Added pnpmDedupe to Renovate postUpdateOptions

[9larsons]

Summary

• Renovate has been running zero lockfile dedupe since the repo moved off yarn. The shared tryghost/renovate-config preset passes yarnDedupeHighest, which yarn-deduplicate can't apply to pnpm-lock.yaml — so it's a silent no-op.
• Adding "postUpdateOptions": ["pnpmDedupe"] here makes Renovate run pnpm dedupe after every lockfile update. Renovate's array merge concats with the preset's value, so yarnDedupeHighest keeps being a harmless no-op until it's swapped upstream in tryghost/renovate-config.
• Expected to slightly reduce duplicated transitive versions in pnpm-lock.yaml over time, shrink the on-disk store, and reduce transitive-vuln exposure from stale versions.

Test plan

• First Renovate PR that touches pnpm-lock.yaml after merge runs pnpm dedupe as part of the update. Lockfile diff on that PR will likely be noisier than usual as accumulated duplicates collapse — that's expected, one-time.
• No change to package.json files. pnpm dedupe only consolidates within existing semver constraints.

Follow-up

• Upstream the swap in tryghost/renovate-config:quiet.json5 so other repos extending the preset benefit and the local override here can be removed.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9a634563-6b8a-4945-8144-52d10ef1a689

📥 Commits

Reviewing files that changed from the base of the PR and between 3eef843 and 5938639.

📒 Files selected for processing (1)

• .github/renovate.json5

---

Walkthrough

The .github/renovate.json5 configuration is modified to add a postUpdateOptions block that enables pnpmDedupe to execute after every lockfile update. This ensures transitive dependency versions are automatically deduplicated in the pnpm-lock.yaml file. Comments clarify how this configuration interacts with the shared preset's existing dedupe settings.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding pnpmDedupe to Renovate's postUpdateOptions configuration.
Description check	✅ Passed	The description is comprehensive and directly related to the changeset, explaining the motivation, implementation, expected outcomes, and test plan.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate-pnpm-dedupe

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}