Skip to content

Commit

Permalink
ci(renovate): disable pinning dependencies
Browse files Browse the repository at this point in the history 
We shouldn't pin dependencies unless we have to.

This is for two reasons:

- If a dependency has a security issue, users should be able to
  easily update the dependency, before `mermaid` makes a new release
- If using `mermaid.core.js` in an app, using a dependency range
  means that users can bundle less dependencies.
  E.g. they won't need to bundle `lodash@4.17.y` just becasue mermaid
  needs `lodash@4.17.x`.

For development/CI, our dependencies are pinned by pnpm-lock.yaml
file anyway.
  • Loading branch information
@aloisklink
aloisklink committed Oct 30, 2022
1 parent 7e6b67f commit da70aad
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion renovate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"matchUpdateTypes": ["minor", "patch", "digest"],
"automerge": true
}
],
Expand Down

0 comments on commit da70aad

Please sign in to comment.