Add renovate security-updates-only configuration

laminas / laminas-xml

Utility library for XML usage, best practices, and security in PHP

BSD 3-Clause "New" or "Revised" License

14 stars 7 forks source link

Add renovate security-updates-only configuration #13

Closed dakujem closed 1 year ago

dakujem commented 1 year ago

This PR adds renovate.json, as suggested in https://github.com/laminas/laminas-xml/issues/12.

The file only refs the laminas/.github configuration.

internalsystemerror commented 1 year ago

I have all these queued and waiting to push locally, but I'm still waiting on the README.md wording updates from @weierophinney and the autocloser XML from @Xerkus.

dakujem commented 1 year ago

I pushed the updated renovate.json that points to renovate-config-security-updates-only.

internalsystemerror commented 1 year ago

Also, It's not really as simple as just enabling renovate, as renovate relies on CI checks to tell it whether the upgrade is OK or not. So I've also been looking at getting all these security only packages to at least use PHPUnit + Psalm.

Ocramius commented 1 year ago

@internalsystemerror so we should hold off? 🤔

internalsystemerror commented 1 year ago

I'm on the fence tbh... I'm not convinced that PHPUnit alone will protect us from breaks in this repository. If you feel differently then overrule me, but I would rather we shore up the CI checks on these libs prior to enabling renovate.

Although the security only configuration doesn't automerge anything so it may be safe to do so anyway.

Ocramius commented 1 year ago

I'm happy with PHPUnit only here, FWIW 👍

dakujem commented 1 year ago

Nice. I have no idea what I've done, but I'm glad it was what you guys wanted 😅

Thanks for maintaining the packages 💪

internalsystemerror commented 1 year ago

@dakujem Thanks for the contribution!