renovate.json5

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  /***** General settings *****/

  // Use recommended defaults
  "extends": [
    "config:base",
    ":semanticCommits",
    ":semanticCommitScopeDisabled"
  ],

  // Run on a monthly schedule to keep interruptions to a minimum,
  //  but always open vulnerability-fixing pull requests immediately
  "schedule": "before 9am on the first day of the week",
  "timezone": "America/Detroit",
  "vulnerabilityAlerts": {
    "labels": ["security"],
    "schedule": "at any time"
  },

  // Avoid updating to unstable versions
  "ignoreUnstable": true,
  "stabilityDays": 7,

  /***** Node.js settings *****/

  // When updating, bump version ranges (e.g. ^0.1.3 -> ^0.1.4)
  "rangeStrategy": "bump",

  // Keep package-lock.json updated, similar to `npm audit fix`
  "lockFileMaintenance": {
    "enabled": true
  },

  "packageRules": [

    // Group updates into "dependencies" and "dev dependencies" rather
    //  than having a separate pull request per updated package
    {
      "depTypeList": ["dependencies"],
      "groupName": "Dependencies"
    },
    {
      "depTypeList": ["devDependencies"],
      "groupName": "Dev Dependencies"
    },
    {
      "matchFileNames": ["website/**"],
      "groupName": "Website Dependencies"
    },
  ],
  
  // Docusaurus does not work with mdx-js/react version 2
  "ignoreDeps": ["@mdx-js/react"],
  "constraints": {
    "npm": " ^9.0.0"
  }
}