mirrors
/
mermaid
mirror of https://github.com/mermaid-js/mermaid.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

ci(renovate): disable pinning dependencies 

We shouldn't pin dependencies unless we have to.

This is for two reasons:

- If a dependency has a security issue, users should be able to
  easily update the dependency, before `mermaid` makes a new release
- If using `mermaid.core.js` in an app, using a dependency range
  means that users can bundle less dependencies.
  E.g. they won't need to bundle `lodash@4.17.y` just becasue mermaid
  needs `lodash@4.17.x`.

For development/CI, our dependencies are pinned by pnpm-lock.yaml
file anyway.
This commit is contained in:
Alois Klink 2022-10-22 18:38:48 +01:00
parent 476917bda9
commit c2bd6a490f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
renovate.json
View File

@ -12,7 +12,7 @@
],
"packageRules": [
{
"matchUpdateTypes": ["minor", "patch", "pin", "digest"],
"matchUpdateTypes": ["minor", "patch", "digest"],
"automerge": true
}
],