Skip to content

Skip {types-,}protobuf upgrades in Renovate#452

Merged
stefanvanburen merged 2 commits intomainfrom
svanburen/skip-protobuf-renovate
Apr 13, 2026
Merged

Skip {types-,}protobuf upgrades in Renovate#452
stefanvanburen merged 2 commits intomainfrom
svanburen/skip-protobuf-renovate

Conversation

@stefanvanburen
Copy link
Copy Markdown
Member

@stefanvanburen stefanvanburen commented Apr 10, 2026

We previously ignored these in Dependabot; should do the same in Renovate. #451 is failing because it's attempting to bump these.

Not entirely sure on the syntax here; I'm trying to follow the connect-python approach with otel: https://github.com/connectrpc/connect-python/blob/f188e7d0452be8a1ad04e308754852c76ee62c4d/renovate.json#L31-L37.

@stefanvanburen
Skip {types-,}protobuf upgrades in Renovate
450f322 
We [previously ignored these in Dependabot][1]; should do the same in
Renovate. #451 is failing because it's attempting to bump these.

[1]: 328d768#diff-dd4fbda47e51f1e35defb9275a9cd9c212ecde0b870cba89ddaaae65c5f3cd28L13-L14
anuraaga
anuraaga approved these changes Apr 11, 2026
View reviewed changes
.github/renovate.json5 Outdated
"types-protobuf"
],
// We manage these dependencies ourselves.
"lockFileMaintenance": {
Copy link
Copy Markdown

@anuraaga anuraaga Apr 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can remove this so just any type of update is disabled for them, in case we add to a subproject some day

Copy link
Copy Markdown
Member Author

@stefanvanburen stefanvanburen Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you mean going from:

      "lockFileMaintenance": {
        "enabled": false
      }

to:

      "enabled": false

?

I'm still a tad confused by the comment here (and in connect-python) about only bumping prod dependencies when necessary, but matching both prod and "optional" dependencies?: https://github.com/connectrpc/connect-python/blob/f188e7d0452be8a1ad04e308754852c76ee62c4d/renovate.json#L16-L23

Copy link
Copy Markdown

@anuraaga anuraaga Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah that's what I meant. One point is the enablement is a setting, while the others are matchers. So the setting to "disable all updates for the matched dependencies" is the plain enabled: false IIUC.

The optional dependencies point is admittedly cargo culted from some templates. In a hypothetical future where we supported extras in any of the libraries, those would be in optional-dependencies and would be the same scheme as production dependencies. Since we don't have any, indeed it's confusing - maybe it's better to remove that and add it when/if the time comes.

Copy link
Copy Markdown
Member Author

@stefanvanburen stefanvanburen Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

426da3d. thanks for explaining; that makes more sense to me.

@stefanvanburen stefanvanburen requested a review from anuraaga April 13, 2026 14:45
@stefanvanburen stefanvanburen merged commit 5901634 into main Apr 13, 2026
12 checks passed
@stefanvanburen stefanvanburen deleted the svanburen/skip-protobuf-renovate branch April 13, 2026 15:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anuraaga anuraaga anuraaga approved these changes

@AdrienVannson AdrienVannson Awaiting requested review from AdrienVannson

@srikrsna-buf srikrsna-buf Awaiting requested review from srikrsna-buf

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stefanvanburen @anuraaga