chore: set up Renovate for dependency updates [MEC-3447]#1360
Merged
Paula Pasqualini (pypas) merged 1 commit intoJul 16, 2026
Conversation
contentful-renovate-rollout
Bot
force-pushed
the
renovate-rollout/dependabot-to-renovate
branch
from
July 8, 2026 14:26
46639b1 to
6f5cb53
Compare
Paula Pasqualini (pypas)
approved these changes
Jul 16, 2026
Paula Pasqualini (pypas)
deleted the
renovate-rollout/dependabot-to-renovate
branch
July 16, 2026 12:12
|
🎉 This PR is included in version 2.7.4 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sets up Renovate as the dependency-update tool for this repository, part of an org-wide rollout.
Depending on this repo's starting state, this PR does some of the following:
renovate.jsonextending the Contentful shared presetpackageRuleswhere still needed, and removes Dependabot-only automation and secret policiesManual follow-up (not handled by this PR):
Migration Confidence: 🟡 Medium
Summary
Migrated from Dependabot to Renovate: added renovate.json extending local>contentful/renovate-config (correct standard preset), deleted .github/dependabot.yml, removed the dependabot vault secret policy from .contentful/vault-secrets.yaml, and updated the CODEOWNERS comment. The migrator also translated the three Dependabot ignore rules into Renovate packageRules (disabling @salesforce/dev-scripts, capping oclif below 3.17.1, and capping clean-stack below 3.0.1) — this was a judgment call not mechanically specified by the migration prompt, and the Dependabot cooldown-days: 15 setting was not carried over (no direct Renovate equivalent, likely intentional via the shared preset).
Files requiring attention
The following files had edge cases or required judgment during migration and should be reviewed carefully:
renovate.json