chore: configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• .github/workflows/build.yml (github-actions)
• .github/workflows/check-release.yml (github-actions)
• .github/workflows/ci.yml (github-actions)
• .github/workflows/prep-release.yml (github-actions)
• .github/workflows/publish-release.yml (github-actions)
• .github/workflows/update-integration-tests.yml (github-actions)
• package.json (npm)
• ui-tests/package.json (npm)
• pyproject.toml (pep621)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 9 Pull Requests:

chore(deps): pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/github-actions
• Merge into: main
• Upgrade actions/checkout to 08eba0b27e820071cde6df949e0beb9ba4906955
• Upgrade actions/checkout to ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493
• Upgrade actions/create-github-app-token to d72941d797fd3113feb6b93fd0dec494b13a2547
• Upgrade actions/download-artifact to d3f86a106a0bac45b974a628896c90dbdf5c8093
• Upgrade actions/setup-node to a0853c24544627f65ddf259abe73b1d18a591444
• Upgrade actions/setup-python to a26af69be951a213d495a4c3e4e4022e16d87065
• Upgrade actions/upload-artifact to ea165f8d65b6e75b540449e92b4886f43607fa02
• Upgrade codecov/codecov-action to 5a1091511ad55cbe89839c7260b706298ca349f7
• Upgrade codecov/test-results-action to 47f89e9acb64b76debcd5ea40642d25a4adced9f
• Upgrade jupyter-server/jupyter_releaser to 6accaa3c07b69acaa1e14e00ba138133d8cbe879
• Upgrade jupyterlab/maintainer-tools to affc83be6020d529b9368cd4d63e467877606600
• Upgrade qltysh/qlty-action to a19242102d17e497f437d7466aa01b528537e899

chore(deps): update dependency @​jupyterlab/application to v4.4.9

• Schedule: ["at any time"]
• Branch name: renovate/jupyterlab-application-4.x-lockfile
• Merge into: main
• Upgrade @jupyterlab/application to 4.4.9

chore(deps): update dependency @​jupyterlab/notebook to v4.4.9

• Schedule: ["at any time"]
• Branch name: renovate/jupyterlab-notebook-4.x-lockfile
• Merge into: main
• Upgrade @jupyterlab/notebook to 4.4.9

chore(deps): update dependency @​jupyterlab/settingregistry to v4.4.9

• Schedule: ["at any time"]
• Branch name: renovate/jupyterlab-settingregistry-4.x-lockfile
• Merge into: main
• Upgrade @jupyterlab/settingregistry to 4.4.9

chore(deps): update dependency zod to v4.1.12

• Schedule: ["at any time"]
• Branch name: renovate/zod-4.x-lockfile
• Merge into: main
• Upgrade zod to 4.1.12

chore(deps): update devdependencies

• Schedule: ["every weekend"]
• Branch name: renovate/dev-dependencies
• Merge into: main
• Upgrade @jupyterlab/builder to 4.4.9
• Upgrade @jupyterlab/testutils to 4.4.9
• Upgrade typescript to ~5.9.0

chore(deps): update dependency @​types/jest to v30

• Schedule: ["every weekend"]
• Branch name: renovate/major-definitelytyped
• Merge into: main
• Upgrade @types/jest to ^30.0.0

chore(deps): update devdependencies (major)

• Schedule: ["every weekend"]
• Branch name: renovate/major-dev-dependencies
• Merge into: main
• Upgrade @typescript-eslint/eslint-plugin to ^8.0.0
• Upgrade @typescript-eslint/parser to ^8.0.0
• Upgrade css-loader to ^7.0.0
• Upgrade eslint to ^9.0.0
• Upgrade eslint-config-prettier to ^10.0.0
• Upgrade jest to ^30.0.0
• Upgrade mkdirp to ^3.0.0
• Upgrade npm-run-all2 to ^8.0.0
• Upgrade rimraf to ^6.0.0
• Upgrade source-map-loader to ^5.0.0
• Upgrade style-loader to ^4.0.0
• Upgrade stylelint to ^16.0.0
• Upgrade stylelint-config-recommended to ^17.0.0
• Upgrade stylelint-config-standard to ^39.0.0
• Upgrade stylelint-prettier to ^5.0.0

chore(deps): update github actions (major)

• Schedule: ["at any time"]
• Branch name: renovate/major-github-actions
• Merge into: main
• Upgrade actions/checkout to 08c6903cd8c0fde910a37f88322edcfb5dd907a8
• Upgrade actions/create-github-app-token to 67018539274d69449ef7c02e8e71183d1719ab42
• Upgrade actions/download-artifact to 634f93cb2916e3fdff6788551b99b062d0335ce0
• Upgrade actions/setup-python to e797f83bcb11b83ae66e0230d6156d7c80228e7c

🚸 Branch creation will be limited to maximum 2 per hour, so it doesn't swamp any CI resources or overwhelm the project. See docs for prhourlylimit for details.

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a Renovate configuration file (renovate.json) that enables Renovate, sets the schema and config migration, extends config:recommended, and enables managers (npm, nvm, github-actions, pep621) with pinDigests for GitHub Actions. Disables docker-compose/dockerfile/meteor managers, sets ignorePaths (dist, node_modules, tmp, lib, a JupyterLab extension), configures npm options and an npmrc registry/auth, lists ignored dependencies, assigns a renovate label, and defines packageRules for grouping GitHub Actions, scheduling devDependency updates, and handling DefinitelyTyped. No source code or public API changes.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Renovate
  participant Repo as "GitHub Repo\n(renovate.json)"
  participant Managers as "Managers\nnpm, nvm, github-actions, pep621"
  participant CI as "GitHub Actions"

  note over Renovate,Repo #f9f9f9: On schedule / webhook
  Renovate->>Repo: Read renovate.json (rules, ignorePaths, packageRules, label)
  Renovate->>Managers: Query dependency manifests (respect ignorePaths)
  Managers-->>Renovate: Suggested updates (grouping per packageRules)
  alt GitHub Actions updates require digests
    Renovate->>CI: Request pinDigests info
    CI-->>Renovate: Digest data
  end
  Renovate->>Repo: Open/update PRs (apply label, grouping, schedule)
  note right of Repo #eef7ff: PRs created/updated per config

Loading

Possibly related PRs

• chore(deps): migrate renovate config deepnote#32 — adjusts Renovate configuration fields and package-matching behavior in renovate.json.
• deepnote/deepnote-internal#18538 — modifies Renovate packageRules/scheduling in renovate.json, affecting the same grouping logic.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title “chore: configure Renovate” clearly and concisely summarizes the primary change of adding and setting up a Renovate configuration file using a conventional commit prefix, making the PR’s intent immediately understandable.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 903646a and 7f9b1d6.

📒 Files selected for processing (1)

• renovate.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: check_release

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 45fb503 and 63ff4fb.

📒 Files selected for processing (1)

• renovate.json (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Build

renovate.json

[warning] 1-1: Code style issues found in renovate.json. Run Prettier with --write to fix.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: check_release

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 63ff4fb and ab4c9c4.

📒 Files selected for processing (1)

• renovate.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: check_release

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.50%. Comparing base (a0b7709) to head (dfd52c5).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main       #9   +/-   ##
=======================================
  Coverage   18.50%   18.50%           
=======================================
  Files          13       13           
  Lines         200      200           
  Branches       27       27           
=======================================
  Hits           37       37           
  Misses        163      163           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ab4c9c4 and 903646a.

📒 Files selected for processing (1)

• renovate.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: check_release

🔇 Additional comments (2)

renovate.json (2)

17-25: No Docker managers found—disabling ‘dockerfile’ and ‘docker-compose’ is safe.
No Dockerfile or docker-compose YAML files exist in the repo.

---

4-4: Confirm Python manager coverage
pyproject.toml declares a PEP 621 project; no poetry.lock or requirements.txt found—no additional managers needed.

[andyjakubowski]

I updated renovate.json with an npmrc field, which specifies where to look for @deepnote scoped packages:

"npmrc": "@deepnote:registry=https://npm.pkg.github.com\nalways-auth=true\n",

I was able to confirm this gets correctly read in Renovate logs: Found npmrc in decrypted config.

I also updated Credentials and Host Rules in the Mend Renovate Web UI, setting the GITHUB_TOKEN (a Personal Access Token with read:packages permissions).

We should merge this onboarding PR from Renovate so that Renovate considers this repo onboarded. Then, we’ll be able to re-run Renovate and verify that @deepnote/blocks can be correctly looked up. Re-running Renovate in the Web UI doesn’t do that scan now, because the repo is still marked as onboarded:

Repo is onboarding - skipping dependency dashboard