Compare revisions

e0d89179 · deae1b07 · d3b774e8 · cfcd308c · eaf8100f · 54f5adf9
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
-FROM containerbase/node:14.18.3@sha256:bac890a8a240489b42b45cdde56268652a925e2e52f26e15142a44f42f444153
+FROM containerbase/node:14.19.3@sha256:c0625aee5e86099a4680ba316a9b82d9988a1b6494009e2a9ad1fabb368d5c69

+USER root

 # renovate: datasource=npm
-RUN install-tool yarn 1.22.17
+RUN install-tool yarn 1.22.18
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -2,7 +2,8 @@
  "name": "Renovate",
  "dockerFile": "Dockerfile",
  "settings": {
-    "terminal.integrated.shell.linux": "/bin/bash"
+    "terminal.integrated.profiles.linux": { "bash": { "path": "/bin/bash" } },
+    "terminal.integrated.defaultProfile.linux": "bash"
  },
  "extensions": [
    "dbaeumer.vscode-eslint",

--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -3,7 +3,7 @@ module.exports = {
  env: {
    node: true,
  },
-  plugins: ['@renovate', 'typescript-enum'],
+  plugins: ['@renovate', 'typescript-enum', 'jest-formatting'],
  extends: [
    'eslint:recommended',
    'plugin:import/errors',
@@ -15,6 +15,7 @@ module.exports = {
    'plugin:@typescript-eslint/recommended',
    'plugin:@typescript-eslint/recommended-requiring-type-checking',
    'plugin:promise/recommended',
+    'plugin:jest-formatting/recommended',
    'prettier',
  ],
  parserOptions: {
@@ -70,7 +71,10 @@ module.exports = {

    // disallow direct `nock` module usage as it causes memory issues.
    // disallow `parse-link-header` to allow override ENV https://github.com/thlorenz/parse-link-header#environmental-variables
-    'no-restricted-imports': [2, { paths: ['nock', 'parse-link-header'] }],
+    'no-restricted-imports': [
+      2,
+      { paths: ['nock', 'parse-link-header', 'path'] },
+    ],

    // Makes no sense to allow type inference for expression parameters, but require typing the response
    '@typescript-eslint/explicit-function-return-type': [
@@ -80,7 +84,8 @@ module.exports = {

    // TODO: fix lint
    '@typescript-eslint/no-explicit-any': 0,
-    '@typescript-eslint/no-non-null-assertion': 2,
+    // TODO: https://github.com/renovatebot/renovate/issues/7154
+    '@typescript-eslint/no-non-null-assertion': 0,
    '@typescript-eslint/no-unused-vars': [
      2,
      {

--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
 *.md                                   @HonkingGoose

-/lib/manager/git-submodules/           @JamieMagee
+/lib/modules/manager/git-submodules/           @JamieMagee

-/lib/platform/azure/                   @JamieMagee
-/lib/platform/gitea/                   @ppmathis
+/lib/modules/platform/azure/                   @JamieMagee
+/lib/modules/platform/gitea/                   @ppmathis
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -2,12 +2,19 @@ name: Bug report
 description: You've found a bug with Renovate.
 labels: ['type:bug', 'status:requirements', 'priority-5-triage']
 body:
+  - type: markdown
+    attributes:
+      value: |
+        Before you begin to fill out the form, make sure you have actually found a bug.
+        If you're not sure then create a [discussion](https://github.com/renovatebot/renovate/discussions) first.
+        If you have questions or want help with Renovate, then also create a [discussion](https://github.com/renovatebot/renovate/discussions).
+
  - type: dropdown
    id: how-are-you-running-renovate
    attributes:
      label: How are you running Renovate?
      options:
-        - 'WhiteSource Renovate hosted app on github.com'
+        - 'Mend Renovate hosted app on github.com'
        - 'Self-hosted'
    validations:
      required: true
@@ -40,6 +47,14 @@ body:
    id: platform-version-if-selfhosting
    attributes:
      label: If you're self-hosting Renovate, tell us what version of the platform you run.
+      description: |
+        This field is for the version number of your _platform_, so one of these:
+          - GitHub (.com and Enterprise Server)
+          - GitLab (.com and CE/EE)
+          - Bitbucket Cloud
+          - Bitbucket Server
+          - Azure DevOps
+          - Gitea
    validations:
      required: false

@@ -68,13 +83,15 @@ body:
      description: |
        Try not to raise a bug report unless you've looked at the logs first.
        If you're running self-hosted, run with `LOG_LEVEL=debug` in your environment variables and search for whatever dependency/branch/PR that is causing the problem.
-        If you are using the Renovate App, log into https://app.renovatebot.com/dashboard and locate the correct job log for when the problem occurred (e.g. when the PR was created).
-        Paste the *relevant* logs here, not the entire thing and not just a link to the dashboard (others do not have permissions to view them).
+        If you are using the Renovate App, log into [Renovate's app dashboard](https://app.renovatebot.com/dashboard) and locate the correct job log for when the problem occurred (e.g. when the PR was created).
+        Try to paste the *relevant* logs here, not the entire thing and not just a link to the dashboard (others don't have permissions to view them).
+        If you're not sure about the relevant parts of the log, then feel free to post the full log to a [Github Gist](https://gist.github.com/) and link to it.
+        Try to highlight the important logs into the issue itself.
      value: |
        <details><summary>Logs</summary>

        ```
-        Copy/paste any log here, between the starting and ending backticks
+        Copy/paste the relevant log(s) here, between the starting and ending backticks
        ```

        </details>

--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -6,7 +6,7 @@ body:
    id: what-would-you-like-renovate-to-be-able-to-do
    attributes:
      label: What would you like Renovate to be able to do?
-      placeholder: "Tell us what requirements you need solving, and be sure to mention too if this is part of any bigger problem you're trying to solve."
+      description: Tell us what requirements you need solving, and be sure to mention too if this is part of any bigger problem you're trying to solve.
    validations:
      required: true

@@ -14,7 +14,9 @@ body:
    id: implementation-idea-textbox
    attributes:
      label: If you have any ideas on how this should be implemented, please tell us here.
-      placeholder: "In case you've already dug into existing options or source code and have ideas, mention them here. Try to keep implementation ideas separate from requirements."
+      description: |
+        In case you've already dug into existing options or source code and have ideas, mention them here.
+        Try to keep implementation ideas separate from requirements.
    validations:
      required: true


--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
-paths-ignore:
-  - /__fixtures__/**
--- a/.github/contributing.md
+++ b/.github/contributing.md
 # Contributing

-## Security
+## Security / Disclosure

-If you think you've found a **security issue**, please do not mention it in this repository.
-Instead, email renovate-disclosure@whitesourcesoftware.com with as much details as possible so that it can be handled confidentially.
+If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com).
+This way we can evaluate the bug and hopefully fix it before it gets abused.
+Please give us enough time to investigate the bug before you report it anywhere else.
+
+Please do not create GitHub issues for security-related doubts or problems.

 ## Support

@@ -15,9 +18,9 @@ If you've found a **bug** or have a **feature request** then please create an is

 ## Code

-If you would like to fix a bug or implement a feature, please fork the repository and create a Pull Request.
+If you would like to fix a bug or work on a feature, please fork the repository and create a Pull Request.
 To learn how to setup your local workstation correctly read [docs/development/local-development.md](../docs/development/local-development.md).
-Also skim the [docs/development](../docs/development/) folder, it contains a lot of helpful information on things like adding a new package manager, how Renovate branches work, design decisions and more.
+Also skim the [docs/development](../docs/development/) folder, it has a lot of helpful information on things like adding a new package manager, how Renovate branches work, design decisions and more.

 Before you start any Pull Request, it's recommended that you open a [discussion](https://github.com/renovatebot/renovate/discussions) first if you have any doubts about requirements or implementation.
 That way you can be sure that the maintainer(s) agree on what to change and how, and you can hopefully get a quick merge afterwards.
@@ -32,6 +35,8 @@ This makes it harder for us to review your work because we don't know what has c
 PRs will always be squashed by us when we merge your work.
 Commit as many times as you need in your pull request branch.

+If you are updating your PR branch from within the GitHub PR interface, then only use the default "Update branch" button.
+
 Force pushing a PR is OK when:

 - you need to make large changes on a PR which require a full review anyway
@@ -64,12 +69,14 @@ Read more about this in the [GitHub docs, Re-requesting a review](https://docs.g

 ## Slack collaboration with maintainers

-Sometimes the codebase can be a challenge to navigate, especially for a first-time contributor.
+The codebase can be difficult to navigate, especially for a first-time contributor.
 We don't want you spending an hour trying to work out something that would take us only a minute to explain.

 For that reason, we have a Slack channel dedicated to helping anyone who's working on or considering Pull Requests for Renovate.
 Please email rhys@arkins.net and simply mention that you need an invitation to the channel and you'll be added ASAP.

+Important: this Slack group is restricted to development questions only in order to keep the volume of messages lower - all technical support questions should still be posted to this repository's Discussions instead.
+
 ## Legal

 Pull Request authors must sign the [Renovate CLA](https://cla-assistant.io/renovateapp/renovate).

--- a/.github/label-actions.yml
+++ b/.github/label-actions.yml
@@ -3,17 +3,18 @@
    Hi there,


-    Help us by making a minimal reproduction repository.
+    Get your issue fixed faster by creating a minimal reproduction.
+    This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.


-    Before we can start work on your issue we first need to know exactly what's causing the current behavior.
+    Before we start working on your issue we need to know exactly what's causing the current behavior.
    A minimal reproduction helps us with this.


-    To get started, please read our guide on creating a [minimal reproduction](https://github.com/renovatebot/renovate/blob/main/docs/development/minimal-reproductions.md) to understand what is needed.
+    To get started, please read our guide on creating a [minimal reproduction](https://github.com/renovatebot/renovate/blob/main/docs/development/minimal-reproductions.md).


-    We may close the issue if you (or someone else) have not provided a minimal reproduction within two weeks.
+    We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks.
    If you need more time, or are stuck, please ask for help or more time in a comment.


@@ -45,7 +46,7 @@

    1. Go to the affected PR, and search for "View repository job log here"

-    1. Click on the link to go to the "WhiteSource Renovate Dashboard" and log in
+    1. Click on the link to go to the "Mend Renovate Dashboard" and log in

    1. You are now in the correct repository log overview screen


--- a/.github/prettifier.yml
+++ b/.github/prettifier.yml
-commitMessage: 'Apply prettier formatting fix'
-excludeBranches:
-  - main
-pullsOnly: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
 <!-- If this is your first pull request: sign the CLA with this GitHub app: https://cla-assistant.io/renovatebot/renovate -->
 <!-- Make sure the `Allow edits and access to secrets by maintainers` checkbox is checked on this pull request. -->
+<!-- Please read https://github.com/renovatebot/renovate/blob/main/.github/contributing.md before you create your pull request.-->

-## Changes:
+## Changes

 <!-- Describe what behavior is changed by this PR. -->

-## Context:
+## Context

 <!-- Describe why you're making these changes if it's not already explained in a corresponding issue. -->
 <!-- If you're closing an existing issue with this pull request, use the keyword Closes #issue_number -->

--- a/.github/semantic.yml
+++ b/.github/semantic.yml
-# Semantic Commit bot: https://github.com/zeke/semantic-pull-requests
+# Semantic Commit bot: https://github.com/Ezard/semantic-prs

 # Always validate the PR title, and ignore the commits
 titleOnly: true
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -24,6 +24,7 @@ env:
  DEFAULT_BRANCH: main
  NODE_VERSION: 14
  DRY_RUN: true
+  SKIP_JAVA_TESTS: true

 jobs:
  test:
@@ -31,52 +32,38 @@ jobs:
    runs-on: ${{ matrix.os }}

    # tests shouldn't need more time
-    timeout-minutes: 30
+    timeout-minutes: 45

    strategy:
      matrix:
        os: [ubuntu-latest]
        node-version: [14, 16]
-        java-version: [11]
        # skip macOS and Windows test on pull requests without 'ci:fulltest' label
        include: >-
          ${{ fromJSON((github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) && '[{
            "os": "macos-latest",
-            "node-version": 14,
-            "java-version": 11
+            "node-version": 14
          }, {
            "os": "windows-latest",
-            "node-version": 14,
-            "java-version": 11
+            "node-version": 14
          }]' || '[]') }}

    env:
      coverage: ${{ matrix.os == 'ubuntu-latest' && (matrix.node-version == 14 || matrix.node-version == 16) }}
      NODE_VERSION: ${{ matrix.node-version }}
      JAVA_VERSION: ${{ matrix.java-version }}
-      # skip Java tests on pull requests without 'ci:fulltest' label
-      SKIP_JAVA_TESTS: ${{ matrix.node-version != 14 || (github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) }}

    steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
        with:
          fetch-depth: 2

      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: yarn

-      - name: Set up Java  ${{ env.JAVA_VERSION }}
-        if: env.SKIP_JAVA_TESTS == 'false'
-        uses: actions/setup-java@f0bb91606209742fe3ea40199be2f3ef195ecabf # renovate: tag=v2.5.0
-        with:
-          java-version: ${{ env.JAVA_VERSION }}
-          distribution: 'adopt'
-          java-package: jre
-          check-latest: false
-
      - name: Init platform
        shell: bash
        run: |
@@ -97,10 +84,10 @@ jobs:
        run: yarn build

      - name: Unit tests
-        run: yarn jest --maxWorkers=2 --ci --coverage ${{ env.coverage }}
+        run: yarn jest:${{ env.NODE_VERSION }} --maxWorkers=2 --ci --coverage ${{ env.coverage }}

      - name: Codecov
-        uses: codecov/codecov-action@f32b3a3741e1053eb607407145bc9619351dc93b # renovate: tag=v2.1.0
+        uses: codecov/codecov-action@81cd2dc8148241f03f5839d295e000b8f761e378 # tag=v3.1.0
        if: always() && env.coverage == 'true'

      - name: E2E Test
@@ -113,12 +100,12 @@ jobs:
    timeout-minutes: 15

    steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
        with:
          fetch-depth: 2

      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: yarn
@@ -163,12 +150,12 @@ jobs:

    steps:
      # full checkout for semantic-release
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
        with:
          fetch-depth: 0

      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: yarn
@@ -205,7 +192,7 @@ jobs:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

      - name: Upload docs
-        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # renovate: tag=v2.3.1
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
        with:
          name: docs
          path: tmp/docs/
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -22,13 +22,17 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+
+      - name: Delete fixtures to suppress false positives
+        run: |
+          find ./lib -type d -name '__fixtures__' -exec rm -rf {} \; || true

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@8b37404d562d866ad6a65d0ecb4fa5131e047ca4 # renovate: tag=v1.0.30
+        uses: github/codeql-action/init@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
        with:
-          config-file: ./.github/codeql/codeql-config.yml
+          languages: javascript

        # Override language selection by uncommenting this and choosing your languages
        # with:
@@ -36,7 +40,7 @@ jobs:
      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below)
      - name: Autobuild
-        uses: github/codeql-action/autobuild@8b37404d562d866ad6a65d0ecb4fa5131e047ca4 # renovate: tag=v1.0.30
+        uses: github/codeql-action/autobuild@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12

      # ℹ️ Command-line programs to run using the OS shell.
      # 📚 https://git.io/JvXDl
@@ -50,4 +54,4 @@ jobs:
      #   make release

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8b37404d562d866ad6a65d0ecb4fa5131e047ca4 # renovate: tag=v1.0.30
+        uses: github/codeql-action/analyze@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
+
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@a9c83d3af6b9031e20feba03b904645bb23d1dab # tag=v1.0.2
--- a/.github/workflows/release-npm.yml
+++ b/.github/workflows/release-npm.yml
@@ -35,12 +35,12 @@ jobs:
            echo "NPM_TAG=${{ github.event.inputs.tag }}" >> $GITHUB_ENV
          fi

-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
        with:
          ref: ${{ env.GIT_SHA }}

      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561 # renovate: tag=v2.5.1
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: yarn

--- a/.github/workflows/stale-action.yml
+++ b/.github/workflows/stale-action.yml
@@ -9,7 +9,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@7fb802b3079a276cf3c7e6ba9aa003c665b3f838 # renovate: tag=v4.1.0
+      - uses: actions/stale@3cc123766321e9f15a6676375c154ccffb12a358 # tag=v5.0.0
        with:
          # Rate limit per run, (defaults to 30, but we've increased it to 40 for now).
          operations-per-run: 40

--- a/.github/workflows/ws_scan.yaml
+++ b/.github/workflows/ws_scan.yaml
@@ -8,7 +8,7 @@ jobs:
  WS_SCAN:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # renovate: tag=v2.4.0
+      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2

      - name: Download UA
        run: curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar

--- a/.gitpod.yml
+++ b/.gitpod.yml
+tasks:
+  - init: >
+      nvm install 16 &&
+      nvm use 16 &&
+      yarn install &&
+      yarn run build
+    command: yarn run start
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -8,6 +8,9 @@
  "[json]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode"
  },
+  "[md]": {
+    "editor.wordBasedSuggestions": false
+  },
  "files.associations": {
    "Dockerfile.*": "dockerfile",
    ".releaserc": "json"
No results found