chore: configure updates for public-types only #7030
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zahin-mohammad
approved these changes
Sep 19, 2025
starfy84
approved these changes
Sep 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TICKET: DX-1800
The ticket provides automatic bumping of the BitGo public types dependency, which solves the issue of change lead time.
How the Package Rules Work
This configuration uses a principle of explicitly denying and then allowing updates.
Disable All npm Updates: The first rule with "matchManagers": ["npm"] and "enabled": false acts as a broad sweep. It tells Renovate to ignore all npm dependencies and not to create pull requests for them. This provides a baseline of security by preventing any unexpected or potentially malicious updates from being introduced without approval.
Enable a Specific Package: The second, more specific rule with "matchPackageNames": ["@bitgo/public-types"] and "enabled": true overrides the previous rule. Because Renovate processes rules in order, this rule is applied after the general one. It creates an exception, allowing automated updates only for the @bitgo/public-types package. This ensures that a critical dependency receives timely updates, while all others are manually controlled.