mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-01-14 06:43:25 +08:00
c2bd6a490f
We shouldn't pin dependencies unless we have to. This is for two reasons: - If a dependency has a security issue, users should be able to easily update the dependency, before `mermaid` makes a new release - If using `mermaid.core.js` in an app, using a dependency range means that users can bundle less dependencies. E.g. they won't need to bundle `lodash@4.17.y` just becasue mermaid needs `lodash@4.17.x`. For development/CI, our dependencies are pinned by pnpm-lock.yaml file anyway.
25 lines
483 B
JSON
25 lines
483 B
JSON
{
|
|
"extends": [
|
|
"config:base",
|
|
":rebaseStalePrs",
|
|
"group:allNonMajor",
|
|
"schedule:earlyMondays",
|
|
":automergeMinor",
|
|
":automergeTesters",
|
|
":automergeLinters",
|
|
":automergeTypes",
|
|
":automergePatch"
|
|
],
|
|
"packageRules": [
|
|
{
|
|
"matchUpdateTypes": ["minor", "patch", "digest"],
|
|
"automerge": true
|
|
}
|
|
],
|
|
"dependencyDashboard": true,
|
|
"major": {
|
|
"dependencyDashboardApproval": true
|
|
},
|
|
"dependencyDashboardAutoclose": true
|
|
}
|