Skip to content

Configure Renovate #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 24, 2025
Merged

Configure Renovate #17

merged 2 commits into from
Oct 24, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 23, 2025
edited
Loading

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

  • pyproject.toml (pep621)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Hopefully safe environment variables to allow users to configure.
  • Show all Merge Confidence badges for pull requests.
  • Schedule during typical non-office hours on weekdays (i.e., 10 PM - 5 AM) and anytime on weekends.
  • Run Renovate on following schedule: * 0-4,22-23 * * 1-5,* * * * 0,6

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

What to Expect

With your current configuration, Renovate will create 1 Pull Request:

Lock file maintenance
  • Schedule: ["* 4 * * 1"]
  • Branch name: renovate/lock-file-maintenance
  • Merge into: main
  • Regenerate lock files to use latest dependency versions

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner October 23, 2025 18:01
ghukill
ghukill requested changes Oct 24, 2025
View reviewed changes
renovate.json Outdated
],
"dependencyDashboard": true,
"enabledManagers": [
"pipenv"
Copy link
Contributor

@ghukill ghukill Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be uv? or removed entirely?

Copy link
Contributor

@jonavellecuerdo jonavellecuerdo Oct 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, excellent catch! I do think it has to be set to:

"pep621"

See Renovate docs.

renovate bot and others added 2 commits October 24, 2025 14:52
@renovate @jonavellecuerdo
Configure Renovate
f19ba91
@jonavellecuerdo
Ignore vulnerability GHSA-4xh5-x5gv-qwph
a44d2e3 
Why these changes are being introduced:
The vulnerability GHSA-4xh5-x5gv-qwph is triggering an error
from pip-audit, but technically running python >= 3.12 is
sufficient to mitigate the risk.  Until pip releases a new
release, even though we have no risk, pip-audit will continue
to fail.

How this addresses that need:
* Explicitly ignores the vulnerability during vulnerability
scanning.

Side effects of this change:
* None

Relevant ticket(s):
* None
@jonavellecuerdo jonavellecuerdo merged commit 30d8f9f into main Oct 24, 2025
4 checks passed
@renovate renovate bot deleted the renovate/configure branch October 24, 2025 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonavellecuerdo jonavellecuerdo jonavellecuerdo left review comments

@ghukill ghukill ghukill approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ghukill @jonavellecuerdo