feat(security): add docker security update rules to renovate config

Adds Docker-specific package rules to automatically handle security vulnerabilities in container images. Enables auto-merging of security patches and prioritizes security-related updates. feat(renovate): simplify and improve security configuration - Remove explicit enabledManagers in favor of auto-discovery - Add global vulnerabilityAlerts configuration - Remove redundant Docker-specific rules - Maintain existing CI and language version grouping This change makes the configuration more maintainable and ensures better coverage of security updates across all dependency types. The simplified configuration relies on Renovate's default behaviors while still maintaining our custom grouping and automation needs.
open-turo · Jan 14, 2025 · 93bc136 · 93bc136
1 parent 4b43b49
commit 93bc136
Showing 1 changed file with 7 additions and 27 deletions.
diff --git a/default.json b/default.json
@@ -13,6 +13,12 @@
   "pre-commit": {
     "enabled": true
   },
+  "vulnerabilityAlerts": {
+    "labels": ["security", "dependencies"],
+    "prPriority": 1,
+    "automerge": true,
+    "platformAutomerge": true
+  },
   "packageRules": [
     {
       "groupName": "all ci non-major dependencies",
@@ -31,36 +37,10 @@
         "node-version"
       ],
       "matchUpdateTypes": ["minor", "patch"]
-    },
-    {
-      "matchManagers": ["dockerfile"],
-      "matchUpdateTypes": ["patch", "minor"],
-      "enabled": true,
-      "labels": ["security", "dependencies"],
-      "prPriority": 1,
-      "schedule": ["at any time"],
-      "automerge": true,
-      "platformAutomerge": true,
-      "vulnerabilityAlerts": true
-    },
-    {
-      "matchDatasources": ["docker"],
-      "matchUpdateTypes": ["patch", "minor"],
-      "enabled": true,
-      "labels": ["security", "dependencies"],
-      "prPriority": 1,
-      "vulnerabilityAlerts": true
     }
   ],
   "reviewersFromCodeOwners": true,
   "github-actions": {
     "fileMatch": ["(^|/).github/workflows/.+/.+\\.ya?ml$"]
-  },
-  "docker": {
-    "enabled": true
-  },
-  "enabledManagers": ["dockerfile", "docker-compose", "github-actions"],
-  "separateMinorPatch": true,
-  "commitMessagePrefix": "fix(security): ",
-  "commitBody": "Fixes vulnerabilities found in container scan:\n{{#if vulnerabilities}}\n{{#each vulnerabilities}}\n- {{severity}} severity: {{title}} ({{packageName}})\n{{/each}}\n{{/if}}"
+  }
 }