mirror of
https://github.com/renovatebot/renovate.git
synced 2025-01-11 22:46:27 +00:00
docs: release notes for v38 (#30384)
Co-authored-by: Rhys Arkins <rhys@arkins.net> Co-authored-by: Sebastian Poxhofer <secustor@users.noreply.github.com>
This commit is contained in:
HonkingGoose
GitHub
parent
d7989b0de8
commit
de48a2b01b
1 changed files with 85 additions and 0 deletions
|
|
@ -7,6 +7,91 @@ The most recent versions are always at the top of the page.
|
|||
This is because recent versions may revert changes made in an older version.
|
||||
You also don't have to scroll to the bottom of the page to find the latest release notes.
|
||||
|
||||
## Version 38
|
||||
|
||||
### Breaking changes for 38
|
||||
|
||||
General:
|
||||
|
||||
- Require Node.js 20 ([#30291](https://github.com/renovatebot/renovate/pull/30291))
|
||||
- The Renovate Docker images no longer have `-slim` tags. You must stop using the `-slim` prefix. Renovate now defaults to the `-slim` tag type behavior.
|
||||
|
||||
Specific:
|
||||
|
||||
- **bitbucket-server:** autodetect `gitAuthor`, if possible ([#29525](https://github.com/renovatebot/renovate/pull/29525))
|
||||
- **config:** change from `boolean` to `enum` for `onboardingNoDeps`. Renovate now onboards repositories with no dependencies, with one exception: if you run Renovate in `autodiscover` mode then you must manually onboard Renovate for repos with no dependencies
|
||||
- **config:** sanitize special characters from branch names for vulnerability type PRs. This may cause Renovate to autoclose/replace existing PRs
|
||||
- **config:** change the order of `globalExtends` resolution, it is applied _first_ and remaining global config takes precedence
|
||||
- **datasource/docker:** Docker Hub lookups prefers `hub.docker.com` over `index.docker.io`. To revert to the old behavior: set `RENOVATE_X_DOCKER_HUB_TAGS_DISABLE=true` in your env
|
||||
- **git:** check _all_ commits on the branch to decide if the branch was modified ([#28225](https://github.com/renovatebot/renovate/pull/28225))
|
||||
- **gitea:** use "bearer auth" instead of "token auth" to authenticate to the Gitea platform
|
||||
- **github:** if you run Renovate as a GitHub app then `platformCommit` is automatically enabled
|
||||
- **http:** remove `dnsCache`
|
||||
- **logging:** you must set file logging via env, not in `config.js`
|
||||
- **manager/pep621:** change `depName` for `pep621` dependencies. This causes the branch name for `pep621` updates to change, which in turn means Renovate may autoclose and re-open some `pep621` PRs. Also, Renovate may start grouping dependencies into a single PR.
|
||||
- **npm:** for npm versions lower than 7, drop support for remediating vulnerabilities in _transitive_ dependencies
|
||||
- **npm:** remove `RENOVATE_CACHE_NPM_MINUTES` ([#28715](https://github.com/renovatebot/renovate/pull/28715))
|
||||
- **packageRules:** `matchPackageNames` (and related functions) no longer fall back to checking `depName`
|
||||
- **packageRules:** `matchPackageNames` exact matches are now case-insensitive
|
||||
|
||||
### Commentary for 38
|
||||
|
||||
#### Our Docker images are slim by default
|
||||
|
||||
If you self-host using Renovate's Docker `-slim` images: drop the `-slim` suffix, and switch to the default tags.
|
||||
Renovate's default tags like `38.0.0` are "slim" by default.
|
||||
There's no change if you're using the `-full` images.
|
||||
|
||||
#### Renovate needs Node.js 20
|
||||
|
||||
Renovate now needs Node.js `^20.15.1` to run.
|
||||
Our Docker images already use the correct version of Node.js.
|
||||
|
||||
But if you self-host _without_ using our Docker image, then you must update the version of Node.js.
|
||||
You must update manually, if for example: you build your own image, or run the `renovate` npm package.
|
||||
|
||||
##### Why we picked Node 20
|
||||
|
||||
We dropped Node.js 18, and do not yet support Node.js 22 as it's non-LTS and not recommended for production.
|
||||
|
||||
##### Why we picked a non-vulnerable version of Node
|
||||
|
||||
We decided to require the current non-vulnerable version of Node.js (`20.15.1` or newer).
|
||||
If we ever need to bump the minimum version of Node.js v20, we will release a new _major_ version of Renovate.
|
||||
|
||||
If you self-host: we recommend you always run a secure version of Node.js v20.
|
||||
This is because security vulnerabilities in Node.js can affect Renovate too.
|
||||
|
||||
#### If you use Mend's Renovate GitHub app
|
||||
|
||||
We recommend that all users running Renovate as a GitHub App use `platformCommit`.
|
||||
Renovate now defaults to `platformCommit` is enabled, when Renovate detects a GitHub App token.
|
||||
For PATs, we still recommend regular commits.
|
||||
|
||||
#### Log file configuration requires env settings
|
||||
|
||||
File-based logging must be configured using environment variables (e.g. `LOG_FILE`).
|
||||
Do _not_ set logging in files or CLI (such as `logFile`).
|
||||
|
||||
This ensures that logging begins right when Renovate starts a run.
|
||||
It also means Renovates logs how it parses the config.
|
||||
|
||||
#### Changes to package matching
|
||||
|
||||
Finally, we merged the `matchPackage*` and `excludePackage*` options into `matchPackageNames`.
|
||||
We also enabled patterns for the `matchPackageNames` config option.
|
||||
|
||||
This means you can now use regex or glob patterns:
|
||||
|
||||
- `"matchPackageNames": "/^com.renovatebot/"` (regex)
|
||||
- `"matchPackageNames": "@renovate/*"` (glob)
|
||||
|
||||
And of course, you can still use exact name matching.
|
||||
|
||||
### Link to release notes for 38
|
||||
|
||||
[Release notes for `v38` on GitHub](https://github.com/renovatebot/renovate/releases/tag/38.0.0).
|
||||
|
||||
## Version 37
|
||||
|
||||
### Breaking changes for 37
|
||||
|
|
|
|||
Loading…
Reference in a new issue