renovate.json

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:base"
  ],
  "branchPrefix": "renovate-",
  "branchNameStrict": true,
  "commitMessageAction": "Renovate Update",
  "labels": [
    "Dependencies",
    "Renovate"
  ],
  "packageRules": [
    {
      "description": "Ignore internal dependency upgrades - Renovate doesn't recognise that these are relative and therefore don't need to refer to the correct digest",
      "matchPackageNames": [
        "github.com/ministryofjustice/opg-data-lpa-store/internal/shared"
      ],
      "enabled": false
    },
    {
      "automerge": true,
      "groupName": "Patch & Minor Updates",
      "groupSlug": "all-minor-patch-updates",
      "matchPackagePatterns": [
        "*"
      ],
      "matchUpdateTypes": [
        "minor",
        "patch"
      ],
      "stabilityDays": 3,
      "prPriority": 4
    }
  ],
  "major": {
    "automerge": false,
    "stabilityDays": 3,
    "prPriority": 0
  },
  "vulnerabilityAlerts": {
    "groupName": "Security Alerts",
    "rangeStrategy": "update-lockfile",
    "commitMessagePrefix": "[SECURITY]",
    "branchTopic": "{{{datasource}}}-{{{depName}}}-vulnerability",
    "prPriority": 5
  }
}