Previously if grouping, all major/minor updates within that group were combined into one. Instead, we now honour the “separateMajorMinor”, "separateMinorPatch", and "separateMultipleMajor" settings and keep the groups separate if necessary.
For maximum compatibility with existing PRs, we name branches like `renovate/group-name` whenever possible and only name them like `renovate/major-group-name` or `renovate/patch-group-name` if major or patch are found.
Closes#2425
Methods to support performing Git operation using filesystem instead of web API. GitHub only and experimental only. Usage: define env variable `RENOVATE_GIT_FS`.
Closes#1925
npm’s —package-lock-only implementation seems to have a bug and produces incorrect lock files when file: references are present. If file: dependencies are detected, skipInstalls is set to false.
Closes#2401
Adds new admin option “skipInstalls” that is applicable for npm-only for now (including lerna-npm). If set to false, Renovate will perform a full install of modules rather than `—package-lock-only`. This is necessary in some cases to work around bugs in npm.
Self-hosted bot users can set this option themselves on the bot’s config, but app users will require it to be enabled per-repository by the app admin.
If the current value is already unstable then we presume the user is happy to take newer unstable versions. However we should not presume that they want to keep jumping versions if so and instead would prefer to stabilise.
Discussed in #2258 but does not close it
Adds field prettyDepType available for templates, currently used for npm only. Allows for PR titles like “Update devDependency left-pad to v1.3.0” instead of default “Update dependency left-pad to v1.3.0”.
To enable in PR titles: add this configuration: `"commitMessageTopic": "{{prettyDepType}} {{depName}}”`
This is not enabled by default as otherwise it could lead to the reopening of previously manually-closed PRs.
Closes#2371, Closes#1863
Adds support for GitHub-hosted presets, using the `github>` prefix. Supports single preset per repository only.
Example:
```json
{
"extends": ["github>renovatebot/renovate"]
}
```
The above would extend the `renovate.json` inside this repository (probably not a good idea, but an example).
Closes#2102, Closes#2312
As mentioned in #2315 some docker registries don't support the digest header. This PR falls back to parsing the resulting manifest if the header is present.
Closes#2315
Adds rules to skip any configured grouping or schedules that prevent insecure packages from being updated immediately.
If GitHub's vulnerability alerts are detected, package rules are added to force empty schedule and grouping for each affected package. Settings are configurable via new `vulnerabilityAlerts` config object, e.g. so that custom PR titles, labels or assignees can be configured.
Closes#1567
Adds the library `linkify-markdown` to actively linkify urls, issues and usernames so that they can then be linked to the renovatebot redirector for github.
Adds support for processing www-authenticate Header to obtain a token from the Docker servers. In particular, this enables Artifactory to work (without username/passwords for now). This is backwards-compatible to Docker Hub which issues this header with the current hard-coded URLs.
Adds description if onboarding PR is edited or conflicted. Removes config description if PR has been edited. Adds description of PR rate limiting.
Closes#1317, Closes#1684, Closes#1359
Adds new config option `rollbackPrs` which defaults to `true` (current behaviour). Setting to false will disable creation of rollback PRs - configurable globally, per-language, per-package, etc.
Adds support for .gitlabci.yml files. Part of the logic is same as Docker Compose files, however the “services” list is new/different so requires additional logic.
Closes#1598
Removes custom Docker lookup code and instead integrates it with the generic lookup routine used by other package managers. Logic for digest support was added but is used by Docker-only for now.
Closes#2081, Closes#2276
Previously if there were any “pin” updates then that would block all non-pin updates until the pin one was merged. However, this doesn’t make sense if the other PR is for an unrelated dependency.
Closes https://github.com/renovatebot/config-help/issues/64
Refactors template logic to test for isSingleVersion instead of the negative of isRange. This means that new values like `==1.2.0` in python will be presented as v1.2.0
If an encrypted npmToken is found alongside an unencrypted npmrc in config, then the token will replace any `${NPM_TOKEN}` placeholder found, or be appended to the end of the file. This enables large npmrc files to be defined in config without needing to enrypt the entire thing.
Closes#1796
Renovate now ignores any upgrades that are marked as deprecated, unless the current version is itself also deprecated. The new config option `ignoreDeprecated` can be set to false to disable this if necessary.
Closes#1988
Previously, deprecation warnings were done as part of dependency lookups, which were run concurrently. This meant the chance of duplicate issues was high, due to race conditions. Instead, raising the issues is done once all package are looked up, to ensure only one issue per manager/dependency. It also means we can list all of the affected package files, in case of a monorepo.
Closes#2224, Closes#2225
Refactors updateType logic so that a type of “bump” is returned when bumping versions within existing ranges, instead of minor or major. Updates that fall *outside* the existing range will continue to be labeled as minor or major as appropriate.
This value can now be used within packageRules, e.g.
```
“updateTypes”: [“bump”],
“labels”: [“bumped version only”]
```
Closes#1942
Refactors credentials/token handling to rely less on env variables and instead use an endpoints middleware for credentials handling.
First step towards #2105
When generating a branch’s config, iterate through all upgrades and set automerge=true for the branch only if all upgrades have automerge=true. Similarly, set canBeUnpublished=true if ANY upgrade can be unPublished.
Closes#1999
Manually finds and massages node updates in Docker, Docker Compose and Circle CI so that they should take on the same “renovate/node-8.x” style branch naming. The goal is to unify all node updates into a single branch.
Raises an additional log file warning whenever lock file errors persist for a day or longer. The idea of this is that temporary errors - e.g. caused by npmjs itself - should not disturb the user. 1 day seems like a reasonable time for multiple attemps to be made first, assuming it has been scheduled. Once this is tested in production for a little while and no unexpected problems, it will be converted to actually raise a config warning issue in the repo to get user attention.
If gitAuthor is configured, checks that a PR’s commit matches. If not, it is assumed that someone else force pushed to the repo and we should not rebase it.
Closes#2169
This deprecates branch-push and branch-merge-commit automergeTypes and replaces with “branch”, which has the same behaviour as the previous branch-push.
BREAKING CHANGE: branch-merge-commit automergeType behaviour is no longer supported, all branch automerges now use branch push approach.
For very large repositories, recursing through the entire repo can be very time consuming. Bot admins can now disable file list recursion by setting the env `RENOVATE_DISABLE_FILE_RECURSION=true`. Then only files within the root directory of repositories will be found.
Closes#2172
This fixes a race condition where if someone merged multiple PRs in a row then a renovation-in-progress would get confused and post a “PR has been edited” message to an already-merged PR.
Closes#2115
Adds config options force and forceCli. These cover the use case where a certain setting is desired to be forced by the bot admin, regardless of repository config, for example removing all configured schedules in order to force PR creation.
Closes#1731
This PR adds issue handling functions to the GitLab platform. The implemented functions are `getIssueList`, `ensureIssue` and `ensureIssueClosing` (migrated from GitHub).
Closes#1587
Adds basic support for renovating C# project files. The scope is initially limited to:
- .Csproj only (no VB.NET / F#)
- SDK style csproj's only (this is the default in .net core anyway)
- Limited to nuget.org support (no custom repository support)
Closes#935, Closes#2050
Adds a series of functions related to the commenting aspect of GitLab for the API wrapper. These functions are: `getComments`, `addComment`, `editComment`, `deleteComment`, `ensureComment` and `ensureCommentRemoval`.
Adds range support for composer. Mostly leverages existing npm semver range support, but massages where necessary to support Composer differences.
Closes#2097
This PR adds the feature of commenting on a failed automerge. It's done by adding a conditional in `lib/workers/branch/automerge.js` which, in case of receiving `failure` or `error` from the `getBranchStatus` function, returns the "branch status error" value. Another modification is in `lib/workers/branch/index.js`, which is an adition to the failure response of the `tryBranchAutomerge` function. The added functionality is the ability to add a comment to the PR which had a failure automerging. In case of receiving the aforementioned "branch status error" value, to the comment is appended a note which emphasize the fact that there're multiple failed status checks.
Closes#1934
