Adds an option “updateLockFiles” which defaults to true. Setting to false means that updating lock files (e.g. package-lock.json, yarn.lock and shrinkwrap.yaml) will be skipped. The main reason for doing this is for repositories that use a dependency we can’t resolve, so that they can keep updating the package.json without lock file.
Upgrade ranges to latest version even if latest version satisfies existing range.
| name | value |
| ------- | ------- |
| type | boolean |
| default | false |
By default, Renovate assumes that if you are using ranges then it's because you want them to be wide/open. As such, Renovate won't deliberately "narrow" the range by increasing the semver value inside.
For example, if your `package.json` specifies a value for `left-pad` of `^1.0.0` and the latest version on npmjs is `1.2.0`, then Renovate won't change anything. If instead you'd prefer to be updated to `^1.2.0` in cases like this, then set `upgradeInRange` to `true` in your Renovate config.
This feature supports simple caret (`^`) and tilde (`~`) ranges only, like `^1.0.0` and `~1.0.0`. It is not compatible with `pinVersions=true`.
Closes#1607
Adds initial support for `.nvmrc` renovation. If the existing value is a fully-specified semver version then it will be upgraded, otherwise left alone.
Closes#1270
A semver range defining allowed versions for dependencies
| name | value |
| ---- | ------ |
| type | string |
Use this - usually within a packageRule - to limit how far to upgrade a dependency. For example, if you wish to upgrade to angular v1.5 but not to `angular` v1.6 or higher, you could defined this to be `<= 1.5` or `< 1.6.0`:
```
"packageRules": [{
"packageNames": ["angular"],
"allowedVersions": "<=1.5"
}]
```
Adds configuration option `onboardingConfig` that allows the default onboarding config to be extended or replaced via `config.js` or env configuration.
Closes#1521
Adds support for upgrading `node` version in `package.json` > `engines` if the current version is pinned.
- Does not convert from range to pin
- Ignores ranges
- Does not upgrade major versions
Adds a new feature to limit the number of concurrent branches/PRs to have open at any one time. Defaults to 0 (disabled), set it to a positive integer to enforce that limit.
Adds a `renovate/verify` status check for those migrating and looking for familiarity. Better to check the GPG verified commit, as mentioned in the associated doc.
Adds a config option to bot administrators called `exposeEnv`, for cases where repositories are trusted. If set to true, the bot's full `process.env` can be used for `.npmrc` variable substitution and is passed to child processes when generating lock files. Disabled by default, including in the App.
Adds new config option `versionStrategy` that allows config to override Renovate’s autodetection of when to “widen” an existing semver range, and when to “replace”.
Adds a new configuration option that allows you to bump the version number in the package.json being updated. e.g. you might configure Renovate to bump a patch every time, or maybe for dependencies only and not devDependencies. e.g. if you configure `"bumpVersion": "patch"` then a Renovate PR updating a `package.json` that used to be version `1.2.1` will now see it updated to `1.2.2` (in addition to the dependency version(s) being updated too). Thanks to @gunar for the feature suggestion.
Closes#861
This PR adds the capability to renovate more than one base branch at a time. For instance, a project may have their released `3.x` version on `master`, while an upcoming `4.x` is being prepared using branch `next`. `4.x` might have a quite different set of dependencies (e.g. some removed or some added) so it's not appropriate to only target `master` and keep rebasing, as it will get messy. Instead, it's necessary to target both `master` and `next` to keep both updated.
Closes#1279
Adds new configuration option “pathRules”. pathRules is an array of path rules. Each rule should contain a “paths” array which uses string or glob matching like the existing ignorePaths. If any of the paths in a rule matches a packageFile then the remaining configuration from the rule is applied to the packageFile.
This PR adds new checks that:
- Website configuration options are listed in alphabetical order
- Every relevant configuration option in source code is documented on the website
Website docs have been updated accordingly to pass.
Closes#543, Closes#1310
To prevent PRs being opened prior to the `unpublishSafe` check having
transitioned from `pending` to `success`, when using `not-pending`
mode.
Fixes#1312.
This reverts commit 4f65356ba4.
I will attempt to merge npmrc configs a different way, as npm itself does not support merging cascaded configs (it finds the most specific one and just uses it).
This PR adds the capability to run Renovate in a new "fork mode". This new mode must be configured by the Renovate admin, and cannot be configured within repositories themselves (for now). Example use: `renovate --autodiscover --fork-mode`
In this mode:
* Renovate will fork the repository if necessary (first run only)
* If the fork already existed, Renovate will ensure that its base branch is up to date with the source repository's
* Branches will be created within the fork, PRs will be created in the source
This feature enables signing of git commits on GitHub. To achieve this, Renovate must be configured with a gitPrivateKey in format supported by openpgp. There must also be a gitAuthor configured to enable this feature.
Closes#897
This PR adds the capability to specify a custom author for git commits on GitHub. Setting this field will mean GitHub uses this value for author and commit instead of the token’s identity. For instance if you are running hosted mode you may set the gitAuthor to “Renovate Bot <bot@renovate.com>” to have commits appear as coming from the renovate-bot account.
This PR adds support for bazel WORKSPACE package files, as suggested https://github.com/alexeagle/angular-bazel-example/issues/17#issuecomment-349167982
Renovate will:
1. Detect `WORKSPACE` files anywhere in the repository
2. Look for all `git_repository()` sections in the file
3. Extract any dependencies with name, remote and tag values
4. Look up any dependencies that (a) have a github https remote, and (b) a valid semver as tag
5. Update the tag to the latest available
This PR adds support for renovating the `node_js` versions in `.travis.yml` configuration files. Important notes:
- Functionality is disabled by default and hence opt-in via configuration
- Added a new manager type `node` because it is anticipated to support more than just Travis in future, with mostly unified logic
- Added the config option "policy" with supported values: lts, active, current, lts_latest and lts_active
- Policy is actually an array, to allow additive combining, e.g. `["lts_latest", "current"]`
- Actual node versions are *hardcoded*. There is no perfect metadata source for this and they change infrequently enough that it is definitely not a problem for now (next change will be in April 2018)
- If node versions need updating, they are listed from newest to oldest
- Replacing function attempts to detect the indention (spacing) in file and use that
To enable, configure `node.enabled=true` and optionally `node.policy=["<policy>"]` if you want something other than `lts`.
Closes#1208
If we have in a package.json links to some local lib file:../path/to/folder
Then the local lib package.json will be copied to the tmp folder to be able to generate the right yarn lock file. This is not working with tgz files, only folder reference.
Closes#1215
