Skip to content

Full Config Presets

config:best-practices

Preset with best practices from the Renovate maintainers. Recommended for advanced users, who want to follow our best practices.

{
  "extends": [
    "config:recommended", // (1)!
    "docker:pinDigests", // (2)!
    "helpers:pinGitHubActionDigests", // (3)!
    ":configMigration", // (4)!
    ":pinDevDependencies", // (5)!
    "abandonments:recommended", // (6)!
    "security:minimumReleaseAgeNpm", // (7)!
    ":maintainLockFilesWeekly" // (8)!
  ]
}
  1. config:recommended: Recommended configuration for most users. It does not matter what programming language you use.
  2. docker:pinDigests: Pin Docker digests.
  3. helpers:pinGitHubActionDigests: Pin github-action digests.
  4. :configMigration: Enable Renovate configuration migration PRs when needed.
  5. :pinDevDependencies: Pin dependency versions for development dependencies.
  6. abandonments:recommended: Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
  7. security:minimumReleaseAgeNpm: Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
  8. :maintainLockFilesWeekly: Run lock file maintenance (updates) early Monday mornings.

config:js-app

Default configuration for webapps.

{
  "extends": [
    "config:recommended", // (1)!
    ":pinAllExceptPeerDependencies" // (2)!
  ]
}
  1. config:recommended: Recommended configuration for most users. It does not matter what programming language you use.
  2. :pinAllExceptPeerDependencies: Pin all dependency versions except peerDependencies.

config:js-lib

Default configuration for libraries.

{
  "extends": [
    "config:recommended", // (1)!
    ":pinOnlyDevDependencies" // (2)!
  ]
}
  1. config:recommended: Recommended configuration for most users. It does not matter what programming language you use.
  2. :pinOnlyDevDependencies: Pin dependency versions for development dependencies and retain SemVer ranges for others.

config:recommended

Recommended configuration for most users. It does not matter what programming language you use.

{
  "extends": [
    ":dependencyDashboard", // (1)!
    ":semanticPrefixFixDepsChoreOthers", // (2)!
    ":ignoreModulesAndTests", // (3)!
    "group:monorepos", // (4)!
    "group:recommended", // (5)!
    "mergeConfidence:age-confidence-badges", // (6)!
    "replacements:all", // (7)!
    "workarounds:all", // (8)!
    "helpers:githubDigestChangelogs", // (9)!
    "helpers:goXPackagesChangelogLink", // (10)!
    "helpers:goXPackagesNameLink" // (11)!
  ]
}
  1. :dependencyDashboard: Enable Renovate Dependency Dashboard creation.
  2. :semanticPrefixFixDepsChoreOthers: Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  3. :ignoreModulesAndTests: Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  4. group:monorepos: Group known monorepo packages together.
  5. group:recommended: Use curated list of recommended non-monorepo package groupings.
  6. mergeConfidence:age-confidence-badges: Show only the Age and Confidence Merge Confidence badges for pull requests.
  7. replacements:all: Apply crowd-sourced package replacement rules.
  8. workarounds:all: Apply crowd-sourced workarounds for known problems with packages.
  9. helpers:githubDigestChangelogs: Ensure that every dependency pinned by digest and sourced from GitHub.com contains a link to the commit-to-commit diff
  10. helpers:goXPackagesChangelogLink: Correctly link to the source code for golang.org/x packages
  11. helpers:goXPackagesNameLink: Link to pkg.go.dev/... for golang.org/x packages' title

config:semverAllMonthly

Preserve SemVer ranges and update everything together once a month. (excluding replacements and lockfile maintenance)

{
  "extends": [
    ":preserveSemverRanges", // (1)!
    "group:all", // (2)!
    "schedule:monthly", // (3)!
    ":maintainLockFilesMonthly" // (4)!
  ],
  "lockFileMaintenance": {
    "commitMessageAction": "Update"
  },
  "separateMajorMinor": false
}
  1. :preserveSemverRanges: Preserve (but continue to upgrade) any existing SemVer ranges.
  2. group:all: Group all updates together.
  3. schedule:monthly: Schedule once a month on the first day of the month before 4 AM.
  4. :maintainLockFilesMonthly: Run lock file maintenance (updates) on the first day of each month.

config:semverAllWeekly

Preserve SemVer ranges and update everything together once a week (excluding replacements and lockfile maintenance).

{
  "extends": [
    ":preserveSemverRanges", // (1)!
    "group:all", // (2)!
    "schedule:weekly", // (3)!
    ":maintainLockFilesWeekly" // (4)!
  ],
  "lockFileMaintenance": {
    "commitMessageAction": "Update"
  },
  "separateMajorMinor": false
}
  1. :preserveSemverRanges: Preserve (but continue to upgrade) any existing SemVer ranges.
  2. group:all: Group all updates together.
  3. schedule:weekly: Schedule weekly.
  4. :maintainLockFilesWeekly: Run lock file maintenance (updates) early Monday mornings.