Previously if grouping, all major/minor updates within that group were combined into one. Instead, we now honour the “separateMajorMinor”, "separateMinorPatch", and "separateMultipleMajor" settings and keep the groups separate if necessary.
For maximum compatibility with existing PRs, we name branches like `renovate/group-name` whenever possible and only name them like `renovate/major-group-name` or `renovate/patch-group-name` if major or patch are found.
Closes#2425
Methods to support performing Git operation using filesystem instead of web API. GitHub only and experimental only. Usage: define env variable `RENOVATE_GIT_FS`.
Closes#1925
npm’s —package-lock-only implementation seems to have a bug and produces incorrect lock files when file: references are present. If file: dependencies are detected, skipInstalls is set to false.
Closes#2401
Adds new admin option “skipInstalls” that is applicable for npm-only for now (including lerna-npm). If set to false, Renovate will perform a full install of modules rather than `—package-lock-only`. This is necessary in some cases to work around bugs in npm.
Self-hosted bot users can set this option themselves on the bot’s config, but app users will require it to be enabled per-repository by the app admin.
If the current value is already unstable then we presume the user is happy to take newer unstable versions. However we should not presume that they want to keep jumping versions if so and instead would prefer to stabilise.
Discussed in #2258 but does not close it
Adds field prettyDepType available for templates, currently used for npm only. Allows for PR titles like “Update devDependency left-pad to v1.3.0” instead of default “Update dependency left-pad to v1.3.0”.
To enable in PR titles: add this configuration: `"commitMessageTopic": "{{prettyDepType}} {{depName}}”`
This is not enabled by default as otherwise it could lead to the reopening of previously manually-closed PRs.
Closes#2371, Closes#1863
Adds support for GitHub-hosted presets, using the `github>` prefix. Supports single preset per repository only.
Example:
```json
{
"extends": ["github>renovatebot/renovate"]
}
```
The above would extend the `renovate.json` inside this repository (probably not a good idea, but an example).
Closes#2102, Closes#2312
As mentioned in #2315 some docker registries don't support the digest header. This PR falls back to parsing the resulting manifest if the header is present.
Closes#2315
Adds rules to skip any configured grouping or schedules that prevent insecure packages from being updated immediately.
If GitHub's vulnerability alerts are detected, package rules are added to force empty schedule and grouping for each affected package. Settings are configurable via new `vulnerabilityAlerts` config object, e.g. so that custom PR titles, labels or assignees can be configured.
Closes#1567
Adds the library `linkify-markdown` to actively linkify urls, issues and usernames so that they can then be linked to the renovatebot redirector for github.
Adds support for processing www-authenticate Header to obtain a token from the Docker servers. In particular, this enables Artifactory to work (without username/passwords for now). This is backwards-compatible to Docker Hub which issues this header with the current hard-coded URLs.
