Renovate configuration

[nokome]

An issue to collect ideas / notes on the our renovate-config. Perhaps the main strength of Renovate is how configurable it is. However, that can at time make it difficult to understand.

• Currently "stabilityDays": 3 - a PR still gets created, but frustratingly the "stability days check" fails - would be better to combine with prCreation="not-pending" so the PR does not get created at all. Also, for @stencila packages the days should probably be 0. See https://docs.renovatebot.com/configuration-options/#stabilitydays

• Currently prod deps have "rangeStrategy": "bump", but it seems like that does not have any advantages over "pin" - just keeps the caret ^ prefix

• Currently prod deps are not grouped - which is great for being able to ascertain which deps are causing failures and isolate them. But it does potentially lead to many patch release on the same day - unless, like I do, you merge them locally and then push.

• We could reduce our maintenence time by using automerging (when tests pass): could start using that for dev deps and prod deps in repos that are well tested e.g. (logga)

[alex-ketch]

Currently prod deps have "rangeStrategy": "bump", but it seems like that does not have any advantages over "pin" - just keeps the caret ^ prefix

Renovate has a good overview for why it might better to use version ranges for libraries.

Another painful issue I've personally experienced is with conflicts due to TypeScript definitions for pinned packages. Was around December I think so memory is hazy, but happened to me due to cyclical dependency between 3 of our projects.