ci(renovate): disable pinning dependencies

We shouldn't pin dependencies unless we have to. This is for two reasons: - If a dependency has a security issue, users should be able to easily update the dependency, before `mermaid` makes a new release - If using `mermaid.core.js` in an app, using a dependency range means that users can bundle less dependencies. E.g. they won't need to bundle `lodash@4.17.y` just becasue mermaid needs `lodash@4.17.x`. For development/CI, our dependencies are pinned by pnpm-lock.yaml file anyway.
mermaid-js · Nov 5, 2022 · eacb176 · eacb176
1 parent cc38b7c
commit eacb176
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/renovate.json b/renovate.json
@@ -12,7 +12,7 @@
   ],
   "packageRules": [
     {
-      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "matchUpdateTypes": ["minor", "patch", "digest"],
       "automerge": true
     }
   ],