Configure Renovate

[mapbox-renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

Detected Package Files

• .github/workflows/ci.yml (github-actions)
• .github/workflows/codeql.yml (github-actions)
• .github/workflows/release.yml (github-actions)
• .github/workflows/s3-bucket.yml (github-actions)
• lib/util/nw-pre-gyp/package.json (npm)
• package.json (npm)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate configuration migration PRs when needed.
• Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
• Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Correctly link to the source code for golang.org/x packages
• Link to pkg.go.dev/... for golang.org/x packages' title

---

You have configured Renovate to use the following baseBranchPatterns: main, master.

What to Expect

With your current configuration, Renovate will create 17 Pull Requests:

Update dependency tar to v7.5.11 [SECURITY] (master)

• Branch name: renovate/master-npm-tar-vulnerability
• Merge into: master
• Upgrade tar to 7.5.11

Update all patch dependencies (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-all-patch
• Merge into: master
• Upgrade https-proxy-agent to 7.0.6
• Upgrade nock to 13.5.6
• Upgrade rimraf to 6.1.3
• Upgrade tar-fs to 3.1.2

Update dependency @aws-sdk/client-s3 to v3.1029.0 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-aws-sdk-js-v3-monorepo
• Merge into: master
• Upgrade @aws-sdk/client-s3 to 3.1029.0

Update dependency @​mapbox/cloudfriend to v9.4.1 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-mapbox-cloudfriend-9.x-lockfile
• Merge into: master
• Upgrade @mapbox/cloudfriend to 9.4.1

Update dependency @​mapbox/eslint-config-mapbox to v5.1.0 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-mapbox-eslint-config-mapbox-5.x
• Merge into: master
• Upgrade @mapbox/eslint-config-mapbox to 5.1.0

Update dependency consola to v3.4.2 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-consola-3.x-lockfile
• Merge into: master
• Upgrade consola to 3.4.2

Update dependency detect-libc to v2.1.2 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-detect-libc-2.x-lockfile
• Merge into: master
• Upgrade detect-libc to 2.1.2

Update dependency node-addon-api to v8.7.0 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-node-addon-api-8.x-lockfile
• Merge into: master
• Upgrade node-addon-api to 8.7.0

Update dependency nopt to v8.1.0 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-nopt-8.x-lockfile
• Merge into: master
• Upgrade nopt to 8.1.0

Update dependency eslint to v10 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-major-eslint-monorepo
• Merge into: master
• Upgrade eslint to ^10.0.0

Update dependency https-proxy-agent to v9 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-https-proxy-agent-9.x
• Merge into: master
• Upgrade https-proxy-agent to ^9.0.0

Update dependency js-yaml to v4 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-js-yaml-4.x
• Merge into: master
• Upgrade js-yaml to ^4.0.0

Update dependency nock to v14 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-nock-14.x
• Merge into: master
• Upgrade nock to ^14.0.0

Update dependency node to v24 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-node-24.x
• Merge into: master
• Upgrade node to 24

Update dependency node-fetch to v3 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-node-fetch-3.x
• Merge into: master
• Upgrade node-fetch to ^3.0.0

Update dependency nopt to v9 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-nopt-9.x
• Merge into: master
• Upgrade nopt to ^9.0.0

Update dependency nyc to v18 (master)

• Schedule: ["at any time"]
• Branch name: renovate/master-nyc-18.x
• Merge into: master
• Upgrade nyc to ^18.0.0

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR has been generated by Renovate Bot.

[clarkemn]

Closing — opened in error by automated Renovate run.