feat: prevent automerging pre-1.0.0 versions

[HonkingGoose]

Changes:

• Add "matchCurrentVersion": "!/^0/", to our "Automerge non-major updates" rule

Context:

Renovate recently automerged a pre-1.x update:

• build(deps): update dependency @cdktf/hcl2json to v0.17.3 renovate#23598

I expected us to block updates like these, because of this quote from our docs: ¹

The matchCurrentVersion setting above is a rule to exclude any dependencies which are pre-1.0.0 because those can make breaking changes at any time according to the SemVer spec.

So I copy/pasted the code into our own config. 🙃 But maybe we have good reasons to keep things as they are?

Footnotes

1. Renovate docs, automerge non-major updates ↩

[viceice]

we don't need that, because we have good tests which will catch any errors.

[HonkingGoose]

Are you sure about that? It's probably easy to miss some stuff by accident, and then automerge a broken update.

Or do you think most of our key dependencies are already fully SemVer stable, so the chance of merging in a broken update is low?

[viceice]

as far as I know only the hcl2json is the only dependency which is lower than 1.0

[HonkingGoose]

Should I add a special rule just for that one package then?

Or do you want to close this PR, and leave things as they are now?

[viceice]

let's leave as is