Skip to content

Migrate from Dependabot to Renovate#298

Merged
JeremyDev87 merged 1 commit intomasterfrom
feat/297
Feb 3, 2026
Merged

Migrate from Dependabot to Renovate#298
JeremyDev87 merged 1 commit intomasterfrom
feat/297

Conversation

@JeremyDev87
Copy link
Owner

@JeremyDev87 JeremyDev87 commented Feb 3, 2026

Migrate from Dependabot to Renovate

Summary

This PR replaces GitHub Dependabot with Renovate Bot for improved dependency management across our monorepo.

Changes

Added

  • renovate.json - Renovate configuration with 9 package rules

Removed

  • .github/dependabot.yml - Dependabot configuration (83 lines)

Configuration Details

Package Rules (9 rules)

Rule Scope Automerge Label
MCP Server Dev devDependencies minor/patch Yes dependencies
MCP Server Prod dependencies patch only Yes dependencies
Rules Package Dev devDependencies minor/patch Yes rules-package
Claude Code Plugin Dev devDependencies minor/patch Yes claude-code-plugin
Claude Code Plugin Prod dependencies patch only Yes claude-code-plugin
GitHub Actions minor/patch Actions minor/patch Yes github-actions
GitHub Actions major Actions major No github-actions
Security vulnerabilities Security category No security
Major updates All major versions No breaking-change

Feature Comparison

Feature Before (Dependabot) After (Renovate)
Automerge Not available Enabled for minor/patch
Dependency Dashboard Not available Enabled
Lock file maintenance Not available Monthly schedule
Security label Yes Yes (with manual review)
Grouping Basic dev/prod Advanced with presets

Schedule

  • Regular updates: Weekly on Monday before 9am (Asia/Seoul)
  • Lock file maintenance: Monthly on the 1st before 9am

Testing

  • JSON syntax validated with jq
  • All package paths verified to exist
  • Commit message prefixes match existing convention

Manual Steps Required

After merging this PR:

  1. Install Renovate GitHub App

  2. Verify Activation

    • Renovate will create a "Dependency Dashboard" issue
    • Or create a "Configure Renovate" onboarding PR

  3. Close Pending Dependabot PRs

    • Review and close any existing Dependabot PRs
    • They will be superseded by Renovate

Related

close #297

@JeremyDev87
chore(deps): migrate from Dependabot to Renovate
1cb3924 
- Add Renovate configuration for monorepo structure
- Configure package rules for 3 npm packages
- Enable GitHub Actions dependency updates
- Add automerge for minor/patch updates (dev & prod patch)
- Add security label for vulnerability updates (no automerge)
- Limit GitHub Actions major updates to manual review
- Enable dependency dashboard for visibility
- Add monthly lock file maintenance
- Remove Dependabot configuration

BREAKING CHANGE: Dependabot is no longer used for dependency updates.
Install Renovate GitHub App to activate automated dependency management.

close #297
@JeremyDev87 JeremyDev87 self-assigned this Feb 3, 2026
@JeremyDev87 JeremyDev87 marked this pull request as ready for review February 3, 2026 09:29
@JeremyDev87 JeremyDev87 merged commit 64cdfa9 into master Feb 3, 2026
@JeremyDev87 JeremyDev87 deleted the feat/297 branch February 3, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JeremyDev87 JeremyDev87

Labels

feat

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Migrate from Dependabot to Renovate

1 participant

@JeremyDev87