Enable automated security updates on both v1.x and main branches

[nitrocode]

It would be nice to enable dependabot / renovatebot in this repo so PRs to bump vulnerable dependencies can be opened sooner.

[gr2m]

We use @renovatebot, it sends updates for security updates, too, and I think it can be configured to update maintenance branches as well, but I'm not sure

[nitrocode]

Oh I didn't realize. I didn't see a renovate.json* file in this repo.

I see some of the repos in this org that do have it configured.

https://github.com/gr2m/ts-jest/blob/main/renovate.json

Does this repo have renovatebot enabled?

---

Yes, it does look like baseBranches can be configured in renovate to target multiple branches

{
  "baseBranches": ["main", "v1.x"]
}

[gr2m]

My fault, it was not yet enabled, I did enable it now for main:
#81

Can you backport this to 1.x?

[nitrocode]

Not a problem at all. Thanks for enabling it.

Did you mean to backport the same change you made or also add the baseBranches key?

I've never updated the package.json with the renovate config. I didn't know that worked. I've always updated the renovate.json* file to configure the bot.

[gr2m]

I never worked with baseBranches but I assume that configuration needs to go into the main branch. The value can include a regex so it should cover all future [number].x branches: https://docs.renovatebot.com/configuration-options/#basebranches

I didn't have renovate enabled on maintenance branches before, but I assume it needs a renovation configuration in the respective branch as well, so I think backporting the change of my PR to 1.x makes sense