Skip to content

fix(renovate): pin Renovate version ranges by default#70

Merged
DevSecNinja merged 5 commits intomainfrom
copilot/fix-version-tagging-renovate
May 3, 2026
Merged

fix(renovate): pin Renovate version ranges by default#70
DevSecNinja merged 5 commits intomainfrom
copilot/fix-version-tagging-renovate

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 3, 2026
edited
Loading

Pinned GitHub Actions digests could retain floating version comments like # v6. Renovate should expand floating ranges to concrete versions to avoid Zizmor findings.

  • Renovate base preset
    • Added rangeStrategy: "pin" to the shared Renovate base preset.
    • This makes Renovate replace floating version ranges with concrete versions by default for supported managers, including pinned GitHub Actions.
{
  pinDigests: true,
  rangeStrategy: "pin",
}

> [!WARNING]
>
>

Copilot AI linked an issue May 3, 2026 that may be closed by this pull request
fix(renovate): fix version tagging #69
Open
Copilot AI and others added 3 commits May 3, 2026 09:38
@DevSecNinja
fix(renovate): expand github action version tags
5a0ec75 
Agent-Logs-Url: https://github.com/DevSecNinja/.github/sessions/4bb589a4-a9f8-4014-8565-b4affac7c15a

Co-authored-by: DevSecNinja <14926452+DevSecNinja@users.noreply.github.com>
@DevSecNinja
fix(renovate): clarify action tag rule
18ba19e 
Agent-Logs-Url: https://github.com/DevSecNinja/.github/sessions/4bb589a4-a9f8-4014-8565-b4affac7c15a

Co-authored-by: DevSecNinja <14926452+DevSecNinja@users.noreply.github.com>
@DevSecNinja
fix(renovate): align action rule terminology
95b9041 
Agent-Logs-Url: https://github.com/DevSecNinja/.github/sessions/4bb589a4-a9f8-4014-8565-b4affac7c15a

Co-authored-by: DevSecNinja <14926452+DevSecNinja@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix version tagging for Renovate fix(renovate): expand GitHub Actions version ranges May 3, 2026
Copilot AI requested a review from DevSecNinja May 3, 2026 09:40
@DevSecNinja
Copy link
Copy Markdown
Owner

DevSecNinja commented May 3, 2026

@copilot Wouldn't this be a good default for all packages that Renovate manages?

@DevSecNinja
fix(renovate): default to pinned ranges
159c111 
Agent-Logs-Url: https://github.com/DevSecNinja/.github/sessions/d7c4fa6b-74d6-45cf-9082-da5fb0df538f

Co-authored-by: DevSecNinja <14926452+DevSecNinja@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 3, 2026

@copilot Wouldn't this be a good default for all packages that Renovate manages?

Yes — I moved rangeStrategy: "pin" into the shared Renovate base preset so it applies as the default across Renovate-managed packages, and removed the GitHub Actions-specific rule. Addressed in 159c111.

Copilot AI changed the title fix(renovate): expand GitHub Actions version ranges fix(renovate): pin Renovate version ranges by default May 3, 2026
@DevSecNinja DevSecNinja marked this pull request as ready for review May 3, 2026 10:08
@DevSecNinja DevSecNinja merged commit 1cf2a9c into main May 3, 2026
13 checks passed
@devsecninja-release-please devsecninja-release-please Bot mentioned this pull request May 3, 2026
Merged
@DevSecNinja DevSecNinja mentioned this pull request May 3, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DevSecNinja DevSecNinja Awaiting requested review from DevSecNinja DevSecNinja is a code owner

Assignees

@DevSecNinja DevSecNinja

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(renovate): fix version tagging

2 participants

@DevSecNinja