.82.3.38.20.0chore(deps): update dependency @vitejs/plugin-react to v6
renovate/major-vitemain^6.0.0chore(deps): update dependency c8 to v11
renovate/c8-11.xmain^11.0.0chore(deps): update dependency cross-env to v10
renovate/cross-env-10.xmain10.1.0chore(deps): update dependency cspell to v10
renovate/major-cspell-monorepomain10.0.0chore(deps): update dependency globals to v17
renovate/major-eslint-stackmain17.4.0chore(deps): update dependency nyc to v18
renovate/nyc-18.xmain18.0.0chore(deps): update dependency react-router-dom to v7
renovate/major-react-router-monorepomain7.14.0chore(deps): update dependency react-tooltip to v6
renovate/react-tooltip-6.xmain^6.0.0chore(deps): update dependency rimraf to v6
renovate/rimraf-6.xmain^6.0.0chore(deps): update dependency sinon to v21
renovate/sinon-21.xmain^21.0.0^21.0.0chore(deps): update dependency styled-components to v6
renovate/styled-components-6.xmain6.4.0chore(deps): update ghcr.io/devcontainers/features/node docker tag to v2
renovate/ghcr.io-devcontainers-features-node-2.xmain2chore(deps): update github-actions (major)
renovate/major-github-actionsmain668228422ae6a00e4ad889ee87cd7109ec5666a7de0fac2e4500dabe0009e67214ff5f5447ce83dd3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c3a2844b7e9c422d3c10d287c895573f7108da1b353b83947a5a98c8d113130e565377fae1a50d02f043fb46d1a93c77aae656e7c1c64a875d1fc6a0a7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7fbd0ab8f3e69293af611ebaee6363fc25e6d187d0ea0beb66eb9baf113663a64ec522f60e49231c008c4be7e2e672a47d11bd04269e27e5f3e8529cbaf78098f536edbc4de71162a307590698245be95chore(deps): update pnpm to v11
renovate/pnpm-11.xmain11.0.9chore(deps): update react monorepo to v19 (major)
renovate/major-react-monorepomain^19.0.0^19.0.0^19.0.0^19.0.0fix(deps): update dependency @actions/core to v3
renovate/actions-core-3.xmain^3.0.0fix(deps): update dependency @ledgerhq/hw-app-eth to v7
renovate/major-ledgerhqmain^7.0.0fix(deps): update dependency @noble/ciphers to v2
renovate/noble-ciphers-2.xmain2.1.1fix(deps): update dependency @noble/hashes to v2
renovate/noble-hashes-2.xmain2.0.1fix(deps): update dependency @sentry/core to v10
renovate/major-sentry-javascript-monorepomain^10.0.0fix(deps): update dependency cbor2 to v2
renovate/cbor2-2.xmain^2.0.0fix(deps): update dependency chokidar to v5
renovate/chokidar-5.xmain^5.0.0fix(deps): update dependency env-paths to v4
renovate/env-paths-4.xmain^4.0.0fix(deps): update dependency ethereum-cryptography to v3
renovate/ethereum-cryptography-3.xmain^3.0.0fix(deps): update dependency fast-equals to v6
renovate/fast-equals-6.xmain^6.0.0fix(deps): update dependency immer to v11
renovate/immer-11.xmain11.1.4fix(deps): update dependency jest-diff to v30
renovate/major-jest-monorepomain^30.0.0🚸 PR creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for
prHourlyLimitfor details.❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.
This PR was generated by Mend Renovate. View the repository job log.