Enable lockfile maintaince (#450)

Same as google/osv.dev#1505 Confirmed that it works as expected in osv.dev repository. > Dependabot often has updates that don't show up in renovate bot. That's because renovatebot doesn't directly update any transient dependencies. > > Enabling this option instructs renovatebot to relock the lockfiles, which will bump all transient dependencies. See https://docs.renovatebot.com/configuration-options/#lockfilemaintenance and renovatebot/renovate#15762
google · Jul 26, 2023 · 106f43c · 106f43c
1 parent 09b1912
commit 106f43c
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/renovate.json b/renovate.json
@@ -8,6 +8,7 @@
   "labels": ["dependencies"],
   "postUpdateOptions": ["gomodTidy"],
   "osvVulnerabilityAlerts": true,
+  "lockFileMaintenance": { "enabled": true },
   "packageRules": [
     {
       "matchUpdateTypes": ["major"],