ci(renovate): disable pinning dependencies
We shouldn't pin dependencies unless we have to. This is for two reasons: - If a dependency has a security issue, users should be able to easily update the dependency, before `mermaid` makes a new release - If using `mermaid.core.js` in an app, using a dependency range means that users can bundle less dependencies. E.g. they won't need to bundle `lodash@4.17.y` just becasue mermaid needs `lodash@4.17.x`. For development/CI, our dependencies are pinned by pnpm-lock.yaml file anyway.
This commit is contained in:
parent
476917bda9
commit
c2bd6a490f
|
@ -12,7 +12,7 @@
|
|||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
|
||||
"matchUpdateTypes": ["minor", "patch", "digest"],
|
||||
"automerge": true
|
||||
}
|
||||
],
|
||||
|
|
Loading…
Reference in New Issue