Scheduled manual dependency updates are a productivity tax that guarantees you will lag behind every critical CVE by weeks. Here is a Renovate configuration that automates the whole pipeline: grouping, scheduling, auto-merging safe updates, and fire-drilling security fixes without human triage.