`Adds a config validation check for timezone, checking it against the list in moment-timezome.js`. Configs with invalid timezones will raise a configuration error.
Closes#1483
Upgrade ranges to latest version even if latest version satisfies existing range.
| name | value |
| ------- | ------- |
| type | boolean |
| default | false |
By default, Renovate assumes that if you are using ranges then it's because you want them to be wide/open. As such, Renovate won't deliberately "narrow" the range by increasing the semver value inside.
For example, if your `package.json` specifies a value for `left-pad` of `^1.0.0` and the latest version on npmjs is `1.2.0`, then Renovate won't change anything. If instead you'd prefer to be updated to `^1.2.0` in cases like this, then set `upgradeInRange` to `true` in your Renovate config.
This feature supports simple caret (`^`) and tilde (`~`) ranges only, like `^1.0.0` and `~1.0.0`. It is not compatible with `pinVersions=true`.
Closes#1607
Adds initial support for `.nvmrc` renovation. If the existing value is a fully-specified semver version then it will be upgraded, otherwise left alone.
Closes#1270
A semver range defining allowed versions for dependencies
| name | value |
| ---- | ------ |
| type | string |
Use this - usually within a packageRule - to limit how far to upgrade a dependency. For example, if you wish to upgrade to angular v1.5 but not to `angular` v1.6 or higher, you could defined this to be `<= 1.5` or `< 1.6.0`:
```
"packageRules": [{
"packageNames": ["angular"],
"allowedVersions": "<=1.5"
}]
```
in GitLab, a PR may be open while the branch itself has been removed. We cant just assume that the branch exists because the PR does, even if it’s an edge case.
Before, we were attempting to rebase edited branches if renovate.json was the only modified file. This “lost” the committer information - which seemed ok - but it also meant that on the subsequent run it then assumed Renovate was the only committer. Now we don’t rebase edited onboarding branches anymore.
Closes#1360
Adds configuration option `onboardingConfig` that allows the default onboarding config to be extended or replaced via `config.js` or env configuration.
Closes#1521
* Revert "fix: disable reusing existing package-lock.json when upgrading (#1530)"
This reverts commit 2728e39963.
* switch from —package-lock-only to —ignore-scripts
Removing `--package-lock-only` option from npm installs due to https://github.com/npm/npm/issues/19852
Pretty sure this fixes#1495
Adds support for upgrading `node` version in `package.json` > `engines` if the current version is pinned.
- Does not convert from range to pin
- Ignores ranges
- Does not upgrade major versions
Allow the `gitAuthor` configuration option to override the committer
property when creating or updating a file within GitLab. Port of #1280
which introduced the same capability for GitHub.
Closes#1281
Signed-off-by: Adam Moss <adam.moss@bcs.org.uk>
Adds support for running `lerna bootstrap` instead of `npm install` or `yarn install` (without Workspaces), hence allowing support of internally-linked dependencies.
Closes#1441, Closes#1443
Previously, our GitLab API library was checking if a a branch existed first before trying to create it. But due to caching, a branch we'd deleted ourselves still showed up as existing, so then there was no branch to update the files in. Skip this check and use try/catch for creating branch instead.
Fixes#1468
Detects and embeds release notes found on GitHub when an npm dependency specifies a GitHub repository as its source and that repository has made use of the "Releases" feature.
If a dependency has name starting with `@types/` and no repository url returned from the npmjs query, we manually set a URL pointing to the DefinitelyTyped repository.
Adds a new feature to limit the number of concurrent branches/PRs to have open at any one time. Defaults to 0 (disabled), set it to a positive integer to enforce that limit.
If a packageRule is missing packageNames AND missing packagePatterns, then we should match by default. This allows users to define a single “exclude” rule without needing to add a catchall include rule (e.g. `packagePatterns”: [“.*”]`)
When package-lock.json or yarn.lock files are present, and Renovate needs to “pin” any dependencies (e.g. after onboarding), it will use whatever version is in the lockfile rather than the latest version on npm js that satisfies the semver range. This should increase the chance that Pin Dependencies PRs pass tests, as it should use as close as possible dependencies as the previous time the lock file was committed to master. Thanks to @alexeagle for first suggesting this.
Closes#1362
Adds a `renovate/verify` status check for those migrating and looking for familiarity. Better to check the GPG verified commit, as mentioned in the associated doc.
Adds a config option to bot administrators called `exposeEnv`, for cases where repositories are trusted. If set to true, the bot's full `process.env` can be used for `.npmrc` variable substitution and is passed to child processes when generating lock files. Disabled by default, including in the App.
Adds new config option `versionStrategy` that allows config to override Renovate’s autodetection of when to “widen” an existing semver range, and when to “replace”.
Adds support for ranges, such as `”1.x - 2.x”`. Adds support for widening .x ranges, e.g. `”1.x || 2.x”` becomes updated to `”1.x || 2.x || 3.x”`.
Closes#687
Adds support for "less than" semver, and for complex semver values that end in "less than" e.g. ">= 1.0.0 < 2.0.0". Also supports complex semver values that end in "less than or equal to", although they make a lot less sense, e.g. ">= 1.0.0 <= 2.0.0".
Closes#1433
Changes the way Renovate treats renovate config inside `package.json` files. Before, config used to be applied only to that particular file, meaning that it was not applied for the rest of a monorepo, or for other package managers like Docker. Now, any `renovate` section inside the repository’s root `package.json` will be applied globally, just the sams as if it were contained within a `renovate.json` file. This means there is no longer any case where you *must* have a `renovate.json` file instead of `package.json`.
Closes#1323
BREAKING CHANGE: renovate config in `./package.json` is now applied to whole repository, and renovate config inside non-root `package.json` files is now ignored.
Renovate now aborts processing of repositories if for any 4xx responses except 401 and 404, and also for 200 OK responses which are unparseable.
Closes#1341
Adds a new configuration option that allows you to bump the version number in the package.json being updated. e.g. you might configure Renovate to bump a patch every time, or maybe for dependencies only and not devDependencies. e.g. if you configure `"bumpVersion": "patch"` then a Renovate PR updating a `package.json` that used to be version `1.2.1` will now see it updated to `1.2.2` (in addition to the dependency version(s) being updated too). Thanks to @gunar for the feature suggestion.
Closes#861
This PR adds the capability to renovate more than one base branch at a time. For instance, a project may have their released `3.x` version on `master`, while an upcoming `4.x` is being prepared using branch `next`. `4.x` might have a quite different set of dependencies (e.g. some removed or some added) so it's not appropriate to only target `master` and keep rebasing, as it will get messy. Instead, it's necessary to target both `master` and `next` to keep both updated.
Closes#1279
By stripping ‘types/ from the branch name, package x and @types/x then become automatically combined in the same PR. We then massage it a little to ensure the decription for the non-types package is used, and a note added saying that types is included.
Closes#1365
commit 7e15d3d488c927df2f11f728f35d493e2821477d
Author: Rhys Arkins <rhys@arkins.net>
Date: Wed Jan 10 14:26:44 2018 +0100
Revert "refactor: use _auth= when migrating npm tokens"
This reverts commit 4a2fdd0477.
Adds new configuration option “pathRules”. pathRules is an array of path rules. Each rule should contain a “paths” array which uses string or glob matching like the existing ignorePaths. If any of the paths in a rule matches a packageFile then the remaining configuration from the rule is applied to the packageFile.
Previously, Renovate would attempt to keep a branch up to date even if users had edited it. e.g. adding commits on top of the existing branch if newer versions were released. Now, Renovate adds a warning comment if a user has edited a branch, making it clear that responsibility for the branch is over to them and how they can undo this.
Closes#653
When 404 or 422 errors are encountered writing updates, Renovate will now restart in an attempt to fix it. Usually this is because branches/PRs have been edited or closed while Renovate is running.
Closes#1299
This PR adds new checks that:
- Website configuration options are listed in alphabetical order
- Every relevant configuration option in source code is documented on the website
Website docs have been updated accordingly to pass.
Closes#543, Closes#1310
