Renovate should pin dependencies

Signed-off-by: John Strunk <[email protected]>

.github/renovate.json5

@@ -1,15 +1,15 @@
 {
   // JSON5 spec: https://json5.org/
   // Renovate docs: https://docs.renovatebot.com/configuration-options/
-
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
   "extends": [
-    "config:recommended",             // Use recommended settings
-    "docker:pinDigests",              // Pin container digests
+    "config:recommended", // Use recommended settings
+    "docker:pinDigests", // Pin container digests
     "helpers:pinGitHubActionDigests", // Pin GitHub action digests
-    ":enablePreCommit",               // Enable updates to pre-commit repos
-    ":gitSignOff",                    // Add Signed-off-by line to commit messages
-    ":pinDevDependencies"             // Pin dev dependencies also
+    ":enablePreCommit", // Enable updates to pre-commit repos
+    ":gitSignOff", // Add Signed-off-by line to commit messages
+    ":pinDependencies", // Pin dependencies
+    ":pinDevDependencies" // Pin dev dependencies also
   ],
   // Files to ignore
   "ignorePaths": [
@@ -18,17 +18,27 @@
   "labels": [
     "dependencies"
   ],
-  "lockFileMaintenance": {"enabled": true},
+  "lockFileMaintenance": {
+    "enabled": true
+  },
   "packageRules": [
     {
       "description": "Update renovatebot/pre-commit-hooks weekly to decrease noise",
-      "matchPackageNames": ["renovatebot/pre-commit-hooks"],
-      "schedule": ["before 9am on monday"]
+      "matchPackageNames": [
+        "renovatebot/pre-commit-hooks"
+      ],
+      "schedule": [
+        "before 9am on monday"
+      ]
     },
     {
       "description": "Devcontainer 'features' don't support digest pinning",
-      "matchManagers": ["devcontainer"],
-      "matchDepTypes": ["feature"],
+      "matchManagers": [
+        "devcontainer"
+      ],
+      "matchDepTypes": [
+        "feature"
+      ],
       "pinDigests": false
     }
   ],