From bcf2c51590e76a6813b2163bf07eaa25174619ef Mon Sep 17 00:00:00 2001 From: pshu Date: Mon, 25 May 2026 22:12:30 +0800 Subject: [PATCH 1/3] chore: sync renovate config from rspack Drop github>Boshen/renovate and adopt rstackjs shared security preset plus the relevant package rules from rspack (cargo/npm/github-actions grouping, mimalloc pin, manually managed artifact actions, weekly schedule). --- .github/renovate.json | 5 --- .github/renovate.json5 | 75 ++++++++++++++++++++++++++++++++++++++++++ LICENSE | 1 - 3 files changed, 75 insertions(+), 6 deletions(-) delete mode 100644 .github/renovate.json create mode 100644 .github/renovate.json5 diff --git a/.github/renovate.json b/.github/renovate.json deleted file mode 100644 index 6c195974..00000000 --- a/.github/renovate.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": ["github>Boshen/renovate"], - "ignorePaths": ["**/node_modules/**", "**/fixtures/**", "benches/**"] -} diff --git a/.github/renovate.json5 b/.github/renovate.json5 new file mode 100644 index 00000000..af80b1a5 --- /dev/null +++ b/.github/renovate.json5 @@ -0,0 +1,75 @@ +{ + $schema: "https://docs.renovatebot.com/renovate-schema.json", + timezone: "Asia/Shanghai", + extends: [ + ":dependencyDashboard", + "helpers:pinGitHubActionDigests", + "github>rstackjs/renovate:security" + ], + schedule: ["before 8am on saturday"], + enabledManagers: ["github-actions", "cargo", "npm"], + ignorePaths: ["**/node_modules/**", "**/fixtures/**", "benches/**"], + labels: ["dependencies"], + packageRules: [ + // manually update peer dependencies + { + depTypeList: ["peerDependencies"], + enabled: false + }, + { + matchPackagePatterns: ["*"], + semanticCommitType: "chore", + // always bump package.json + rangeStrategy: "bump" + }, + { + groupName: "patch crates", + matchManagers: ["cargo"], + excludePackagePrefixes: ["napi"], + excludePackageNames: ["mimalloc"], + matchUpdateTypes: ["patch"] + }, + { + groupName: "napi", + matchPackagePrefixes: ["napi", "@napi-rs/"] + }, + { + groupName: "ignored crates", + matchManagers: ["cargo"], + // mimalloc is pinned for benchmark allocator alignment with rspack's xtask/benchmark + matchPackageNames: ["mimalloc"], + enabled: false + }, + { + groupName: "patch npm dependencies", + matchManagers: ["npm"], + matchDepTypes: ["dependencies", "devDependencies"], + excludePackageNames: ["typescript"], + // bump major and minor in a separate PR + matchUpdateTypes: ["patch"] + }, + // Disable Node.js updates + { + groupName: "node", + matchPackageNames: ["node"], + enabled: false + }, + { + groupName: "github-actions", + matchManagers: ["github-actions"], + excludePackageNames: [ + "actions/upload-artifact", + "actions/download-artifact" + ] + }, + { + groupName: "manually managed github-actions", + matchManagers: ["github-actions"], + matchPackageNames: [ + "actions/upload-artifact", + "actions/download-artifact" + ], + enabled: false + } + ] +} diff --git a/LICENSE b/LICENSE index cf98dfd9..68a4ea9f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,6 @@ MIT License Copyright (c) 2024-present Bytedance Inc and its affiliates. -Copyright (c) 2023-2024 Boshen Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 4acb5c32cb8c2a417e4fa0b7eaee35c236527366 Mon Sep 17 00:00:00 2001 From: pshu Date: Tue, 26 May 2026 00:41:36 +0800 Subject: [PATCH 2/3] chore: migrate renovate config off deprecated matchers Replace depTypeList / matchPackagePatterns / matchPackagePrefixes / excludePackage* with the supported matchDepTypes and matchPackageNames (globs + negation) so each rule actually applies on current Renovate. --- .github/renovate.json5 | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index af80b1a5..a63d4666 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -13,25 +13,24 @@ packageRules: [ // manually update peer dependencies { - depTypeList: ["peerDependencies"], + matchDepTypes: ["peerDependencies"], enabled: false }, { - matchPackagePatterns: ["*"], + // applies to all updates: chore commit + always bump package.json range + matchPackageNames: ["*"], semanticCommitType: "chore", - // always bump package.json rangeStrategy: "bump" }, { groupName: "patch crates", matchManagers: ["cargo"], - excludePackagePrefixes: ["napi"], - excludePackageNames: ["mimalloc"], + matchPackageNames: ["*", "!napi*", "!mimalloc"], matchUpdateTypes: ["patch"] }, { groupName: "napi", - matchPackagePrefixes: ["napi", "@napi-rs/"] + matchPackageNames: ["napi*", "@napi-rs/*"] }, { groupName: "ignored crates", @@ -44,7 +43,7 @@ groupName: "patch npm dependencies", matchManagers: ["npm"], matchDepTypes: ["dependencies", "devDependencies"], - excludePackageNames: ["typescript"], + matchPackageNames: ["*", "!typescript"], // bump major and minor in a separate PR matchUpdateTypes: ["patch"] }, @@ -57,9 +56,10 @@ { groupName: "github-actions", matchManagers: ["github-actions"], - excludePackageNames: [ - "actions/upload-artifact", - "actions/download-artifact" + matchPackageNames: [ + "*", + "!actions/upload-artifact", + "!actions/download-artifact" ] }, { From 92d1db75ece1c4293325f61daf765d84d236db33 Mon Sep 17 00:00:00 2001 From: pshu Date: Tue, 26 May 2026 10:27:55 +0800 Subject: [PATCH 3/3] chore: restore Boshen copyright line in LICENSE Revert an unrelated LICENSE change that slipped into the renovate sync commit. --- LICENSE | 1 + 1 file changed, 1 insertion(+) diff --git a/LICENSE b/LICENSE index 68a4ea9f..cf98dfd9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,7 @@ MIT License Copyright (c) 2024-present Bytedance Inc and its affiliates. +Copyright (c) 2023-2024 Boshen Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal