Configure Renovate
Welcome to Renovate! This is an onboarding MR to help you understand and configure settings before regular Merge Requests begin.
Detected Package Files
-
.gitlab-ci.yml
(gitlabci) -
pom.xml
(maven) -
sonar-maven-backend/pom.xml
(maven) -
sonar-maven-frontend/pom.xml
(maven)
Configuration Summary
Based on the default config's presets, Renovate will:
- Start dependency updates only once this onboarding MR is merged
- Enable Renovate Dependency Dashboard creation.
- Use semantic commit type
fix
for dependencies andchore
for all others if semantic commits are in use. - Ignore
node_modules
,bower_components
,vendor
and various test/tests (except for nuget) directories. - Group known monorepo packages together.
- Use curated list of recommended non-monorepo package groupings.
- Apply crowd-sourced package replacement rules.
- Apply crowd-sourced workarounds for known problems with packages.
- Pin Docker digests.
- Pin
github-action
digests. - Enable Renovate configuration migration MRs when needed.
- Pin dependency versions for
devDependencies
. - Raise MR when vulnerability alerts are detected with label
'security'
.
renovate.json
in this branch. Renovate will update the Merge Request description the next time it runs.
What to Expect
With your current configuration, Renovate will create 2 Merge Requests:
Pin maven Docker tag to 5092873
- Schedule: ["at any time"]
- Branch name:
renovate/pin-dependencies
- Merge into:
main
- Upgrade maven to
sha256:5092873778f0495464c1151df8f5c2e01a09ba37d931be719cbc1fc0f4559a07
Update maven Docker tag to v3.9.9
- Schedule: ["at any time"]
- Branch name:
renovate/maven-3.x
- Merge into:
main
- Upgrade maven to
sha256:d4f3b77119ae1afcdf00276083416d58fd9c69929400cea3595eba8965b6ae6f
⚠ ️ WarningPlease correct - or verify that you can safely ignore - these dependency lookup failures before you merge this MR.
Failed to look up maven package demo.sonar:sonar-maven
Files affected:
sonar-maven-backend/pom.xml
,sonar-maven-frontend/pom.xml
This MR has been generated by Renovate Bot.