chore(renovate): support transitive deps#649
Conversation
➖ Are we earthbuild yet?No change in "earthly" occurrences 📈 Overall Progress
Keep up the great work migrating from Earthly to Earthbuild! 🚀 💡 Tips for finding more occurrencesRun locally to see detailed breakdown: ./.github/scripts/count-earthly.shNote that the goal is not to reach 0. |
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Code Review
This pull request enables lockfile maintenance in the Renovate configuration and updates Ruby version and Gemfile dependencies for the Ruby on Rails example. The reviewer noted that enabling lockfile maintenance without a custom schedule defaults to a weekly run, which conflicts with the repository's monthly update strategy. It is recommended to configure the lockfile maintenance schedule to run monthly to align with the rest of the repository.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Enables Renovate to update transitive dependencies in lockfiles (fixing Ruby on Rails security alerts).
Changes
lockFileMaintenanceglobally inrenovate.json5..ruby-version(4.0.5) toexamples/ruby-on-rails/so Renovate can run lockfile commands.examples/ruby-on-rails/Gemfile.lockto bump vulnerable dependencies and align Bundler to4.0.15.