renovate.json5

{
	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
	"extends": [
		"config:base"
	],

	// We don't update too frequently so that if something is broken in a new package
	// release it will have time to be fixed by the time we update. The npm ecosystem
	// being what it is even patch releases can have serious breaking changes.
	"major": {
		"stabilityDays": 200,
	},
	"minor": {
		"stabilityDays": 120,
	},
	"patch": {
		"stabilityDays": 90,
	},

	// Keep a low limit because otherwise Renovate will do nothing for 3 months then
	// suddenly dump 20 pull requests. And this intefer with our GitHub Action to 
	// automerge PRs, not to mention that they all end up conflicting with each others
	// if they are created at the same time.
	"prConcurrentLimit": 4,

	"prHourlyLimit": 0,

	// Tell Renovate to rebase only when there's a conflict, otherwise pull
	// requests never get auto-merged because there are always new changes.
	"rebaseWhen": "conflicted",

	// It seems we need to delete the branches after merge or else it causes this problem:
	// https://github.com/renovatebot/renovate/discussions/21256#discussioncomment-5898418
	"pruneBranchAfterAutomerge": true,
	
	"ignorePaths": [
		"**/bower_components/**",
		"**/node_modules/**",
		"Assets/**",
		"packages/app-cli/tests/**",
		"packages/app-clipper/popup",
		"packages/app-mobile/android/app/build.gradle",
		"packages/generate-plugin-doc/**",
		"packages/plugins/**",
		"packages/doc-builder/**",

		// We don't build or run this package on CI so it should be upgraded manually
		"packages/onenote-converter/**",
	],
	"ignoreDeps": [
		"@babel/core",
		// ProseMirror and CodeMirror often need to be deduplicated after updating (e.g. with
		// yarn dedupe 'prosemirror-*'). Renovate doesn't do this, and, without the deduplication,
		// multiple instances of some parts of the libraries can be loaded, breaking parts of the editor. 
		"@codemirror/autocomplete",
		"@codemirror/commands",
		"@codemirror/lang-cpp",
		"@codemirror/lang-html",
		"@codemirror/lang-java",
		"@codemirror/lang-javascript",
		"@codemirror/lang-markdown",
		"@codemirror/lang-php",
		"@codemirror/lang-rust",
		"@codemirror/language",
		"@codemirror/language-data",
		"@codemirror/legacy-modes",
		"@codemirror/lint",
		"@codemirror/search",
		"@codemirror/state",
		"@codemirror/view",
		"@replit/codemirror-vim",
		"@lezer/common",
		"@lezer/highlight",
		"@lezer/markdown",
		"prosemirror-model",
		"prosemirror-state",
		"prosemirror-view",
		"prosemirror-tables",
		// Does not use semver
		"@dr.pogodin/react-native-fs",
		"@fortawesome/fontawesome-svg-core",
		"@fortawesome/free-solid-svg-icons",
		"@svgr/webpack",
		"actions/stale",
		"babel-eslint",
		"babel-loader",
		"babel-preset-react-app",
		"browserify",
		"codemirror",
		"cspell",
		"expo-av", // Must be updated with expo
		"file-loader",
		"gradle",
		"html-webpack-plugin",
		"husky",
		"lerna",
		"metro-react-native-babel-preset",
		"mini-css-extract-plugin",
		"rollup-plugin-commonjs",
		"rollup-plugin-node-resolve",
		"rollup",
		"ruby",
		"stripe",
		"typedoc",
		"webpack-cli",
		"webpack",
		"yeoman-generator",

		// pdfjs-dist requires the canvas package, which cannot be built in
		// Windows.
		//
		// An unhandled error occurred inside electron-rebuild node-gyp failed
		// to rebuild
		// 'D:\a\joplin\joplin\packages\pdf-viewer\node_modules\canvas'.
		//
		// https://github.com/mozilla/pdf.js/issues/15112
		//
		// Maybe need to install Canvas separately and follow the instruction
		// here to setup the build properly on Windows:
		// https://github.com/Automattic/node-canvas#compiling
		"pdfjs-dist",

		// Too complex to upgrade past TinyMCE 5
		// https://www.tiny.cloud/docs/tinymce/6/migration-from-5x/
		"tinymce",

		// React Native stuff should be updated only when
		// upgrading React Native.
		"@babel/preset-env",
		"@babel/runtime",
		"@react-native-community/cli",
		"@react-native-community/cli-platform-android",
		"@react-native-community/cli-platform-ios",
		"@tsconfig/react-native",
		"@types/react-native",
		"@testing-library/react-native",
		"androidx.appcompat:appcompat",
		"babel-plugin-module-resolver",
		"com.android.tools.build:gradle",
		"com.facebook.flipper:flipper-fresco-plugin",
		"com.facebook.flipper:flipper-network-plugin",
		"com.facebook.flipper:flipper",
		"com.google.code.gson:gson",
		"com.google.code.gson",
		"de.undercouch:gradle-download-task",
		"jsc-android",
		"org.robolectric:robolectric",
		"react-native",
		"activesupport",
		"cocoapods",
		"@react-native/metro-config",
		"@react-native/babel-preset",

		// We currently don't have automated tests that verify that the
		// sidemenus work correctly in the mobile app. Because an update to
		// react-native-reanimated has previously broken the sidemenu
		// (https://github.com/laurent22/joplin/issues/8456), we disable auto
		// updates for it:
		"react-native-reanimated",

		// Cannot upgrade further due to ESM support
		"node-fetch",
		"execa",
		"open",
		"pretty-bytes",
		"strip-ansi",
		"node-emoji",
		"debounce",
		"gettext-parser",
		"query-string",
		"@rmp135/sql-ts",
		"file-type",
		"builtin-modules",
		"yargs-parser",
		"yargs",

		// Formidable v3 is broken:
		// https://github.com/node-formidable/formidable/issues/958
		"formidable",
		"@types/formidable",

		// @koa/cors has undocumented breaking changes, and the package is not
		// well supported so we're stuck with latest v3 for now
		"@koa/cors",

		// Can't upgrade beyond 2.x because it doesn't work with Electron. If
		// trying to upgrade again, check that adding a link from the CodeMirror
		// editor works. See /packages/app-desktop/gui/dialogs.ts
		"smalltalk",

		// Don't think we can trust this lib because they don't release a
		// changelog and the latest version appears to have breaking changes
		// (v0.5.0). Doesn't seem serious unfortunately.
		// https://github.com/Leonidas-from-XIV/node-xml2js/issues/677
		"xml2js",

		// Looks like upgrading AWS causes the mobile build to fail with the following error:
		//
		// error: Error: Unable to resolve module @aws-sdk/chunked-blob-reader from /Users/laurent/src/joplin/packages/lib/node_modules/@aws-sdk/hash-blob-browser/dist-cjs/index.js: @aws-sdk/chunked-blob-reader could not be found within the project or in these directories:
		//   ../lib/node_modules
		//   ../../node_modules
		//   ../../../node_modules
		//   /Users/laurent/src/joplin/packages/app-mobile/node_modules/@aws-sdk/chunked-blob-reader
		//   2 | Object.defineProperty(exports, "__esModule", { value: true });
		//   3 | exports.blobHasher = void 0;
		// > 4 | const chunked_blob_reader_1 = require("@aws-sdk/chunked-blob-reader");
		//     |                                        ^
		//   5 | const blobHasher = async function blobHasher(hashCtor, blob) {
		//   6 |     const hash = new hashCtor();
		//   7 |     await (0, chunked_blob_reader_1.blobReader)(blob, (chunk) => {
		//     at ModuleResolver.resolveDependency (/Users/laurent/src/joplin/packages/app-mobile/node_modules/metro/src/node-haste/DependencyGraph/ModuleResolution.js:178:15)
		//
		// Started failing with:
		//
		//  "aws-sdk": "2.1340.0"
		// "@aws-sdk/client-s3": "3.296.0"
		// "@aws-sdk/s3-request-presigner": "3.296.0"
		"aws-sdk",
		"@aws-sdk/client-s3",
		"@aws-sdk/s3-request-presigner",

		// We are too many versions behind so it needs to be manually upgraded.
		"immer",

		// We don't really use styled-components anymore and v6 introduces
		// breaking changes. Ideally we should just update existing components
		// to rscss.
		"styled-components",
		"@types/styled-components",

		// For now we are stuck with v5.1.6 due to this bug:
		// https://github.com/TryGhost/node-sqlite3/issues/1747
		"sqlite3",

		// Used by onenote-converter but has many breaking changes and we don't test it on CI, so
		// would need to be manually upgraded and tested.
		"bat",

		"react-test-renderer",

		// Don't upgrade katex and mermaid automatically because we need to run
		// `yarn buildAssets` after the package has been updated
		"katex",
		"mermaid",

		// We keep using v5 for now. Upgrading to v7 would require updating the icon names.
		"@fortawesome/fontawesome-free",
	],
	"packageRules": [
		// The React Monorepo rule appears to be automatically enabled, but the PR will usually fail
		// as there are too many packages at the same time. It also keeps recreating it when it's
		// closed so here we're trying to disable it.
		{
			"matchPackagePatterns": [
				"react",
				"react-*",
				"@types/react",
				"@types/react-*",
			],
			"groupName": null,
		},

		{
			"matchUpdateTypes": ["patch"],
			"automerge": true,
			"labels": ["automerge"],
		},

		{
			"matchUpdateTypes": ["minor", "patch"],
			"automerge": true,
			"labels": ["automerge"],
			"matchPackagePatterns": [
				"@types/*",
			],
		},

		{
			"matchUpdateTypes": ["minor", "patch"],
			"automerge": true,
			"groupName": "types",
			"extends": ["schedule:monthly"],
			"labels": ["automerge"],
			"matchPackagePatterns": [
				"electron",
				"electron-*",
			],
		},
		
		{
			"matchUpdateTypes": ["major", "minor", "patch"],
			"automerge": true,
			"groupName": "eslint",
			"labels": ["automerge"],
			"extends": ["schedule:monthly"],
			"matchPackagePatterns": [
				// If the apps build and all tests pass, we can assume that Yarn
				// and TypeScript are safe to upgrade. They are frequently
				// updated so having them here reduces noise.
				"eslint",
				"eslint-*",
				"jest",
				"jest-*",
				"@typescript-eslint/*",
				"yarn",
				"typescript",
				"prettier",
			],
		},

		// {
		// 	"matchUpdateTypes": ["minor", "patch"],
		// 	"automerge": true,
		// 	"groupName": "aws",
		// 	"labels": ["automerge"],
		// 	"extends": ["schedule:monthly"],
		// 	"matchPackagePatterns": [
		// 		// AWS packages are updated too frequently and we can assume minor
		// 		// updates are stable.
		// 		"@aws-sdk/*",
		// 		"aws-sdk",
		// 	],
		// },
	]
}