.devcontainer/Dockerfile

-FROM containerbase/node:14.19.3@sha256:c0625aee5e86099a4680ba316a9b82d9988a1b6494009e2a9ad1fabb368d5c69
+FROM containerbase/node:14.20.1@sha256:e275fb819c433373dbcdd7e7fc7c4fbdf6a08880e66eb9617ff311b6766e6a2c
 
 USER root
 
 # renovate: datasource=npm
-RUN install-tool yarn 1.22.18
+RUN install-tool yarn 1.22.19

.devcontainer/devcontainer.json

@@ -8,7 +8,8 @@
   "extensions": [
     "dbaeumer.vscode-eslint",
     "esbenp.prettier-vscode",
-    "orta.vscode-jest"
+    "orta.vscode-jest",
+    "EditorConfig.editorconfig"
   ],
   "runArgs": [
     "--cap-add=SYS_PTRACE",

.eslintrc.js

@@ -71,11 +71,17 @@ module.exports = {
 
     // disallow direct `nock` module usage as it causes memory issues.
     // disallow `parse-link-header` to allow override ENV https://github.com/thlorenz/parse-link-header#environmental-variables
+    // disallow `path` in favor of `upath`
     'no-restricted-imports': [
       2,
       { paths: ['nock', 'parse-link-header', 'path'] },
     ],
 
+    '@typescript-eslint/consistent-type-assertions': [
+      'error',
+      { assertionStyle: 'as', objectLiteralTypeAssertions: 'allow' },
+    ],
+
     // Makes no sense to allow type inference for expression parameters, but require typing the response
     '@typescript-eslint/explicit-function-return-type': [
       'error',
@@ -91,7 +97,7 @@ module.exports = {
       {
         vars: 'all',
         args: 'none',
-        ignoreRestSiblings: false,
+        ignoreRestSiblings: true,
       },
     ],
     '@typescript-eslint/prefer-optional-chain': 2,
@@ -108,7 +114,7 @@ module.exports = {
     '@typescript-eslint/no-unsafe-argument': 0, // thousands of errors :-/
 
     '@typescript-eslint/restrict-template-expressions': [
-      1,
+      2,
       { allowNumber: true, allowBoolean: true },
     ],
     '@typescript-eslint/restrict-plus-operands': 2,
@@ -127,6 +133,13 @@ module.exports = {
 
     'typescript-enum/no-const-enum': 2,
     'typescript-enum/no-enum': 2,
+    'object-shorthand': [
+      'error',
+      'always',
+      {
+        avoidQuotes: true,
+      },
+    ],
   },
   settings: {
     'import/parsers': {

.github/CODEOWNERS

-*.md                                   @HonkingGoose
-
 /lib/modules/manager/git-submodules/           @JamieMagee
 
 /lib/modules/platform/azure/                   @JamieMagee
-/lib/modules/platform/gitea/                   @ppmathis

.github/ISSUE_TEMPLATE/bug_report.yml

 name: Bug report
-description: You've found a bug with Renovate.
+description: Confirmed bugs only. If in doubt, create a Discussion instead.
 labels: ['type:bug', 'status:requirements', 'priority-5-triage']
 body:
   - type: markdown
@@ -29,7 +29,7 @@ body:
   - type: dropdown
     id: platform-select
     attributes:
-      label: Please select which platform you are using if self-hosting.
+      label: If you're self-hosting Renovate, select which platform you are using.
       options:
         - 'Azure DevOps (dev.azure.com)'
         - 'Azure DevOps Server'
@@ -72,7 +72,7 @@ body:
     id: describe-bug
     attributes:
       label: Describe the bug
-      description: 'Do not report any security concerns here. Email [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com) instead.'
+      description: 'Do not report any security concerns here. Email [renovate-disclosure@mend.io](mailto:renovate-disclosure@mend.io) instead.'
     validations:
       required: true
 

.github/ISSUE_TEMPLATE/refactor.yml

@@ -10,6 +10,6 @@ body:
     id: describe-proposed-changes
     attributes:
       label: Describe the proposed change(s).
-      description: 'Do not report any security concerns here. Email renovate-disclosure@whitesourcesoftware.com instead.'
+      description: 'Do not report any security concerns here. Email renovate-disclosure@mend.io instead.'
     validations:
       required: true

.github/contributing.md

@@ -2,7 +2,7 @@
 
 ## Security / Disclosure
 
-If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com).
+If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@mend.io](mailto:renovate-disclosure@mend.io).
 This way we can evaluate the bug and hopefully fix it before it gets abused.
 Please give us enough time to investigate the bug before you report it anywhere else.
 

.github/label-actions.yml

@@ -34,7 +34,7 @@
 
     ### No logs at all
 
-    If there's no log posted yet, we need you to find and copy/paste the log into the issue template.
+    If you haven't posted any log yet, we need you to find and copy/paste the log into the issue template.
 
 
     #### Finding logs on hosted app
@@ -72,7 +72,7 @@
     <details><summary>Click me to read instructions</summary>
 
 
-    If you already provided logs, and the Renovate team said they are not enough, follow the instructions from the **No logs at all** section.
+    If you already gave us a log, and the Renovate team said it's not enough, then follow the instructions from the **No logs at all** section.
 
     </details>
 
@@ -88,7 +88,7 @@
         <details><summary>Click me to see logs</summary>
 
         ```
-        Copy/paste any log here, between the starting and ending backticks
+        Copy/paste your logs here, between the starting and ending backticks
         ```
 
         </details>
@@ -100,12 +100,12 @@
     Hi there,
 
 
-    You're requesting support for a new package manager.
+    You're asking us to support a new package manager.
     We need to know some basic information about this package manager first.
     Please copy/paste [the new package manager questionnaire](https://github.com/renovatebot/renovate/blob/main/docs/development/new-package-manager-template.md), and fill it out in full.
 
 
-    Once the questionnaire is filled out we will evaluate if adding support for this manager is something we want to do.
+    Once the questionnaire is filled out we'll decide if we want to support this new manager.
 
 
     Good luck,
@@ -118,7 +118,7 @@
     Hi there,
 
 
-    You're reporting a problem with an outdated version of Renovate.
+    You're reporting a problem with an old version of Renovate.
     Please try the latest version and tell us if that fixes your problem.
 
 

.github/workflows/build.yml

@@ -4,7 +4,6 @@ on:
   push:
     branches:
       - main
-      - v25
 
   pull_request:
 
@@ -15,6 +14,9 @@ on:
         default: 'true'
         required: false
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
   cancel-in-progress: true
@@ -24,7 +26,6 @@ env:
   DEFAULT_BRANCH: main
   NODE_VERSION: 14
   DRY_RUN: true
-  SKIP_JAVA_TESTS: true
 
 jobs:
   test:
@@ -42,24 +43,23 @@ jobs:
         include: >-
           ${{ fromJSON((github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) && '[{
             "os": "macos-latest",
-            "node-version": 14
+            "node-version": 16
           }, {
             "os": "windows-latest",
-            "node-version": 14
+            "node-version": 16
           }]' || '[]') }}
 
     env:
       coverage: ${{ matrix.os == 'ubuntu-latest' && (matrix.node-version == 14 || matrix.node-version == 16) }}
       NODE_VERSION: ${{ matrix.node-version }}
-      JAVA_VERSION: ${{ matrix.java-version }}
 
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
         with:
           fetch-depth: 2
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
@@ -83,11 +83,17 @@ jobs:
       - name: Build
         run: yarn build
 
+      - name: Cache jest cache
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # tag=v3.0.11
+        with:
+          path: .cache/jest
+          key: ${{ runner.os }}-${{ matrix.node-version }}-jest-${{ hashFiles('yarn.lock') }}
+
       - name: Unit tests
-        run: yarn jest:${{ env.NODE_VERSION }} --maxWorkers=2 --ci --coverage ${{ env.coverage }}
+        run: yarn jest --ci --coverage ${{ env.coverage }}
 
       - name: Codecov
-        uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # tag=v3.1.0
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # tag=v3.1.1
         if: always() && env.coverage == 'true'
 
       - name: E2E Test
@@ -100,12 +106,12 @@ jobs:
     timeout-minutes: 15
 
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
         with:
           fetch-depth: 2
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
@@ -138,24 +144,28 @@ jobs:
       - name: Type check
         run: yarn type-check
 
-      - name: Null check
-        run: yarn null-check
+      - name: Strict check
+        run: yarn strict-check
 
   release:
     needs: [lint, test]
-    if: github.event_name != 'pull_request'
+    if: github.repository == 'renovatebot/renovate' && github.event_name != 'pull_request'
     runs-on: ubuntu-latest
     # release shouldn't need more than 5 min
     timeout-minutes: 15
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
 
     steps:
       # full checkout for semantic-release
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
         with:
           fetch-depth: 0
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn

.github/workflows/codeql-analysis.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
 
       - name: Delete fixtures to suppress false positives
         run: |
@@ -30,7 +30,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
+        uses: github/codeql-action/init@807578363a7869ca324a79039e6db9c843e0e100 # tag=v2.1.27
         with:
           languages: javascript
 
@@ -40,7 +40,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
+        uses: github/codeql-action/autobuild@807578363a7869ca324a79039e6db9c843e0e100 # tag=v2.1.27
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -54,4 +54,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
+        uses: github/codeql-action/analyze@807578363a7869ca324a79039e6db9c843e0e100 # tag=v2.1.27

.github/workflows/dependency-review.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@a9c83d3af6b9031e20feba03b904645bb23d1dab # tag=v1.0.2
+        uses: actions/dependency-review-action@fd675ced9c17f1393071e1a2e685ab527e585a0c # tag=v2.5.0

.github/workflows/release-npm.yml

@@ -23,6 +23,9 @@ env:
   NPM_VERSION: ${{ github.event.client_payload.version }}
   NPM_TAG: ${{ github.event.client_payload.tag }}
 
+permissions:
+  contents: read
+
 jobs:
   release-npm:
     runs-on: ubuntu-latest
@@ -35,12 +38,12 @@ jobs:
             echo "NPM_TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
           fi
 
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
         with:
           ref: ${{ env.GIT_SHA }}
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn

.github/workflows/stale-action.yml

@@ -5,11 +5,15 @@ on:
   schedule:
     - cron: '30 1 * * *'
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@3cc123766321e9f15a6676375c154ccffb12a358 # tag=v5.0.0
+      - uses: actions/stale@99b6c709598e2b0d0841cd037aaf1ba07a4410bd # tag=v5.2.0
         with:
           # Rate limit per run, (defaults to 30, but we've increased it to 40 for now).
           operations-per-run: 40
@@ -32,6 +36,9 @@ jobs:
           days-before-issue-close: 7
           close-issue-message: 'This bug report has been closed as we need a reproduction to work on this. If the original poster or anybody else with the same problem discovers that they can reproduce it, please create a new issue, and reference this issue.'
 
-          # Never label/close any pull requests
+          # Close stale issues as "not planned" on GitHub.
+          close-issue-reason: 'not_planned'
+
+          # Never label/close any pull requests.
           days-before-pr-close: -1
           days-before-pr-stale: -1

.github/workflows/update-data.yml

+name: 'Update static data'
+on:
+  schedule:
+    - cron: '0 0 * * 0' # Every Sunday at midnight
+  workflow_dispatch:
+
+env:
+  NODE_VERSION: 16
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-data:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+
+      - name: Set up Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # tag=v3.5.1
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+          cache: yarn
+
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Update static data
+        run: yarn run update-static-data
+
+      - name: Run Prettier
+        run: yarn prettier-fix
+
+      - name: Create pull request
+        uses: peter-evans/create-pull-request@671dc9c9e0c2d73f07fa45a3eb0220e1622f0c5f # tag=v4.1.3
+        with:
+          author: 'Renovate Bot <renovate@whitesourcesoftware.com>'
+          branch: 'chore/update-static-data'
+          commit-message: 'fix(data): automatic update of static data'
+          committer: 'Renovate Bot <renovate@whitesourcesoftware.com>'
+          title: 'fix(data): automatic update of static data'
+          assignees: rarkins,viceice

.github/workflows/ws_scan.yaml

@@ -4,11 +4,14 @@ on:
   push:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   WS_SCAN:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
 
       - name: Download UA
         run: curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar

.gitignore

 /node_modules
-/config.js
+/config.js*
 /coverage
 /dist
 /tmp
@@ -10,6 +10,7 @@
 /package-lock.json
 *.pyc
 renovate-0.0.0-semantic-release.tgz
+renovate-v0.0.0-semantic-release.tgz
 /test/e2e/node_modules
 .eslintcache
 junit.xml

.prettierignore

@@ -13,6 +13,7 @@ package.json
 **/__mocks__/
 bin/yarn*
 .clinic/
+.eslintcache
 
 # generated code
 **/*.generated.ts

.releaserc

@@ -91,11 +91,6 @@
   },
   "tagFormat": "${version}",
   "branches": [
-    {
-      "name": "v25",
-      "range": "25.x",
-      "channel": "version25"
-    },
     {
       "name": "main"
     }

.vscode/extensions.json

 {
   "recommendations": [
-    "EditorConfig.editorconfig",
+    "dbaeumer.vscode-eslint",
     "esbenp.prettier-vscode",
-    "dbaeumer.vscode-eslint"
+    "orta.vscode-jest",
+    "EditorConfig.editorconfig"
   ]
 }

.vscode/launch.json

@@ -14,6 +14,20 @@
       "protocol": "inspector",
       "skipFiles": ["<node_internals>/**/*.js"]
     },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "debug (clean cache)",
+      "program": "${workspaceFolder}/lib/renovate.ts",
+      "env": {
+        "LOG_LEVEL": "debug"
+      },
+      "preLaunchTask": "npm: clean-cache",
+      "console": "integratedTerminal",
+      "runtimeArgs": ["-r", "ts-node/register/transpile-only"],
+      "protocol": "inspector",
+      "skipFiles": ["<node_internals>/**/*.js"]
+    },
     {
       "type": "node",
       "request": "launch",