Configure renovate, force exact package-lock versions. (#2410)

This also force-replaces any http urls in package-lock to be https again. Fixes #2409
2019-01-30 16:01:20 +01:00 · 2019-01-30 16:01:20 +01:00 · 3b548b08b9
--- a/README.md
+++ b/README.md
@ -137,7 +137,7 @@ Install dependencies with npm:
 npm install
 ```

-Dependencies are automatically kept up-to-date using [greenkeeper](http://greenkeeper.io/).
+Dependencies are automatically kept up-to-date using [renovatebot](https://renovatebot.com/).

 #### npm scripts

--- a/package-lock.json
+++ b/package-lock.json
--- a/renovate.json
+++ b/renovate.json
@ -1,5 +1,20 @@
 {
+  "timezone": "UTC",
  "extends": [
-    "config:base"
+    "config:base",
+    ":maintainLockFilesWeekly",
+    ":prNotPending"
+  ],
+  "lockFileMaintenance": {
+    "enabled": true,
+    "schedule": "before 8am on Tuesday"
+  },
+  "packageRules": [
+    {
+      "packagePatterns": [
+        "*"
+      ],
+      "rangeStrategy": "pin"
+    }
  ]
 }