{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:recommended"],
"pinDigests": true,
"packageRules": [
{
"description": "Pin GitHub Actions to digest SHAs and automerge non-major bumps",
"matchManagers": ["github-actions"],
"pinDigests": true,
"automerge": true,
"automergeType": "pr",
"automergeStrategy": "squash",
"matchUpdateTypes": ["minor", "patch", "digest"]
},
{
"description": "Widen Rust requirement ranges (not just the lockfile) so caret pins do not silently go stale behind a published minor",
"matchManagers": ["cargo"],
"rangeStrategy": "bump"
},
{
"description": "Automerge Rust dependency patch + minor bumps (timeglyph is an app: MSRV == the pinned toolchain, so a minor bump cannot break a downstream library consumer)",
"matchManagers": ["cargo"],
"matchUpdateTypes": ["patch", "minor"],
"automerge": true,
"automergeType": "pr",
"automergeStrategy": "squash"
}
],
"lockFileMaintenance": {
"enabled": true,
"schedule": ["before 6am on Monday"]
}
}