configure automatic updates

Author: marcoieni

.github/renovate.json5

@@ -0,0 +1,35 @@
+{
+    $schema: "https://docs.renovatebot.com/renovate-schema.json",
+    extends: ["config:recommended", ":maintainLockFilesMonthly"],
+    automerge: true,
+    packageRules: [
+        {
+            matchCategories: ["javascript", "typescript"],
+            updateTypes: ["patch"],
+            // Disable patch updates for single dependencies because patches
+            // are updated periodically with lockfile maintainance.
+            enabled: false,
+        },
+        {
+            matchCategories: ["rust"],
+            updateTypes: ["patch"],
+            // Disable patch updates for single dependencies because patches
+            // are updated periodically with lockfile maintainance.
+            enabled: false,
+        },
+        {
+            matchManagers: ["github-actions"],
+            // At 06:XX on Monday.
+            schedule: "* 6 * * 1",
+            groupName: "Github Actions",
+        },
+    ],
+    // Receive any update that fixes security vulnerabilities.
+    // We need this because we disabled "patch" updates for Rust.
+    // Note: You need to enable "Dependabot alerts" in "Code security" GitHub
+    // Settings to receive security updates.
+    // See https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts
+    vulnerabilityAlerts: {
+        enabled: true,
+    },
+}