Why Renovate, not Dependabot
SAFE_SETTINGS_VERSION: 2.1.17 lives in a workflow env: block — Dependabot cannot detect it. Renovate supports custom regexManagers.
Key config points
regexManagers to track SAFE_SETTINGS_VERSION in the workflow
automerge: false + minimumReleaseAge: 7 days for safe-settings
automerge: true, automergeType: branch for Prettier (low risk)
- Requires installing the Renovate GitHub App on the org
Audit report — section 1
Why Renovate, not Dependabot
SAFE_SETTINGS_VERSION: 2.1.17lives in a workflowenv:block — Dependabot cannot detect it. Renovate supports customregexManagers.Key config points
regexManagersto trackSAFE_SETTINGS_VERSIONin the workflowautomerge: false+minimumReleaseAge: 7 daysfor safe-settingsautomerge: true, automergeType: branchfor Prettier (low risk)Audit report — section 1