diff --git a/.github/workflows/pipeline-bump-renovate-deps.yml b/.github/workflows/pipeline-bump-renovate-deps.yml
index c61ec43..fd3bf31 100644
--- a/.github/workflows/pipeline-bump-renovate-deps.yml
+++ b/.github/workflows/pipeline-bump-renovate-deps.yml
@@ -48,6 +48,6 @@ jobs:
           RENOVATE_AUTODISCOVER: "false"
           RENOVATE_ONBOARDING: "false"
           RENOVATE_BASE_BRANCHES: ${{ github.ref_name }}
-          RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS: '["^bazel mod graph --lockfile_mode=update$"]'
+          RENOVATE_ALLOWED_UNSAFE_EXECUTIONS: '["bazelModDeps"]'
           LOG_LEVEL: info
         run: npx --yes renovate
diff --git a/renovate.json b/renovate.json
index ca7df58..1618cda 100644
--- a/renovate.json
+++ b/renovate.json
@@ -12,7 +12,6 @@
     "enabled": true
   },
   "separateMajorMinor": false,
-  "skipArtifactsUpdate": true,
   "prHourlyLimit": 0,
   "branchPrefix": "auto/bump-renovate-",
   "packageRules": [
@@ -28,11 +27,5 @@
       "groupName": "dependencies",
       "groupSlug": "deps"
     }
-  ],
-  "postUpgradeTasks": {
-    "description": "Refresh MODULE.bazel.lock to track the bazel_dep versions Renovate bumped.",
-    "commands": ["bazel mod graph --lockfile_mode=update"],
-    "fileFilters": ["MODULE.bazel.lock"],
-    "executionMode": "branch"
-  }
+  ]
 }