From 7a380bad3846b99b104b73e1a45c71cc73e12933 Mon Sep 17 00:00:00 2001 From: Alan Agius <17563226+alan-agius4@users.noreply.github.com> Date: Mon, 10 Nov 2025 08:04:14 +0000 Subject: [PATCH] ci: require manual approval for NPM updates on non-main branches Previously, NPM updates were entirely disabled on branches other than main. This change modifies the Renovate configuration to require manual approval for these updates instead of disabling them. This allows for important bug fixes to be manually selected while preventing automatic updates. Additionally, the rule that groups all non-major dependencies for updates has been updated to explicitly apply only to the main branch. --- renovate-presets/default.json5 | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/renovate-presets/default.json5 b/renovate-presets/default.json5 index fdea98344..5620d6c2f 100644 --- a/renovate-presets/default.json5 +++ b/renovate-presets/default.json5 @@ -56,13 +56,15 @@ matchManagers: ['bazel', 'bazel-module', 'bazelisk'], }, - // Rule to disable NPM updates on branches other than 'main'. - // But allow updating engines and packageManagers. + // Rule to require manual approval for NPM updates on branches other than 'main'. + // This is to prevent auto updates to branches that are not the main branch. + // But, still allows the updates to be manually selected in case of an important bug fix. + // Engines and packageManagers are excluded from this rule. { - enabled: false, matchBaseBranches: ['!main'], - matchDepNames: ['!node', '!pnpm', '!npm', '!yarn'], + matchDepNames: ['*', '!node', '!pnpm', '!npm', '!yarn'], matchManagers: ['npm'], + dependencyDashboardApproval: true, }, // Group all non-major dependencies together for updates. @@ -71,6 +73,7 @@ matchDepNames: ['*', '!node', '!pnpm', '!npm', '!yarn'], matchUpdateTypes: ['digest', 'patch', 'minor'], matchManagers: ['npm'], + matchBaseBranches: ['main'], }, // ============================================================================