From eacb1767a1f30d8b21d911fbbfa46aa7de0e287c Mon Sep 17 00:00:00 2001
From: Alois Klink <alois@aloisklink.com>
Date: Sat, 22 Oct 2022 18:38:48 +0100
Subject: [PATCH] ci(renovate): disable pinning dependencies

We shouldn't pin dependencies unless we have to.

This is for two reasons:

- If a dependency has a security issue, users should be able to
  easily update the dependency, before `mermaid` makes a new release
- If using `mermaid.core.js` in an app, using a dependency range
  means that users can bundle less dependencies.
  E.g. they won't need to bundle `lodash@4.17.y` just becasue mermaid
  needs `lodash@4.17.x`.

For development/CI, our dependencies are pinned by pnpm-lock.yaml
file anyway.
---
 renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/renovate.json b/renovate.json
index 1413a3cea18..548f5b5be5c 100644
--- a/renovate.json
+++ b/renovate.json
@@ -12,7 +12,7 @@
   ],
   "packageRules": [
     {
-      "matchUpdateTypes": ["minor", "patch", "pin", "digest"],
+      "matchUpdateTypes": ["minor", "patch", "digest"],
       "automerge": true
     }
   ],