Skip to content

fix(renovate): Add separateMinorPatch #12190

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 9, 2025
Merged

fix(renovate): Add separateMinorPatch #12190

merged 1 commit into from
Apr 9, 2025

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Apr 7, 2025

Until now, every time when new version of the package was released, Renovate offered the latest version (so far so good). This might not be the best situation if it is not possible to update to the latest one (change of license or some other radical change), but upgrading to a higher patch (same major and minor) is safe.
Thanks to this PR, renovate will open a separate PR if there is a newer patch for the same minor.

This will help with:

Note: we will need the same for dependabot, because of:

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 7, 2025

DryRun Security Summary

The Renovate configuration file was updated with the separateMinorPatch option to improve dependency update management, with no associated security risks detected.

Expand for full summary

Summary: Renovate configuration file updated with separateMinorPatch option to manage dependency updates more granularly, with no direct security risks identified.

Security Findings:

  • No security vulnerabilities found.

View PR in the DryRun Dashboard.

@Maffooch Maffooch added this to the 2.45.1 milestone Apr 7, 2025
Maffooch
Maffooch approved these changes Apr 7, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great @kiblik 😄

@Maffooch Maffooch requested a review from mtesauro April 7, 2025 21:59
@mtesauro
Copy link
Contributor

mtesauro commented Apr 8, 2025

@kiblik Thanks for this.

Just for FYI: There's someone working on the datatables updates so those should be 'normal' again shortly:

datatables.net-colreorder: 1.6.2 -> 1.7.2 vs
#10765
datatables.net-dt: 1.13.4 -> 1.13.11 vs
#11734
datatables.net: 1.13.4 -> 1.13.11 vs
#11735
datatables.net-buttons-dt: 2.3.6 -> 2.4.3 vs
#11755
datatables.net-buttons-bs: 2.3.6 -> 2.4.3 vs
#11756

mtesauro
mtesauro approved these changes Apr 8, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch
Copy link
Contributor

Maffooch commented Apr 9, 2025

merging with two since this is dependency related

@Maffooch Maffooch merged commit ff97ef9 into DefectDojo:bugfix Apr 9, 2025
76 checks passed
@kiblik kiblik deleted the renovate_separateMinorPatch branch April 14, 2025 17:16
@kiblik kiblik mentioned this pull request Apr 14, 2025
Merged
1 task
Maffooch pushed a commit that referenced this pull request Apr 21, 2025
@kiblik @Maffooch
fix(renovate): Add separateMinorPatch (#12190)
eb75eff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.45.1
Development

Successfully merging this pull request may close these issues.
3 participants
@kiblik @mtesauro @Maffooch