Configure Renovate by renovate[bot] · Pull Request #22 · stacklok/demo-repo-js

renovate · 2025-08-06T13:23:22Z

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

Dockerfile (dockerfile)
Dockerfile.static (dockerfile)
.github/workflows/build-binary-signed-ghat-malicious.yml (github-actions)
.github/workflows/build-binary-signed-ghat.yml (github-actions)
.github/workflows/build-binary-unsigned.yml (github-actions)
.github/workflows/build-image-signed-cosign-malicious.yml (github-actions)
.github/workflows/build-image-signed-cosign-static-copied.yml (github-actions)
.github/workflows/build-image-signed-cosign-static.yml (github-actions)
.github/workflows/build-image-signed-cosign.yml (github-actions)
.github/workflows/build-image-signed-ghat-malicious.yml (github-actions)
.github/workflows/build-image-signed-ghat-static-copied.yml (github-actions)
.github/workflows/build-image-signed-ghat-static.yml (github-actions)
.github/workflows/build-image-signed-ghat.yml (github-actions)
.github/workflows/build-image-unsigned.yml (github-actions)
.github/workflows/npm-gulp.yml (github-actions)
package.json (npm)

Configuration Summary

Based on the default config's presets, Renovate will:

Start dependency updates only once this onboarding PR is merged
Hopefully safe environment variables to allow users to configure.
Show all Merge Confidence badges for pull requests.
Enable Renovate Dependency Dashboard creation.
Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
Group known monorepo packages together.
Use curated list of recommended non-monorepo package groupings.
Show only the Age and Confidence Merge Confidence badges for pull requests.
Apply crowd-sourced package replacement rules.
Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 25 Pull Requests:

Update dependency next to v14.2.30 [SECURITY]

Branch name: renovate/npm-next-vulnerability
Merge into: main
Upgrade next to 14.2.30

Update actions/checkout digest to 8edcb1b

Schedule: ["at any time"]
Branch name: renovate/actions-checkout-digest
Merge into: main
Upgrade actions/checkout to 8edcb1bdb4e267140fa742c62e395cd74f332709

Update docker/build-push-action digest to 55146d9

Schedule: ["at any time"]
Branch name: renovate/docker-build-push-action-digest
Merge into: main
Upgrade docker/build-push-action to 55146d969b0dff1a5c12630229609757af5b1081

Update docker/login-action digest to 184bdaa

Schedule: ["at any time"]
Branch name: renovate/docker-login-action-digest
Merge into: main
Upgrade docker/login-action to 184bdaa0721073962dff0199f1fb9940f07167d1

Update docker/metadata-action digest to c1e5197

Schedule: ["at any time"]
Branch name: renovate/docker-metadata-action-digest
Merge into: main
Upgrade docker/metadata-action to c1e51972afc2121e065aed6d45c65596fe445f3f

Update docker/setup-buildx-action digest to 774224a

Schedule: ["at any time"]
Branch name: renovate/docker-setup-buildx-action-digest
Merge into: main
Upgrade docker/setup-buildx-action to 774224adf69ca8de2e87f0afc9ef26b0e4dc8072

Update Node.js to e8e882c

Schedule: ["at any time"]
Branch name: renovate/docker.io-library-node-alpine
Merge into: main
Upgrade docker.io/library/node to sha256:e8e882c692a08878d55ec8ff6c5a4a71b3edca25eda0af4406e2a160d8a93cf2

Update actions/attest-build-provenance action to v1.4.4

Schedule: ["at any time"]
Branch name: renovate/actions-attest-build-provenance-1.x
Merge into: main
Upgrade actions/attest-build-provenance to v1.4.4

Update dependency autoprefixer to v10.4.21

Schedule: ["at any time"]
Branch name: renovate/autoprefixer-10.x
Merge into: main
Upgrade autoprefixer to 10.4.21

Update dependency @types/node to v20.19.9

Schedule: ["at any time"]
Branch name: renovate/node-20.x
Merge into: main
Upgrade @types/node to 20.19.9

Update dependency eslint to v8.57.1

Schedule: ["at any time"]
Branch name: renovate/eslint-monorepo
Merge into: main
Upgrade eslint to 8.57.1

Update dependency eslint-config-next to v13.5.11

Schedule: ["at any time"]
Branch name: renovate/nextjs-monorepo
Merge into: main
Upgrade eslint-config-next to 13.5.11

Update dependency postcss to v8.5.6

Schedule: ["at any time"]
Branch name: renovate/postcss-8.x
Merge into: main
Upgrade postcss to 8.5.6

Update dependency tailwindcss to v3.4.17

Schedule: ["at any time"]
Branch name: renovate/tailwindcss-monorepo
Merge into: main
Upgrade tailwindcss to 3.4.17

Update dependency typescript to v5.9.2

Schedule: ["at any time"]
Branch name: renovate/typescript-5.x
Merge into: main
Upgrade typescript to 5.9.2

Update react monorepo

Schedule: ["at any time"]
Branch name: renovate/react-monorepo
Merge into: main
Upgrade @types/react to 18.3.23
Upgrade @types/react-dom to 18.3.7
Upgrade react to 18.3.1
Upgrade react-dom to 18.3.1

Update sigstore/cosign-installer action to v3.9.2

Schedule: ["at any time"]
Branch name: renovate/sigstore-cosign-installer-3.x
Merge into: main
Upgrade sigstore/cosign-installer to v3.9.2

Update actions/attest-build-provenance action to v2

Schedule: ["at any time"]
Branch name: renovate/actions-attest-build-provenance-2.x
Merge into: main
Upgrade actions/attest-build-provenance to v2.4.0

Update actions/checkout action to v4

Schedule: ["at any time"]
Branch name: renovate/actions-checkout-4.x
Merge into: main
Upgrade actions/checkout to v4

Update actions/setup-node action to v4

Schedule: ["at any time"]
Branch name: renovate/actions-setup-node-4.x
Merge into: main
Upgrade actions/setup-node to v4

Update dependency @types/node to v22

Schedule: ["at any time"]
Branch name: renovate/node-22.x
Merge into: main
Upgrade @types/node to 22.17.0

Update dependency eslint to v9

Schedule: ["at any time"]
Branch name: renovate/major-eslint-monorepo
Merge into: main
Upgrade eslint to 9.32.0

Update dependency eslint-config-next to v15

Schedule: ["at any time"]
Branch name: renovate/major-nextjs-monorepo
Merge into: main
Upgrade eslint-config-next to 15.4.5

Update dependency tailwindcss to v4

Schedule: ["at any time"]
Branch name: renovate/major-tailwindcss-monorepo
Merge into: main
Upgrade tailwindcss to 4.1.11

Update react monorepo to v19 (major)

Schedule: ["at any time"]
Branch name: renovate/major-react-monorepo
Merge into: main
Upgrade @types/react to 19.1.9
Upgrade @types/react-dom to 19.1.7
Upgrade react to 19.1.1
Upgrade react-dom to 19.1.1

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

Add renovate.json

0ada46e

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Configure Renovate#22

Configure Renovate#22
renovate[bot] wants to merge 1 commit intomainfrom
renovate/configure

renovate bot commented Aug 6, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Aug 6, 2025

Detected Package Files

Configuration Summary

What to Expect

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants