Skip to content

Configure Renovate#1

Merged
AJPreto merged 1 commit into
mainfrom
renovate/configure
May 5, 2026
Merged

Configure Renovate#1
AJPreto merged 1 commit into
mainfrom
renovate/configure

Conversation

@tjboller
Copy link
Copy Markdown

@tjboller tjboller commented Apr 29, 2026

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch and select the Retry/Rebase checkbox below. Renovate will update the Pull Request description the next time it runs.

Detected Package Files

  • Dockerfile (dockerfile)
  • .github/workflows/lint.yml (github-actions)
  • .github/workflows/test.yml (github-actions)
  • pyproject.toml (pep621)
  • .pre-commit-config.yaml (pre-commit)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title
  • Pin Docker digests.
  • Pin github-action digests.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
  • Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
  • Run lock file maintenance (updates) early Monday mornings.
  • Rebase existing PRs any time the base branch has been updated.
  • Preserve (but continue to upgrade) any existing SemVer ranges.
  • Separate each major version of dependencies into individual branches/PRs.
  • Raise PR when vulnerability alerts are detected.
  • Weekly schedule on early Monday mornings (before 4 AM).
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title
  • Pin Docker digests.
  • Pin github-action digests.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
  • Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
  • Run lock file maintenance (updates) early Monday mornings.
  • Rebase existing PRs any time the base branch has been updated.
  • Preserve (but continue to upgrade) any existing SemVer ranges.
  • Separate each major version of dependencies into individual branches/PRs.
  • Raise PR when vulnerability alerts are detected.
  • Weekly schedule on early Monday mornings (before 4 AM).
  • Run Renovate on following schedule: * 0-3 * * 1

What to Expect

With your current configuration, Renovate will create 27 Pull Requests:

Update dependency rdkit to v2025.9.6
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/rdkit-2025.x-lockfile
  • Merge into: main
  • Upgrade rdkit to 2025.9.6
Update pre-commit hook astral-sh/ruff-pre-commit to v0.15.12
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-ruff-pre-commit-0.x
  • Merge into: main
  • Upgrade astral-sh/ruff-pre-commit to v0.15.12
Update pre-commit hook astral-sh/uv-pre-commit to v0.11.8
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-uv-pre-commit-0.x
  • Merge into: main
  • Upgrade astral-sh/uv-pre-commit to 0.11.8
Update dependency mdanalysis to v2.10.0
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/mdanalysis-2.x
  • Merge into: main
  • Upgrade mdanalysis to ==2.10.0
Update dependency python to 3.14
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/python-3.x
  • Merge into: main
  • Upgrade python to 3.14
Update dependency scikit-learn to v1.8.0
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/scikit-learn-1.x-lockfile
  • Merge into: main
  • Upgrade scikit-learn to 1.8.0
Update dependency scipy to v1.17.1
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/scipy-1.x-lockfile
  • Merge into: main
  • Upgrade scipy to 1.17.1
Update python versions
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/minor-3.11-python
  • Merge into: main
  • Upgrade python to >=3.11,<3.12
  • Upgrade python to 3.11-slim-bookworm
Update python versions
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/minor-3.12-python
  • Merge into: main
  • Upgrade python to >=3.12,<3.13
  • Upgrade python to 3.12-slim-bookworm
Update python versions
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/minor-3.13-python
  • Merge into: main
  • Upgrade python to >=3.13,<3.14
  • Upgrade python to 3.13-slim-bookworm
Update python versions
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/minor-3.14-python
  • Merge into: main
  • Upgrade python to >=3.14,<3.15
  • Upgrade python to 3.14-slim-bookworm
Update actions/checkout action to v5
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/actions-checkout-5.x
  • Merge into: main
  • Upgrade actions/checkout to v5
Update actions/checkout action to v6
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/actions-checkout-6.x
  • Merge into: main
  • Upgrade actions/checkout to v6
Update actions/setup-python action to v6
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/actions-setup-python-6.x
  • Merge into: main
  • Upgrade actions/setup-python to v6
Update astral-sh/setup-uv action to v4
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-setup-uv-4.x
  • Merge into: main
  • Upgrade astral-sh/setup-uv to v4
Update astral-sh/setup-uv action to v5
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-setup-uv-5.x
  • Merge into: main
  • Upgrade astral-sh/setup-uv to v5
Update astral-sh/setup-uv action to v6
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-setup-uv-6.x
  • Merge into: main
  • Upgrade astral-sh/setup-uv to v6
Update astral-sh/setup-uv action to v7
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-setup-uv-7.x
  • Merge into: main
  • Upgrade astral-sh/setup-uv to v7
Update astral-sh/setup-uv action to v8
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/astral-sh-setup-uv-8.x
  • Merge into: main
  • Upgrade astral-sh/setup-uv to v8.1.0
Update dependency ipykernel to v7
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/ipykernel-7.x
  • Merge into: main
  • Upgrade ipykernel to >=7.2,<8
Update dependency numpy to v2
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/numpy-2.x
  • Merge into: main
  • Upgrade numpy to >=2.4.4,<3
Update dependency pandas to v3
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/pandas-3.x
  • Merge into: main
  • Upgrade pandas to >=3.0.2,<4
Update dependency rdkit to v2026
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/rdkit-2026.x-lockfile
  • Merge into: main
  • Upgrade rdkit to 2026.3.1
Update pre-commit hook pre-commit/pre-commit-hooks to v6
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/pre-commit-pre-commit-hooks-6.x
  • Merge into: main
  • Upgrade pre-commit/pre-commit-hooks to v6.0.0
Update pre-commit hook psf/black to v25
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/psf-black-25.x
  • Merge into: main
  • Upgrade psf/black to 25.12.0
Update pre-commit hook psf/black to v26
  • Schedule: ["* 0-3 * * 1"]
  • Branch name: renovate/psf-black-26.x
  • Merge into: main
  • Upgrade psf/black to 26.3.1
Lock file maintenance
  • Schedule: ["after 5am and before 7am on monday"]
  • Branch name: renovate/lock-file-maintenance
  • Merge into: main
  • Regenerate lock files to use latest dependency versions

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate.

Copilot AI review requested due to automatic review settings April 29, 2026 11:09
Copilot AI reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR onboards Renovate for the repository by adding a minimal renovate.json that delegates configuration to the organization’s shared Renovate preset.

Changes:

  • Add renovate.json at the repo root.
  • Configure Renovate to extend local>enveda/renovate-config.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@AJPreto AJPreto merged commit f480cf7 into main May 5, 2026
6 checks passed
@AJPreto AJPreto deleted the renovate/configure branch May 5, 2026 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tjboller @AJPreto @renovate-bot