Adds support to run Renovate like “renovate owner/repo —dry-run”. Instead of creating branches, PRs or comments, an INFO level dry run message will be logged each time instead.
Closes#1399
Adds support for custom Packagist registries.
- [x] Support dynamic packages.json interface for wpackagist.org
- [x] Support static packages.json for satis
- [x] Support basic auth using hostRules
- [x] Write basic auth to `auth.json`
Closes#2574, Closes#2354
Adds undocumented/experimental “master issue” feature.
Setting `config.masterIssue = true` will result in Renovate opening and maintaining an issue that contains a list of all PRs both pending and open, and allowing some control over them (e.g. bypass schedule, force retry, etc).
Setting `config.masterIssueApproval` in addition will mean that branches are not created automatically and instead await approval in that master issue.
Closes#2595
Adds support for updating go modules (found in go.mod) and the accompanying go.sum checksum files.
Limitations:
- github.com modules only (but supports "redirects" to github e.g. by gopkg.in and golang.org)
- skips major upgrades > v1
- no vendoring support
Closes#933, Closes#2578, Closes#2579
If `followTag` is defined for a package, then Renovate will ignore all other available versions and instead stick strictly to whatever version is defined for the tag. npm-only for now.
Closes#2258
Adds support for renovating git references in `package.json` files. Supports updating semver tags or sha1 references ("commit hashes").
Also includes support for updating git references from *private* GitHub repositories, if the following conditions are met:
- Renovate user/token is authorised to read from the source private repository
- Dependency is written like `git+https://github.com/owner/repo.git#ref` in `package.json`
Closes#415, Closes#817
Defaulting to ‘bundled’ (default behaviour), this option can be changed to ‘global’ if you wish Renovate to use globally installed npm, yarn, pnpm and lerna binaries. Note: composer always uses global regardless.
Adds functionality to force rebase a PR if the label "rebase" is added. Also, the label is configurable via a new `rebaseLabel` config option.
Closes#1406
Previously if grouping, all major/minor updates within that group were combined into one. Instead, we now honour the “separateMajorMinor”, "separateMinorPatch", and "separateMultipleMajor" settings and keep the groups separate if necessary.
For maximum compatibility with existing PRs, we name branches like `renovate/group-name` whenever possible and only name them like `renovate/major-group-name` or `renovate/patch-group-name` if major or patch are found.
Closes#2425
Adds new admin option “skipInstalls” that is applicable for npm-only for now (including lerna-npm). If set to false, Renovate will perform a full install of modules rather than `—package-lock-only`. This is necessary in some cases to work around bugs in npm.
Self-hosted bot users can set this option themselves on the bot’s config, but app users will require it to be enabled per-repository by the app admin.
If the current value is already unstable then we presume the user is happy to take newer unstable versions. However we should not presume that they want to keep jumping versions if so and instead would prefer to stabilise.
Discussed in #2258 but does not close it
Adds field prettyDepType available for templates, currently used for npm only. Allows for PR titles like “Update devDependency left-pad to v1.3.0” instead of default “Update dependency left-pad to v1.3.0”.
To enable in PR titles: add this configuration: `"commitMessageTopic": "{{prettyDepType}} {{depName}}”`
This is not enabled by default as otherwise it could lead to the reopening of previously manually-closed PRs.
Closes#2371, Closes#1863
Adds rules to skip any configured grouping or schedules that prevent insecure packages from being updated immediately.
If GitHub's vulnerability alerts are detected, package rules are added to force empty schedule and grouping for each affected package. Settings are configurable via new `vulnerabilityAlerts` config object, e.g. so that custom PR titles, labels or assignees can be configured.
Closes#1567
Adds the library `linkify-markdown` to actively linkify urls, issues and usernames so that they can then be linked to the renovatebot redirector for github.
