.devcontainer/Dockerfile

-FROM containerbase/node:14.17.6@sha256:449af722795fbfec2c8ee00724fea3b1b5a4bbd7bdfecfaf783fa746be48ba19
+FROM containerbase/node:14.18.3@sha256:bac890a8a240489b42b45cdde56268652a925e2e52f26e15142a44f42f444153
 
 
 # renovate: datasource=npm
-RUN install-tool yarn 1.22.11
+RUN install-tool yarn 1.22.17

.devcontainer/devcontainer.json

@@ -9,5 +9,11 @@
     "esbenp.prettier-vscode",
     "orta.vscode-jest"
   ],
+  "runArgs": [
+    "--cap-add=SYS_PTRACE",
+    "--security-opt",
+    "seccomp=unconfined",
+    "--privileged"
+  ],
   "postCreateCommand": "yarn install"
 }

.eslintignore

@@ -11,8 +11,10 @@ coverage
 **/*.d.ts
 /config.js
 .clinic/
+.cache/
 
 # generated code
 **/*.generated.ts
 /tools/dist
 /patches
+tmp/

.eslintrc.js

@@ -3,16 +3,15 @@ module.exports = {
   env: {
     node: true,
   },
-  plugins: ['@renovate'],
+  plugins: ['@renovate', 'typescript-enum'],
   extends: [
-    'airbnb-typescript/base',
+    'eslint:recommended',
     'plugin:import/errors',
     'plugin:import/warnings',
     'plugin:import/typescript',
     'plugin:jest/recommended',
     'plugin:jest/style',
     // https://github.com/typescript-eslint/typescript-eslint/tree/master/packages/eslint-plugin/src/configs
-    'plugin:@typescript-eslint/eslint-recommended',
     'plugin:@typescript-eslint/recommended',
     'plugin:@typescript-eslint/recommended-requiring-type-checking',
     'plugin:promise/recommended',
@@ -29,20 +28,25 @@ module.exports = {
      * checks done by typescript.
      *
      * https://github.com/typescript-eslint/typescript-eslint/blob/master/docs/getting-started/linting/FAQ.md#eslint-plugin-import
+     * required for esm check
      */
-    'import/default': 0,
-    'import/named': 0,
-    'import/namespace': 0,
+    'import/default': 2,
+    'import/named': 2,
+    'import/namespace': 2,
     'import/no-named-as-default-member': 0,
+    'import/no-extraneous-dependencies': [
+      'error',
+      { devDependencies: ['test/**/*', '**/*.spec.ts'] },
+    ],
+    'import/prefer-default-export': 0, // no benefit
 
     // other rules
-    'import/prefer-default-export': 0, // no benefit
-    'no-restricted-syntax': 0,
-    'no-await-in-loop': 0,
-    'prefer-destructuring': 0,
-    'prefer-template': 0,
-    'no-underscore-dangle': 0,
+    'consistent-return': 'error',
+    eqeqeq: 'error',
+    'no-console': 'error',
     'no-negated-condition': 'error',
+    'no-param-reassign': 'error',
+    'no-template-curly-in-string': 'error',
     'sort-imports': [
       'error',
       {
@@ -65,7 +69,8 @@ module.exports = {
     ],
 
     // disallow direct `nock` module usage as it causes memory issues.
-    'no-restricted-imports': [2, { paths: ['nock'] }],
+    // disallow `parse-link-header` to allow override ENV https://github.com/thlorenz/parse-link-header#environmental-variables
+    'no-restricted-imports': [2, { paths: ['nock', 'parse-link-header'] }],
 
     // Makes no sense to allow type inference for expression parameters, but require typing the response
     '@typescript-eslint/explicit-function-return-type': [
@@ -95,6 +100,7 @@ module.exports = {
     // TODO: fix me
     '@typescript-eslint/no-unsafe-return': 0,
     '@typescript-eslint/no-unsafe-call': 0,
+    '@typescript-eslint/no-unsafe-argument': 0, // thousands of errors :-/
 
     '@typescript-eslint/restrict-template-expressions': [
       1,
@@ -102,24 +108,44 @@ module.exports = {
     ],
     '@typescript-eslint/restrict-plus-operands': 2,
 
-    '@typescript-eslint/naming-convention': 2,
+    '@typescript-eslint/naming-convention': [
+      2,
+      {
+        selector: 'enumMember',
+        format: ['PascalCase'],
+      },
+    ],
 
     '@typescript-eslint/unbound-method': 2,
     '@typescript-eslint/ban-types': 2,
     '@renovate/jest-root-describe': 2,
+
+    'typescript-enum/no-const-enum': 2,
+    'typescript-enum/no-enum': 2,
   },
   settings: {
     'import/parsers': {
       '@typescript-eslint/parser': ['.ts'],
     },
+    'import/resolver': {
+      typescript: {
+        alwaysTryTypes: true, // always try to resolve types under `<root>@types` directory even it doesn't contain any source code, like `@types/unist`
+        project: 'tsconfig.lint.json',
+      },
+    },
   },
   overrides: [
+    {
+      // files to check, so no `--ext` is required
+      files: ['**/*.{js,mjs,cjs,ts}'],
+    },
     {
       files: ['**/*.spec.ts', 'test/**'],
       env: {
         jest: true,
       },
       rules: {
+        'no-template-curly-in-string': 0,
         'prefer-destructuring': 0,
         'prefer-promise-reject-errors': 0,
         'import/no-dynamic-require': 0,
@@ -136,7 +162,7 @@ module.exports = {
       },
     },
     {
-      files: ['**/*.{js,mjs}'],
+      files: ['**/*.{js,mjs,cjs}'],
 
       rules: {
         '@typescript-eslint/explicit-function-return-type': 0,
@@ -145,7 +171,7 @@ module.exports = {
       },
     },
     {
-      files: ['tools/**/*.{ts,js,mjs}'],
+      files: ['tools/**/*.{ts,js,mjs,cjs}'],
       env: {
         node: true,
       },
@@ -157,7 +183,7 @@ module.exports = {
       },
     },
     {
-      files: ['tools/**/*.js'],
+      files: ['tools/**/*.{js,cjs}', 'bin/*.{js,cjs}'],
       rules: {
         // need commonjs
         '@typescript-eslint/no-var-requires': 'off',

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -12,6 +12,13 @@ body:
     validations:
       required: true
 
+  - type: input
+    id: renovate-version-if-selfhosting
+    attributes:
+      label: If you're self-hosting Renovate, tell us what version of Renovate you run.
+    validations:
+      required: false
+
   - type: dropdown
     id: platform-select
     attributes:
@@ -30,17 +37,27 @@ body:
       required: false
 
   - type: input
-    id: renovate-version-if-selfhosting
+    id: platform-version-if-selfhosting
     attributes:
-      label: If you're self-hosting Renovate, tell us what version of Renovate you run.
+      label: If you're self-hosting Renovate, tell us what version of the platform you run.
     validations:
       required: false
 
+  - type: dropdown
+    id: regression-error
+    attributes:
+      label: Was this something which used to work for you, and then stopped?
+      options:
+        - 'It used to work, and then stopped'
+        - 'I never saw this working'
+    validations:
+      required: true
+
   - type: textarea
     id: describe-bug
     attributes:
       label: Describe the bug
-      description: 'Do not report any security concerns here. Email renovate-disclosure@whitesourcesoftware.com instead.'
+      description: 'Do not report any security concerns here. Email [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com) instead.'
     validations:
       required: true
 

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -24,6 +24,7 @@ body:
       label: Is this a feature you are interested in implementing yourself?
       options:
         - 'Yes'
+        - 'Maybe'
         - 'No'
     validations:
       required: true

.github/auto-cancel-actions.yml

-version: 1
-push:
-  branches:
-    - '!main'
-pull_request:

.github/contributing.md

@@ -37,6 +37,25 @@ Force pushing a PR is OK when:
 - you need to make large changes on a PR which require a full review anyway
 - you need to bring the branch up-to-date with the target branch and incorporating the changes is more work than to create a new PR
 
+## Apply maintainer provided review suggestions
+
+Maintainers can suggest changes while reviewing your pull request, please follow these steps to apply them:
+
+1. Batch the suggestions into a logical group by clicking on the **Add suggestion to batch** button
+2. Click on the **Commit suggestions** button
+
+Read the [GitHub docs, Applying suggested changes](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request#applying-suggested-changes) to learn more.
+
+## Resolve review comments instead of commenting
+
+A maintainer/contributor can ask you to make changes, without providing a suggestion that you can apply.
+In this case you need to do some work yourself to address the feedback.
+
+Once you've done the work, resolve the conversation by clicking on the **Resolve conversation** button in the PR overview.
+Avoid posting comments like "I've done the work", or "Done".
+
+Read the [GitHub Docs, resolving conversations](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request#resolving-conversations) to learn more.
+
 ## Re-requesting a review
 
 Please do not ping your reviewer(s) by mentioning them in a new comment.

.github/workflows/build-pr.yml

-name: build-pr
-
-on:
-  pull_request:
-
-env:
-  NODE_VERSION: 14
-  PYTHON_VERSION: 3.9
-  SKIP_JAVA_TESTS: true
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    # tests shouldn't need more time
-    timeout-minutes: 30
-
-    steps:
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
-        with:
-          fetch-depth: 2
-
-      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@25316bbc1f10ac9d8798711f44914b1cf3c4e954 # renovate: tag=v2.4.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: yarn
-
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@dc73133d4da04e56a135ae2246682783cc7c7cb6 # renovate: tag=v2.2.2
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Init platform
-        shell: bash
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.symlinks true
-          git config --global user.email 'renovate@whitesourcesoftware.com'
-          git config --global user.name  'Renovate Bot'
-          npm config set scripts-prepend-node-path true
-          git --version
-          echo "Node $(node --version)"
-          python --version
-          echo "Yarn $(yarn --version)"
-
-      - name: Installing dependencies
-        run: yarn install --frozen-lockfile
-
-      - name: Unit tests
-        run: yarn jest --maxWorkers=2 --ci
-
-      - name: Codecov
-        uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # renovate: tag=v2.1.0
-        if: always()
-
-      # build after tests to exclude files
-      - name: Build
-        run: yarn build
-
-      - name: E2E Test
-        run: yarn test-e2e
-
-  lint:
-    runs-on: ubuntu-latest
-
-    # lint shouldn't need more than 10 min
-    timeout-minutes: 15
-
-    steps:
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
-        with:
-          fetch-depth: 2
-
-      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@25316bbc1f10ac9d8798711f44914b1cf3c4e954 # renovate: tag=v2.4.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: yarn
-
-      - name: Init platform
-        run: |
-          git config --global core.autocrlf false
-          git config --global core.symlinks true
-          git config --global user.email 'renovate@whitesourcesoftware.com'
-          git config --global user.name  'Renovate Bot'
-          npm config set scripts-prepend-node-path true
-          echo "Node $(node --version)"
-          echo "Yarn $(yarn --version)"
-
-      - name: Installing dependencies
-        run: yarn install --frozen-lockfile
-
-      - name: Lint
-        run: |
-          yarn ls-lint
-          yarn eslint -f gha
-          yarn prettier
-          yarn markdown-lint
-          yarn git-check
-
-      - name: Test schema
-        run: yarn test-schema
-
-      - name: Type check
-        run: yarn type-check

.github/workflows/build.yml

@@ -6,6 +6,8 @@ on:
       - main
       - v25
 
+  pull_request:
+
   workflow_dispatch:
     inputs:
       dryRun:
@@ -13,6 +15,10 @@ on:
         default: 'true'
         required: false
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
+  cancel-in-progress: true
+
 env:
   # Currently no way to detect automatically (#8153)
   DEFAULT_BRANCH: main
@@ -21,6 +27,7 @@ env:
 
 jobs:
   test:
+    name: ${{ matrix.node-version == 14 && format('test ({0})', matrix.os) || format('test ({0}, node-{1})', matrix.os, matrix.node-version) }}
     runs-on: ${{ matrix.os }}
 
     # tests shouldn't need more time
@@ -28,46 +35,48 @@ jobs:
 
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-11, windows-latest]
-        node-version: [14]
-        python-version: [3.9]
+        os: [ubuntu-latest]
+        node-version: [14, 16]
         java-version: [11]
+        # skip macOS and Windows test on pull requests without 'ci:fulltest' label
+        include: >-
+          ${{ fromJSON((github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) && '[{
+            "os": "macos-latest",
+            "node-version": 14,
+            "java-version": 11
+          }, {
+            "os": "windows-latest",
+            "node-version": 14,
+            "java-version": 11
+          }]' || '[]') }}
 
     env:
-      coverage: ${{ matrix.os == 'ubuntu-latest' && matrix.node-version == 14 }}
+      coverage: ${{ matrix.os == 'ubuntu-latest' && (matrix.node-version == 14 || matrix.node-version == 16) }}
       NODE_VERSION: ${{ matrix.node-version }}
-      PYTHON_VERSION: ${{ matrix.python-version }}
       JAVA_VERSION: ${{ matrix.java-version }}
+      # skip Java tests on pull requests without 'ci:fulltest' label
+      SKIP_JAVA_TESTS: ${{ matrix.node-version != 14 || (github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) }}
 
     steps:
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
         with:
           fetch-depth: 2
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@25316bbc1f10ac9d8798711f44914b1cf3c4e954 # renovate: tag=v2.4.0
+        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
 
-      - name: Set up Python ${{ env.PYTHON_VERSION }}
-        uses: actions/setup-python@dc73133d4da04e56a135ae2246682783cc7c7cb6 # renovate: tag=v2.2.2
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
       - name: Set up Java  ${{ env.JAVA_VERSION }}
-        if: env.NODE_VERSION == '14'
-        uses: actions/setup-java@3bc31aaf88e8fc94dc1e632d48af61be5ca8721c # renovate: tag=v2.3.0
+        if: env.SKIP_JAVA_TESTS == 'false'
+        uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf # renovate: tag=v2.5.0
         with:
           java-version: ${{ env.JAVA_VERSION }}
           distribution: 'adopt'
           java-package: jre
           check-latest: false
 
-      - name: Skip Java tests
-        if: env.NODE_VERSION != '14'
-        run: echo "SKIP_JAVA_TESTS=true" >> $GITHUB_ENV
-
       - name: Init platform
         shell: bash
         run: |
@@ -78,12 +87,15 @@ jobs:
           npm config set scripts-prepend-node-path true
           git --version
           echo "Node $(node --version)"
-          python --version
           echo "Yarn $(yarn --version)"
 
       - name: Installing dependencies
         run: yarn install --frozen-lockfile
 
+      # build before tests to for static file check
+      - name: Build
+        run: yarn build
+
       - name: Unit tests
         run: yarn jest --maxWorkers=2 --ci --coverage ${{ env.coverage }}
 
@@ -91,11 +103,6 @@ jobs:
         uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # renovate: tag=v2.1.0
         if: always() && env.coverage == 'true'
 
-      # build after tests to exclude build files from tests
-      # TODO: check if build before test speeds up tests
-      - name: Build
-        run: yarn build
-
       - name: E2E Test
         run: yarn test-e2e
 
@@ -106,12 +113,12 @@ jobs:
     timeout-minutes: 15
 
     steps:
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
         with:
           fetch-depth: 2
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@25316bbc1f10ac9d8798711f44914b1cf3c4e954 # renovate: tag=v2.4.0
+        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
@@ -136,6 +143,7 @@ jobs:
           yarn prettier
           yarn markdown-lint
           yarn git-check
+          yarn doc-fence-check
 
       - name: Test schema
         run: yarn test-schema
@@ -143,20 +151,24 @@ jobs:
       - name: Type check
         run: yarn type-check
 
+      - name: Null check
+        run: yarn null-check
+
   release:
     needs: [lint, test]
+    if: github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     # release shouldn't need more than 5 min
     timeout-minutes: 15
 
     steps:
       # full checkout for semantic-release
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
         with:
           fetch-depth: 0
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@25316bbc1f10ac9d8798711f44914b1cf3c4e954 # renovate: tag=v2.4.0
+        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
@@ -191,3 +203,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Upload docs
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # renovate: tag=v2.3.1
+        with:
+          name: docs
+          path: tmp/docs/

.github/workflows/codeql-analysis.yml

@@ -22,11 +22,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4854dd23d5f2aada3f026670784d5109e7702ea9 # renovate: tag=v1.0.14
+        uses: github/codeql-action/init@8b37404d562d866ad6a65d0ecb4fa5131e047ca4 # renovate: tag=v1.0.30
         with:
           config-file: ./.github/codeql/codeql-config.yml
 
@@ -36,7 +36,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@4854dd23d5f2aada3f026670784d5109e7702ea9 # renovate: tag=v1.0.14
+        uses: github/codeql-action/autobuild@8b37404d562d866ad6a65d0ecb4fa5131e047ca4 # renovate: tag=v1.0.30
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -50,4 +50,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4854dd23d5f2aada3f026670784d5109e7702ea9 # renovate: tag=v1.0.14
+        uses: github/codeql-action/analyze@8b37404d562d866ad6a65d0ecb4fa5131e047ca4 # renovate: tag=v1.0.30

.github/workflows/label-actions.yml

@@ -3,16 +3,19 @@ name: 'Label Actions'
 on:
   issues:
     types: [labeled]
+  discussion:
+    types: [labeled]
 
 permissions:
   contents: read
   issues: write
+  discussions: write
 
 jobs:
   reaction:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/label-actions@201c706f66d13baf871b4af784bbdb7555e983b4 # renovate: tag=v2.1.3
+      - uses: dessant/label-actions@93ea5ec1d65e6a21427a1571a18a5b8861206b0b # renovate: tag=v2.2.0
         with:
           github-token: ${{ github.token }}
-          process-only: 'issues'
+          process-only: 'issues, discussions'

.github/workflows/lock.yml

@@ -12,13 +12,17 @@ permissions:
   issues: write
   pull-requests: write
 
+# Ensure only one lock action can run at a time
+concurrency:
+  group: lock
+
 jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@f1a42f0f44eb83361d617a014663e1a76cf282d2 # renovate: tag=v2.1.2
+      - uses: dessant/lock-threads@e460dfeb36e731f3aeb214be6b0c9a9d9a67eda6 # renovate: tag=v3.0.0
         if: github.repository == 'renovatebot/renovate'
         with:
           github-token: ${{ github.token }}
-          issue-lock-inactive-days: 30
-          pr-lock-inactive-days: 30
+          issue-inactive-days: 30
+          pr-inactive-days: 30

.github/workflows/release-npm.yml

@@ -35,12 +35,12 @@ jobs:
             echo "NPM_TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
           fi
 
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
         with:
           ref: ${{ env.GIT_SHA }}
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@25316bbc1f10ac9d8798711f44914b1cf3c4e954 # renovate: tag=v2.4.0
+        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn

.github/workflows/stale-action.yml

@@ -9,7 +9,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@cdf15f641adb27a71842045a94023bef6945e3aa # renovate: tag=v4.0.0
+      - uses: actions/stale@7fb802b3079a276cf3c7e6ba9aa003c665b3f838 # renovate: tag=v4.1.0
         with:
           # Rate limit per run, (defaults to 30, but we've increased it to 40 for now).
           operations-per-run: 40

.github/workflows/ws_scan.yaml

@@ -8,10 +8,10 @@ jobs:
   WS_SCAN:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # renovate: tag=v2.3.4
+      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
 
       - name: Download UA
         run: curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
 
       - name: Run UA scan
-        run: java -jar wss-unified-agent.jar -d $GITHUB_WORKSPACE -noConfig true -apiKey ${{ secrets.WS_ORG_TOKEN }} -product W4D -project "Renovate OS - main" -resolveAllDependencies false -npm_resolveDependencies true
+        run: java -jar wss-unified-agent.jar -d $GITHUB_WORKSPACE -noConfig true -apiKey ${{ secrets.WS_ORG_TOKEN }} -product W4D -project "Renovate OS - main" -resolveAllDependencies false -npm_resolveDependencies true || true

.ls-lint.yml

@@ -17,3 +17,4 @@ ignore:
   - node_modules
   - SECURITY.md
   - test/e2e/node_modules
+  - tmp

.markdownlint-cli2.jsonc

@@ -13,5 +13,5 @@
   "globs": ["**/*.md"],
 
   // Define glob expressions to ignore
-  "ignores": ["**/__fixtures__/*", "**/node_modules/**"]
+  "ignores": ["**/__fixtures__/*", "**/node_modules/**", "./tmp/**/*"]
 }

.prettierignore

@@ -18,3 +18,4 @@ bin/yarn*
 **/*.generated.ts
 /tools/dist
 /patches
+**/tmp/

.releaserc

@@ -5,14 +5,21 @@
     [
       "@semantic-release/github",
       {
-        "releasedLabels": false
+        "releasedLabels": false,
+        "assets": [
+          {
+            "path": "tmp/docs.tgz",
+            "label": "docs.tgz"
+          }
+        ]
       }
     ],
     [
       "@semantic-release/exec",
       {
         "verifyConditionsCmd": "run-s verify",
-        "publishCmd": "run-s \"release -- {@}\" -- --release=${nextRelease.version} --sha=${nextRelease.gitHead} --tag=${nextRelease.channel}"
+        "prepareCmd": "run-s \"release:prepare -- {@}\" -- --release=${nextRelease.version} --sha=${nextRelease.gitHead} --tag=${nextRelease.channel}",
+        "publishCmd": "run-s \"release:publish -- {@}\" -- --release=${nextRelease.version} --sha=${nextRelease.gitHead} --tag=${nextRelease.channel}"
       }
     ]
   ],