Add a lockfile type to matchUpdateTypes, in order to prevent duplicate PR's with lockFileMaintenance

[intentionally-left-nil]

Tell us more.

I want to write a rule like this:

"packageRules": [
    {
      "description": "Exclude updates for package.json files that are covered by lockfile maintenance",
      "matchFileNames": ["package.json"],
      "matchUpdateTypes": ["lockfile"],
      "enabled": false
    },
"lockFileMaintenance": {
    "enabled": true,
    "automerge": true,
    ...
  }

The missing functionality is having lockfile as a matchUpdateType.

Let's say you have a npm package.json with "my_dependency": "^1.1.0"
and a new version 1.2.0 comes out. Right now what happens is that renovate will open a PR for the version bump. Then, whenever the lockfile maintenance runs, it will bump the lock file to 1.2.0, and finally renovate will close the 1.2 PR that it previously opened.

This is a problem for a few reasons: It reduces the usefulness of lockFileMaintenance. We want to say "Feel free to auto-merge anything valid in the package.json, and open a PR for anything out of scope"

With the current rules, the only thing we could do would be to e.g. only match on major versions. However, this is ineffective because only some packages need manual intervention only on major versions. If we had e.g. "my_dependency": "~1.1.0" then we would want a normal renovate PR to be opened as the lockfile can't bump to 1.2 without intervention

[rarkins]

It sounds like you just need to set rangeStrategy=replace

[intentionally-left-nil]

Awesome that worked. I don't think it's something I would have figured out otherwise - perhaps it's worth calling out somewhere :)