chore(repo): Pin renovate config validator version

[dominic-clerk]

Description

This pins the validator version and removes the unnecessary init step to harden against supply chain compromises. In the previous workflow we would fetch the latest version and bypass other security mechanisms we have around dependency management.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other: CI

[changeset-bot]

⚠️ No Changeset found

Latest commit: 10f087c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	May 18, 2026 9:06am

[dominic-clerk]

we use npx so setting up the whole environment, injecting secrets and running pnpm install didn't do anything as renovate isn't in the dependencies we install.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 793680cd-abc6-44cd-8ba4-802c67100819

📥 Commits

Reviewing files that changed from the base of the PR and between 097ad4a and 10f087c.

📒 Files selected for processing (1)

• .github/workflows/validate-renovate-config.yml

---

📝 Walkthrough

Walkthrough

The pull request pins the Renovate config validator in the GitHub Actions workflow to version 43.150.0. The validation step previously used renovate@latest, which would pull different validator versions across workflow runs. This change replaces the dynamic reference with an explicit version pin, ensuring consistent validation behavior and reproducible CI runs.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: pinning the renovate validator version in the CI workflow configuration.
Description check	✅ Passed	The description clearly explains the purpose and rationale for the change, relating directly to the workflow modification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8580

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8580

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8580

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8580

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8580

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8580

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8580

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8580

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8580

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8580

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8580

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8580

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8580

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8580

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8580

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8580

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8580

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8580

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8580

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8580

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8580

commit: 10f087c