If `followTag` is defined for a package, then Renovate will ignore all other available versions and instead stick strictly to whatever version is defined for the tag. npm-only for now.
Closes#2258
Adds support for renovating git references in `package.json` files. Supports updating semver tags or sha1 references ("commit hashes").
Also includes support for updating git references from *private* GitHub repositories, if the following conditions are met:
- Renovate user/token is authorised to read from the source private repository
- Dependency is written like `git+https://github.com/owner/repo.git#ref` in `package.json`
Closes#415, Closes#817
Defaulting to ‘bundled’ (default behaviour), this option can be changed to ‘global’ if you wish Renovate to use globally installed npm, yarn, pnpm and lerna binaries. Note: composer always uses global regardless.
Adds functionality to force rebase a PR if the label "rebase" is added. Also, the label is configurable via a new `rebaseLabel` config option.
Closes#1406
Previously if grouping, all major/minor updates within that group were combined into one. Instead, we now honour the “separateMajorMinor”, "separateMinorPatch", and "separateMultipleMajor" settings and keep the groups separate if necessary.
For maximum compatibility with existing PRs, we name branches like `renovate/group-name` whenever possible and only name them like `renovate/major-group-name` or `renovate/patch-group-name` if major or patch are found.
Closes#2425
Adds new admin option “skipInstalls” that is applicable for npm-only for now (including lerna-npm). If set to false, Renovate will perform a full install of modules rather than `—package-lock-only`. This is necessary in some cases to work around bugs in npm.
Self-hosted bot users can set this option themselves on the bot’s config, but app users will require it to be enabled per-repository by the app admin.
Adds field prettyDepType available for templates, currently used for npm only. Allows for PR titles like “Update devDependency left-pad to v1.3.0” instead of default “Update dependency left-pad to v1.3.0”.
To enable in PR titles: add this configuration: `"commitMessageTopic": "{{prettyDepType}} {{depName}}”`
This is not enabled by default as otherwise it could lead to the reopening of previously manually-closed PRs.
Closes#2371, Closes#1863
Adds support for GitHub-hosted presets, using the `github>` prefix. Supports single preset per repository only.
Example:
```json
{
"extends": ["github>renovatebot/renovate"]
}
```
The above would extend the `renovate.json` inside this repository (probably not a good idea, but an example).
Closes#2102, Closes#2312
Adds rules to skip any configured grouping or schedules that prevent insecure packages from being updated immediately.
If GitHub's vulnerability alerts are detected, package rules are added to force empty schedule and grouping for each affected package. Settings are configurable via new `vulnerabilityAlerts` config object, e.g. so that custom PR titles, labels or assignees can be configured.
Closes#1567
Adds new config option `rollbackPrs` which defaults to `true` (current behaviour). Setting to false will disable creation of rollback PRs - configurable globally, per-language, per-package, etc.
Adds support for .gitlabci.yml files. Part of the logic is same as Docker Compose files, however the “services” list is new/different so requires additional logic.
Closes#1598
Refactors template logic to test for isSingleVersion instead of the negative of isRange. This means that new values like `==1.2.0` in python will be presented as v1.2.0
If an encrypted npmToken is found alongside an unencrypted npmrc in config, then the token will replace any `${NPM_TOKEN}` placeholder found, or be appended to the end of the file. This enables large npmrc files to be defined in config without needing to enrypt the entire thing.
Closes#1796
Renovate now ignores any upgrades that are marked as deprecated, unless the current version is itself also deprecated. The new config option `ignoreDeprecated` can be set to false to disable this if necessary.
Closes#1988
Refactors credentials/token handling to rely less on env variables and instead use an endpoints middleware for credentials handling.
First step towards #2105
This deprecates branch-push and branch-merge-commit automergeTypes and replaces with “branch”, which has the same behaviour as the previous branch-push.
BREAKING CHANGE: branch-merge-commit automergeType behaviour is no longer supported, all branch automerges now use branch push approach.
Changes gitAuthor to be an admin-only setting, i.e. configurable by bot admin and not by repo admin.
BREAKING CHANGE: gitAuthor can no longer be configured in repository config and can be set by bot admin only.
Adds config options force and forceCli. These cover the use case where a certain setting is desired to be forced by the bot admin, regardless of repository config, for example removing all configured schedules in order to force PR creation.
Closes#1731
Adds basic support for renovating C# project files. The scope is initially limited to:
- .Csproj only (no VB.NET / F#)
- SDK style csproj's only (this is the default in .net core anyway)
- Limited to nuget.org support (no custom repository support)
Closes#935, Closes#2050
This PR replaces the existing `pinVersions`, `upgradeInRange` and `versionStrategy` settings with a single one: `rangeStrategy`.
Previously:
- `pinVersions` could be `true` or `false`, but defaulted to `null`, which meant that Renovate would decide. `true` meant that Renovate would replace existing ranges like `^1.0.0` with an exact/pinned version such as `1.2.0`.
- `upgradeInRange` could be true or false, default to false. If `true`, it would mean Renovate would replace an existing range like `^1.0.0` with something like `^1.2.0`
- `versionStrategy` could be `replace` or `widen` and was mainly used for `peerDependencies` to widen existing ranges, e.g. from `^1.0.0` to `^1.0.0 || ^2.0.0`
It was possible to set conflicting settings, e.g. configuring `pinVersions=true` and `upgradeInRange=true`.
Now, we combine them into a single setting: `rangeStrategy`:
- `auto` = Renovate decides (this will be done on a manager-by-manager basis)
- `pin` = convert ranges to exact versions
- `bump` = same as `upgradeInRange` previously, e.g. bump the range even if the new version satisifies the existing range
- `replace` = Same as pinVersions === false && upgradeInRange === false, i.e. only replace the range if the new version falls outside it
- `widen` = Same as previous versionStrategy==='widen'
Adds a link to the latest version notes in the PR body, as well as a source compare link for all commits between the current version and the new version.
Closes#1876
Refactor changelog (commits) logic to separate sources, and remove the `changelog` dependency. Instead of a full copy/paste of commits, a link is now provided to the source repo.
Closes#381
Renovate now comes with a variety of package managers supported, each with their own filename pattern(s). These patterns are now exposed for user configuration through the new `fileMatch` list/array configuration option, which has been added to each manager (npm, bazel, docker-compose, etc). `fileMatch` is defined as a mergeable list, meaning that users can add to the default pattern to extend the files being detected.
Closes#799
Rules for dep types (e.g. dependencies, devDependencies, peerDependencies, optionalDependencies) should now be done with `packageRules` and the `depTypeList` selector
This PR adds basic support for requirements.txt. Currently it works on fully specified (pinned) versions only, so is disabled by default. Enable it by setting `pip_requirements.enabled = true` in config.
This PR adds initial support for buildkite plugin renovation.
It supports `plugin-name` or `my/plugin-name` plugins, and fully specified semver versions only (e.g. `v1.3.2`). Currently it will always propose an upgrade to the latest version available, e.g. if current version is v1.3.1 and both v1.3.2 and v2.0.0 exist then v2.0.0 will be proposed. Looks for any yml file in the `.buildkite/` directory.
Closes#1869
The matchCurrentVersion option sets a range of versions that a package update can be in. If the package's current version doesn't satisfy the matchCurrentVersion range, it won't match the rule.
Closes#1771
This PR refactors `branchName`, `commitMessage` and `prTitle` so that they are more easily editable and hopefully more understandable. By breaking each up into subsections, users can modify one part without needing to copy/paste the entire string.
Directly editing any of these fields will now be deprecated and a warning issued.
