Renovate will now put all its data in `path.join(os.tmpdir(), '/renovate’);` and will instruct npm and yarn to do the same. To force Renovate to use a specific folder, set `process.env.TMPDIR` when running. The previous variable `RENOVATE_TMPDIR` is now deprecated and will be rewritten to TMPDIR.
Closes#1794
Adds support for renovating git references in `package.json` files. Supports updating semver tags or sha1 references ("commit hashes").
Also includes support for updating git references from *private* GitHub repositories, if the following conditions are met:
- Renovate user/token is authorised to read from the source private repository
- Dependency is written like `git+https://github.com/owner/repo.git#ref` in `package.json`
Closes#415, Closes#817
Detects github repos in package.json and keeps them up to date if they are using semver tags, e.g. `”github:gulpjs/gulp#v4.0.0-alpha.2”` will get updated to `”github:gulpjs/gulp#v4.0.0”`.
Part of #415 but not closing it yet.
Defaulting to ‘bundled’ (default behaviour), this option can be changed to ‘global’ if you wish Renovate to use globally installed npm, yarn, pnpm and lerna binaries. Note: composer always uses global regardless.
Detect strings in `yarn` `stderr` that indicate a registry problem and if found then throw a `registry-failure` error instead of continuing with a PR creation or update. This way they should be retried on each run until the registry is available again.
Closes#2474, Closes#2475
npm’s —package-lock-only implementation seems to have a bug and produces incorrect lock files when file: references are present. If file: dependencies are detected, skipInstalls is set to false.
Closes#2401
Adds new admin option “skipInstalls” that is applicable for npm-only for now (including lerna-npm). If set to false, Renovate will perform a full install of modules rather than `—package-lock-only`. This is necessary in some cases to work around bugs in npm.
Self-hosted bot users can set this option themselves on the bot’s config, but app users will require it to be enabled per-repository by the app admin.
Adds field prettyDepType available for templates, currently used for npm only. Allows for PR titles like “Update devDependency left-pad to v1.3.0” instead of default “Update dependency left-pad to v1.3.0”.
To enable in PR titles: add this configuration: `"commitMessageTopic": "{{prettyDepType}} {{depName}}”`
This is not enabled by default as otherwise it could lead to the reopening of previously manually-closed PRs.
Closes#2371, Closes#1863
Adds support for .gitlabci.yml files. Part of the logic is same as Docker Compose files, however the “services” list is new/different so requires additional logic.
Closes#1598
Removes custom Docker lookup code and instead integrates it with the generic lookup routine used by other package managers. Logic for digest support was added but is used by Docker-only for now.
Closes#2081, Closes#2276
Previously if there were any “pin” updates then that would block all non-pin updates until the pin one was merged. However, this doesn’t make sense if the other PR is for an unrelated dependency.
Closes https://github.com/renovatebot/config-help/issues/64
Manually finds and massages node updates in Docker, Docker Compose and Circle CI so that they should take on the same “renovate/node-8.x” style branch naming. The goal is to unify all node updates into a single branch.
Raises an additional log file warning whenever lock file errors persist for a day or longer. The idea of this is that temporary errors - e.g. caused by npmjs itself - should not disturb the user. 1 day seems like a reasonable time for multiple attemps to be made first, assuming it has been scheduled. Once this is tested in production for a little while and no unexpected problems, it will be converted to actually raise a config warning issue in the repo to get user attention.
Adds basic support for renovating C# project files. The scope is initially limited to:
- .Csproj only (no VB.NET / F#)
- SDK style csproj's only (this is the default in .net core anyway)
- Limited to nuget.org support (no custom repository support)
Closes#935, Closes#2050
