renovate

Getting Started

1. Install the skill using the command above
2. Open your AI coding agent (Claude Code, Codex, Gemini CLI, or Cursor)
3. Reference the skill in your prompt
4. The AI will use the skill's capabilities automatically

Example Prompts

• "Review the open pull requests and summarize what needs attention"
• "Generate a changelog from the last 20 commits on the main branch"

Overview

Renovate is an automated dependency update tool that scans repositories for dependency files across 50+ ecosystems (npm, pip, Docker, Go, Rust, Terraform, GitHub Actions) and creates pull requests with changelogs, release notes, and configurable automerge policies. It supports grouping, scheduling, and per-package rules to keep dependencies current without overwhelming teams.

Instructions

• When setting up Renovate, start with config:recommended which provides sensible defaults for grouping, scheduling, and automerge, then add renovate.json to the repo root.
• When configuring automerge, enable it for low-risk updates (@types/*, devDependencies patches) and disable it for major updates, using platformAutomerge for GitHub's native merge feature.
• When reducing PR noise, use group:allNonMajor for a single weekly PR covering all minor and patch updates, and group monorepo packages (React, Angular, Babel) together.
• When setting schedules, configure update windows for low-traffic times (e.g., ["after 9am and before 5pm every weekday"]) to avoid disrupting developers.
• When defining package rules, use matchPackageNames, matchPackagePatterns, and matchUpdateTypes to set per-package automerge, grouping, and version strategies.
• When handling version strategies, pin exact versions in applications for reproducibility and use ranges in libraries for compatibility.

Examples

Example 1: Configure Renovate for a production monorepo

User request: "Set up Renovate with automerge for safe updates and weekly batching"

Actions:

1. Create renovate.json extending config:recommended and schedule:weekly
2. Add package rules to automerge @types/* and devDependency patches
3. Group React, Next.js, and testing library packages into single PRs
4. Enable the dashboard issue for an overview of all pending updates

Output: A Renovate configuration that automerges safe updates, batches non-major changes weekly, and groups related packages.

Example 2: Manage Docker and Terraform dependency updates

User request: "Keep Docker base images and Terraform provider versions up to date"

Actions:

1. Configure Renovate to scan Dockerfiles and .tf files
2. Set matchDatasources: ["docker"] with automerge: false for base image updates
3. Group Terraform providers by cloud provider (AWS, GCP, Azure)
4. Enable vulnerability alerts to prioritize updates that fix known CVEs

Output: Automated PRs for Docker and Terraform dependency updates with grouped providers and security prioritization.

Guidelines

• Start with config:recommended since it handles grouping, scheduling, and automerge sensibly.
• Automerge @types/* and devDependencies patches since they are low-risk and high-volume.
• Group monorepo packages (React, Vue, Angular, Babel, Jest) into single PRs to reduce noise.
• Schedule updates for low-traffic times to avoid disrupting developers during peak hours.
• Pin exact versions in applications and use ranges in libraries.
• Review major updates manually since breaking changes require human judgment.