New config option replaces existing option exposeEnv. Set trustLevel=high in the bot config if you trust the contents of the repositories you are renovating. Doing so results in env being exposed, access to localhost, etc.
Closes#2739
<!--
Before submitting a Pull Request, please ensure you have signed the CLA using this GitHub App:
https://cla-assistant.io/renovateapp/renovate
-->
<!-- Replace this text with a description of what this PR fixes or adds -->
Closes#2725 <!-- Ideally each PR should be closing an open issue -->
Adds support for custom Packagist registries.
- [x] Support dynamic packages.json interface for wpackagist.org
- [x] Support static packages.json for satis
- [x] Support basic auth using hostRules
- [x] Write basic auth to `auth.json`
Closes#2574, Closes#2354
Adds support for updating go modules (found in go.mod) and the accompanying go.sum checksum files.
Limitations:
- github.com modules only (but supports "redirects" to github e.g. by gopkg.in and golang.org)
- skips major upgrades > v1
- no vendoring support
Closes#933, Closes#2578, Closes#2579
Adds support for defining a default Docker registry. e.g. if `config.registryUrls = [‘https://docker.company.com']` then lookups for packages like `node` will be done from docker.company.com instead of index.docker.io.
Adds support for renovating git references in `package.json` files. Supports updating semver tags or sha1 references ("commit hashes").
Also includes support for updating git references from *private* GitHub repositories, if the following conditions are met:
- Renovate user/token is authorised to read from the source private repository
- Dependency is written like `git+https://github.com/owner/repo.git#ref` in `package.json`
Closes#415, Closes#817
Adds support for GitHub-hosted presets, using the `github>` prefix. Supports single preset per repository only.
Example:
```json
{
"extends": ["github>renovatebot/renovate"]
}
```
The above would extend the `renovate.json` inside this repository (probably not a good idea, but an example).
Closes#2102, Closes#2312
As mentioned in #2315 some docker registries don't support the digest header. This PR falls back to parsing the resulting manifest if the header is present.
Closes#2315
Adds support for processing www-authenticate Header to obtain a token from the Docker servers. In particular, this enables Artifactory to work (without username/passwords for now). This is backwards-compatible to Docker Hub which issues this header with the current hard-coded URLs.
Removes custom Docker lookup code and instead integrates it with the generic lookup routine used by other package managers. Logic for digest support was added but is used by Docker-only for now.
Closes#2081, Closes#2276
Renovate now ignores any upgrades that are marked as deprecated, unless the current version is itself also deprecated. The new config option `ignoreDeprecated` can be set to false to disable this if necessary.
Closes#1988
Adds basic support for renovating C# project files. The scope is initially limited to:
- .Csproj only (no VB.NET / F#)
- SDK style csproj's only (this is the default in .net core anyway)
- Limited to nuget.org support (no custom repository support)
Closes#935, Closes#2050
Adds support for custom docker registries. To work (for now), registries must support anonymous public access to their v2 API. Tested against quay.io and gcr.io, including tags pagination for quay. Also needed to add a 10s timeout for registry queries to catch private/firewalled registries that we can't access.
Closes#797
