Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• package.json (npm)

Configuration

🔡 Renovate has detected a custom config for this PR. Feel free to ask for help if you have any doubts and would like it reviewed.

Important: Now that this branch is edited, Renovate can't rebase it from the base branch any more. If you make changes to the base branch that could impact this onboarding PR, please merge them manually.

What to Expect

With your current configuration, Renovate will create 21 Pull Requests:

Pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/pin-dependencies
• Merge into: dev
• Pin @babel/core to 7.21.0
• Pin @babel/plugin-external-helpers to 7.18.6
• Pin @babel/plugin-proposal-class-properties to 7.18.6
• Pin @babel/plugin-proposal-decorators to 7.21.0
• Pin @babel/plugin-proposal-nullish-coalescing-operator to 7.18.6
• Pin @babel/plugin-proposal-object-rest-spread to 7.20.7
• Pin @babel/plugin-proposal-optional-chaining to 7.21.0
• Pin @babel/plugin-syntax-dynamic-import to 7.8.3
• Pin @babel/plugin-syntax-import-meta to 7.10.4
• Pin @babel/plugin-syntax-top-level-await to 7.14.5
• Pin @babel/preset-env to 7.20.2
• Pin @babel/preset-typescript to 7.21.0
• Pin @braintree/sanitize-url to 6.0.2
• Pin @egjs/hammerjs to 2.0.17
• Pin @formatjs/intl-datetimeformat to 6.5.1
• Pin @formatjs/intl-getcanonicallocales to 2.1.0
• Pin @formatjs/intl-locale to 3.1.1
• Pin @formatjs/intl-numberformat to 8.3.5
• Pin @formatjs/intl-pluralrules to 5.1.10
• Pin @formatjs/intl-relativetimeformat to 11.1.10
• Pin @fullcalendar/core to 6.1.4
• Pin @fullcalendar/daygrid to 6.1.4
• Pin @fullcalendar/interaction to 6.1.4
• Pin @fullcalendar/list to 6.1.4
• Pin @fullcalendar/timegrid to 6.1.4
• Pin @koa/cors to 4.0.0
• Pin @lezer/highlight to 1.1.3
• Pin @lit-labs/motion to 1.0.3
• Pin @lit-labs/virtualizer to 1.0.1
• Pin @material/mwc-button to 0.27.0
• Pin @material/mwc-checkbox to 0.27.0
• Pin @material/mwc-circular-progress to 0.27.0
• Pin @material/mwc-dialog to 0.27.0
• Pin @material/mwc-drawer to 0.27.0
• Pin @material/mwc-fab to 0.27.0
• Pin @material/mwc-formfield to 0.27.0
• Pin @material/mwc-icon-button to 0.27.0
• Pin @material/mwc-linear-progress to 0.27.0
• Pin @material/mwc-list to 0.27.0
• Pin @material/mwc-menu to 0.27.0
• Pin @material/mwc-radio to 0.27.0
• Pin @material/mwc-ripple to 0.27.0
• Pin @material/mwc-select to 0.27.0
• Pin @material/mwc-slider to 0.27.0
• Pin @material/mwc-switch to 0.27.0
• Pin @material/mwc-tab to 0.27.0
• Pin @material/mwc-tab-bar to 0.27.0
• Pin @material/mwc-textarea to 0.27.0
• Pin @material/mwc-textfield to 0.27.0
• Pin @material/mwc-top-app-bar-fixed to 0.27.0
• Pin @octokit/auth-oauth-device to 4.0.4
• Pin @octokit/rest to 19.0.7
• Pin @open-wc/dev-server-hmr to 0.1.3
• Pin @rollup/plugin-babel to 5.3.0
• Pin @rollup/plugin-commonjs to 11.1.0
• Pin @rollup/plugin-json to 4.0.3
• Pin @rollup/plugin-node-resolve to 7.1.3
• Pin @rollup/plugin-replace to 2.4.2
• Pin @types/chromecast-caf-sender to 1.0.5
• Pin @types/esprima to 4.0.3
• Pin @types/glob to 8.1.0
• Pin @types/js-yaml to 4.0.5
• Pin @types/leaflet to 1.9.1
• Pin @types/leaflet-draw to 1.0.6
• Pin @types/marked to 4.0.8
• Pin @types/mocha to 10.0.1
• Pin @types/qrcode to 1.5.0
• Pin @types/serve-handler to 6.1.1
• Pin @types/sortablejs to 1.15.0
• Pin @types/tar to 6.1.4
• Pin @types/webspeechapi to 0.0.29
• Pin @typescript-eslint/eslint-plugin to 5.54.0
• Pin @typescript-eslint/parser to 5.54.0
• Pin @vaadin/combo-box to 23.3.7
• Pin @vaadin/vaadin-themable-mixin to 23.3.7
• Pin @vibrant/color to 3.2.1-alpha.1
• Pin @vibrant/core to 3.2.1-alpha.1
• Pin @vibrant/quantizer-mmcq to 3.2.1-alpha.1
• Pin @vue/web-component-wrapper to 1.3.0
• Pin @web/dev-server to 0.1.35
• Pin @web/dev-server-rollup to 0.2.11
• Pin @webcomponents/scoped-custom-element-registry to 0.0.8
• Pin @webcomponents/webcomponentsjs to 2.7.0
• Pin app-datepicker to 5.1.1
• Pin babel-loader to 9.1.2
• Pin babel-plugin-template-html-minifier to 4.1.0
• Pin chai to 4.3.7
• Pin chart.js to 3.3.2
• Pin comlink to 4.4.1
• Pin core-js to 3.29.0
• Pin cropperjs to 1.5.13
• Pin date-fns to 2.29.3
• Pin date-fns-tz to 2.0.0
• Pin deep-clone-simple to 1.1.1
• Pin deep-freeze to 0.0.1
• Pin del to 7.0.0
• Pin eslint to 8.35.0
• Pin eslint-config-airbnb-base to 15.0.0
• Pin eslint-config-airbnb-typescript to 17.0.0
• Pin eslint-config-prettier to 8.6.0
• Pin eslint-import-resolver-webpack to 0.13.2
• Pin eslint-plugin-disable to 2.0.3
• Pin eslint-plugin-import to 2.27.5
• Pin eslint-plugin-lit to 1.8.2
• Pin eslint-plugin-lit-a11y to 2.3.0
• Pin eslint-plugin-unused-imports to 2.0.0
• Pin eslint-plugin-wc to 1.4.0
• Pin esprima to 4.0.1
• Pin fancy-log to 2.0.0
• Pin fs-extra to 11.1.0
• Pin fuse.js to 6.6.2
• Pin glob to 8.1.0
• Pin google-timezones-json to 1.0.2
• Pin gulp to 4.0.2
• Pin gulp-flatmap to 1.0.2
• Pin gulp-json-transform to 0.4.8
• Pin gulp-merge-json to 2.1.2
• Pin gulp-rename to 2.0.0
• Pin gulp-zopfli-green to 6.0.1
• Pin hls.js to 1.3.4
• Pin home-assistant-js-websocket to 8.0.1
• Pin html-minifier to 4.0.0
• Pin husky to 8.0.3
• Pin idb-keyval to 6.2.0
• Pin instant-mocha to 1.5.0
• Pin intl-messageformat to 10.3.1
• Pin js-yaml to 4.1.0
• Pin jszip to 3.10.1
• Pin leaflet to 1.9.3
• Pin leaflet-draw to 1.0.4
• Pin lint-staged to 13.1.2
• Pin lit to 2.6.1
• Pin lit-analyzer to 1.2.1
• Pin lodash.template to 4.5.0
• Pin magic-string to 0.30.0
• Pin map-stream to 0.0.7
• Pin marked to 4.2.12
• Pin memoize-one to 6.0.0
• Pin merge-stream to 2.0.0
• Pin mocha to 10.2.0
• Pin object-hash to 3.0.0
• Pin open to 8.4.2
• Pin pinst to 3.0.0
• Pin prettier to 2.8.4
• Pin proxy-polyfill to 0.3.2
• Pin punycode to 2.3.0
• Pin qr-scanner to 1.4.2
• Pin qrcode to 1.5.1
• Pin regenerator-runtime to 0.13.11
• Pin require-dir to 1.2.0
• Pin resize-observer-polyfill to 1.5.1
• Pin roboto-fontface to 0.10.0
• Pin rollup to 2.79.1
• Pin rollup-plugin-string to 3.0.0
• Pin rollup-plugin-terser to 5.3.0
• Pin rollup-plugin-visualizer to 5.9.0
• Pin rrule to 2.7.2
• Pin serve-handler to 6.1.5
• Pin sinon to 15.0.1
• Pin sortablejs to 1.15.0
• Pin source-map-url to 0.4.1
• Pin superstruct to 1.0.3
• Pin systemjs to 6.14.0
• Pin tar to 6.1.13
• Pin terser-webpack-plugin to 5.3.6
• Pin tinykeys to 1.4.0
• Pin ts-lit-plugin to 1.2.1
• Pin tsparticles-engine to 2.9.3
• Pin tsparticles-preset-links to 2.9.3
• Pin typescript to 4.9.5
• Pin unfetch to 5.0.0
• Pin vinyl-buffer to 1.0.1
• Pin vinyl-source-stream to 2.0.0
• Pin vis-data to 7.1.4
• Pin vis-network to 9.1.4
• Pin vue to 2.7.14
• Pin vue2-daterange-picker to 0.6.8
• Pin webpack-cli to 5.0.1
• Pin webpack-dev-server to 4.11.1
• Pin webpack-manifest-plugin to 5.0.0
• Pin webpackbar to 5.0.2
• Pin weekstart to 2.0.0
• Pin workbox-build to 6.5.4
• Pin workbox-cacheable-response to 6.5.4
• Pin workbox-core to 6.5.4
• Pin workbox-expiration to 6.5.4
• Pin workbox-precaching to 6.5.4
• Pin workbox-routing to 6.5.4
• Pin workbox-strategies to 6.5.4
• Pin xss to 1.0.14

Pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/codemirror
• Merge into: dev
• Pin @codemirror/autocomplete to 6.4.2
• Pin @codemirror/commands to 6.2.1
• Pin @codemirror/language to 6.6.0
• Pin @codemirror/legacy-modes to 6.3.1
• Pin @codemirror/search to 6.2.3
• Pin @codemirror/state to 6.2.0
• Pin @codemirror/view to 6.9.1

Pin dependencies

• Schedule: ["at any time"]
• Branch name: renovate/polymer-packages
• Merge into: dev
• Pin @polymer/app-layout to 3.1.0
• Pin @polymer/iron-flex-layout to 3.0.1
• Pin @polymer/iron-icon to 3.0.1
• Pin @polymer/iron-input to 3.0.1
• Pin @polymer/iron-resizable-behavior to 3.0.1
• Pin @polymer/paper-input to 3.2.1
• Pin @polymer/paper-item to 3.0.1
• Pin @polymer/paper-listbox to 3.0.1
• Pin @polymer/paper-slider to 3.0.1
• Pin @polymer/paper-styles to 3.0.1
• Pin @polymer/paper-tabs to 3.1.0
• Pin @polymer/paper-toast to 3.0.1
• Pin @polymer/paper-tooltip to 3.0.1
• Upgrade @polymer/polymer to 3.5.1

Update dependency @​rollup/plugin-babel to ^5.3.0

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-babel-5.x
• Merge into: dev
• Upgrade @rollup/plugin-babel to ^5.3.0

Update dependency @​types/chromecast-caf-receiver to v5.0.15

• Schedule: ["at any time"]
• Branch name: renovate/chromecast-caf-receiver-5.x
• Merge into: dev
• Upgrade @types/chromecast-caf-receiver to 5.0.15

Update Yarn to v3.4.1

• Schedule: ["at any time"]
• Branch name: renovate/yarn-monorepo
• Merge into: dev
• Upgrade yarn to 3.4.1

Update dependency @​rollup/plugin-json to ^4.1.0

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-json-4.x
• Merge into: dev
• Upgrade @rollup/plugin-json to ^4.1.0

Update dependency @​web/dev-server-rollup to ^0.3.0

• Schedule: ["at any time"]
• Branch name: renovate/web-dev-server-rollup-0.x
• Merge into: dev
• Upgrade @web/dev-server-rollup to ^0.3.0

Update dependency chart.js to ^3.9.1

• Schedule: ["at any time"]
• Branch name: renovate/chart.js-3.x
• Merge into: dev
• Upgrade chart.js to ^3.9.1

Update dependency webpack to v5.75.0

• Schedule: ["at any time"]
• Branch name: renovate/webpack-5.x
• Merge into: dev
• Upgrade webpack to =5.75.0

Update dependency @​rollup/plugin-babel to v6

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-babel-6.x
• Merge into: dev
• Upgrade @rollup/plugin-babel to ^6.0.0

Update dependency @​rollup/plugin-commonjs to v24

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-commonjs-24.x
• Merge into: dev
• Upgrade @rollup/plugin-commonjs to ^24.0.0

Update dependency @​rollup/plugin-json to v6

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-json-6.x
• Merge into: dev
• Upgrade @rollup/plugin-json to ^6.0.0

Update dependency @​rollup/plugin-node-resolve to v15

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-node-resolve-15.x
• Merge into: dev
• Upgrade @rollup/plugin-node-resolve to ^15.0.0

Update dependency @​rollup/plugin-replace to v5

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-replace-5.x
• Merge into: dev
• Upgrade @rollup/plugin-replace to ^5.0.0

Update dependency @​types/chromecast-caf-receiver to v6

• Schedule: ["at any time"]
• Branch name: renovate/chromecast-caf-receiver-6.x
• Merge into: dev
• Upgrade @types/chromecast-caf-receiver to 6.0.8

Update dependency chart.js to v4

• Schedule: ["at any time"]
• Branch name: renovate/chart.js-4.x
• Merge into: dev
• Upgrade chart.js to ^4.0.0

Update dependency glob to v9

• Schedule: ["at any time"]
• Branch name: renovate/glob-9.x
• Merge into: dev
• Upgrade glob to ^9.0.0

Update dependency rollup to v3

• Schedule: ["at any time"]
• Branch name: renovate/rollup-3.x
• Merge into: dev
• Upgrade rollup to ^3.0.0

Update dependency rollup-plugin-terser to v7

• Schedule: ["at any time"]
• Branch name: renovate/rollup-plugin-terser-7.x
• Merge into: dev
• Upgrade rollup-plugin-terser to ^7.0.0

Lock file maintenance

• Schedule: ["on the 19th day of the month"]
• Branch name: renovate/lock-file-maintenance
• Merge into: dev
• Regenerate lock files to use latest dependency versions

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by Mend Renovate. View repository job log here.

[frenck]

Let's make sure we configure renovate to only act on the npm packages (and leave the rest up to dependabot).

[frenck]

Automerge sounds like something we should never ever allow or do.

[steverep]

1. This is very conservative and only permits it for ESLint, Prettier, and @types/* packages. If the CI passes, there's no reason not to merge. That's what any human would do.
2. It won't actually allow it anyway because the PR still requires approval per the branch protection rule. Without changes on GitHub, all it will do is effectively check the box on the PR.

Renovate has a decent discussion of the automerge feature on their website.

[frenck]

This was a serious review comment which you just declined, dismissed any further discussion, added yourself, self approved and now merged.

Please revert this asap.

[frenck]

That's what any human would do.

I hope for sure, that is not what any reviewer (or you) does. At least the upstream changes should be reviewed. Something renovate will not do for you, as it is not an human.

../Frenck

[steverep]

I hope for sure, that is not what any reviewer (or you) does. At least the upstream changes should be reviewed. Something renovate will not do for you, as it is not an human.

I did not intend to imply that the release notes should not be reviewed. I certainly do that every time. I simply meant that in those particular cases, the CI lint is all that is needed in terms of testing.

Again, I included those rules in a way that was simply meant as an extra click time saver on a small subset of very low risk packages. No actual automatic merging was configured.

In any case, I removed all mentions of automerge in #15743.

[steverep]

Okay I think this is a good config to start with. Other than the deduplicating and "automerge" (which won't actually automerge) per my comment above, it will virtually be the same as dependabot except:

• To protect against botched releases that are pulled from NPM or quickly patched, it waits 3 days before raising a PR
• Pins all versions - HA really has no need for or gains from specified ranges
• Enables monthly "lock file maintenance", which just updates sub-dependencies per their semver rules (right now their just locked to whatever the current version was at the time of install)
• No longer ignoring rollup since everything else is mostly updated

[steverep]

Merging to make sure this behaves like I expect. We can certainly follow up with changes.

[ludeeus]

You should not have merged this. While you did not open the initial PR, the initial PR does not exist and all changes are made by you.

[frenck]

Agree this must be reverted asap. The auto merge rules imho are a big no-go.

My review comment above has just been dismissed an you just merged your own in, without any further discussion or consensus.

[frenck]

I think this needs to be more specific, to prevent future (possibly unwanted) workarounds to just being blatantly accepted.

[steverep]

Very well. I left it there as it's part of their base config. None of the workarounds are actually relevant to this repo.

I removed it in #15743.

[renovate]

Renovate is disabled

Renovate is disabled due to lack of config. If you wish to reenable it, you can either (a) commit a config file to your base branch, or (b) rename this closed PR to trigger a replacement onboarding PR.

[steverep]

In retrospect I should not have jumped the gun to merge. I had some time to devote to this last night and was simply eager to verify some of the configured functionality worked as expected (including automerge) before stating anything that wasn't actually correct.

I meant no disrespect and had no malicious intent to dismiss or decline feedback. I don't operate that way. I intended to follow up as I stated.

[frenck]

We know you mean well 👍

Thanks for pushing this anyways, as I think this will be a good addition 👍

../Frenck