Cookiecutter Changes
- Add a Renovate configuration
- Pin all project dependencies, with the expectation that they'll be bumped by Renovate
- The current upstream policy causes Renovate to create:
- Python version upgrade PRs when available
- separate PRs for major version updates weekly
- a grouped PR for development tool updates (which may be safer to merge) weekly
- a grouped PRs for all other dependency updates weekly
- a lockfile refresh (for transitive dependency updates) monthly
- All policies can be overidden locally as desired