Description
Following the initial implementation of Renovate, we need to update the configuration to align with best practices for stability, security, and reproducibility. The current setup uses config:base and rangeStrategy: bump, which does not fully meet our goals of deterministic builds and automated safe updates.
This update will introduce a stronger configuration based:pinAllExceptPeerDependencies for full pinning. This update will introduce a stronger configuration based on config:best-practices and pinning strategies, ensuring all dependencies are explicitly pinned and CI validates updates before merging.
- Enable lockfile maintenance.
- Disable automerge for minor/patch updates until CI passes.
- Confirm GitHub Actions workflow runs Renovate daily.
- Validate CI integration on Renovate PRs.
Description
Following the initial implementation of Renovate, we need to update the configuration to align with best practices for stability, security, and reproducibility. The current setup uses
config:baseandrangeStrategy: bump, which does not fully meet our goals of deterministic builds and automated safe updates.This update will introduce a stronger configuration
based:pinAllExceptPeerDependenciesfor full pinning. This update will introduce a stronger configuration based onconfig:best-practicesand pinning strategies, ensuring all dependencies are explicitly pinned and CI validates updates before merging.