renovate 40.8.1 → 40.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/config/options/index.js +1 -1
  2. package/dist/config/options/index.js.map +1 -1
  3. package/dist/modules/datasource/cdnjs/index.js +2 -1
  4. package/dist/modules/datasource/cdnjs/index.js.map +1 -1
  5. package/dist/modules/datasource/crate/index.js +2 -1
  6. package/dist/modules/datasource/crate/index.js.map +1 -1
  7. package/dist/modules/datasource/maven/index.js +5 -19
  8. package/dist/modules/datasource/maven/index.js.map +1 -1
  9. package/dist/modules/datasource/maven/util.js +7 -1
  10. package/dist/modules/datasource/maven/util.js.map +1 -1
  11. package/dist/util/cache/package/types.d.ts +1 -1
  12. package/dist/util/cache/package/types.js.map +1 -1
  13. package/dist/util/merge-confidence/index.js +4 -1
  14. package/dist/util/merge-confidence/index.js.map +1 -1
  15. package/package.json +1 -1
  16. package/renovate-schema.json +1 -1
package/dist/util/merge-confidence/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../lib/util/merge-confidence/index.ts"],"names":[],"mappings":";;;AA0BA,gCAaC;AAED,kCAIC;AAED,8CAEC;AAED,0DAEC;AAED,4DAKC;AA6BD,0DAyBC;AAkFD,kDAoBC;AAsBD,kCAKC;;AAnPD,kEAAkC;AAClC,qFAAoH;AAEpH,yCAAsC;AACtC,gFAA2E;AAC3E,uEAAiD;AACjD,iEAA2C;AAC3C,kCAA+B;AAC/B,oCAAiC;AACjC,gCAA2D;AAC3D,qCAA4C;AAG5C,MAAM,QAAQ,GAAG,kBAAkB,CAAC;AACpC,MAAM,IAAI,GAAG,IAAI,WAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,IAAI,KAAyB,CAAC;AAC9B,IAAI,UAA8B,CAAC;AACnC,IAAI,oBAAoB,GAAa,EAAE,CAAC;AAE3B,QAAA,gBAAgB,GAAoC;IAC/D,GAAG,EAAE,CAAC,CAAC;IACP,OAAO,EAAE,CAAC;IACV,IAAI,EAAE,CAAC;IACP,WAAW,EAAE,CAAC;CACf,CAAC;AAEF,SAAgB,UAAU,CAAC,EACzB,uBAAuB,EACvB,0BAA0B,GAChB;IACV,UAAU,GAAG,aAAa,CAAC,uBAAuB,CAAC,CAAC;IACpD,KAAK,GAAG,WAAW,EAAE,CAAC;IAEtB,oBAAoB;QAClB,0BAA0B,IAAI,uCAA0B,CAAC;IAE3D,IAAI,CAAC,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,eAAM,CAAC,KAAK,CAAC,oCAAoC,UAAU,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,SAAgB,WAAW;IACzB,KAAK,GAAG,SAAS,CAAC;IAClB,UAAU,GAAG,SAAS,CAAC;IACvB,oBAAoB,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,OAAO,yBAAgB,CAAC,QAAQ,CAAC,KAAwB,CAAC,CAAC;AAC7D,CAAC;AAED,SAAgB,uBAAuB,CAAC,UAAkB;IACxD,OAAO,iBAAiB,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,KAAK,CAAC;AAC/D,CAAC;AAED,SAAgB,wBAAwB,CACtC,UAA2B,EAC3B,iBAAkC;IAElC,OAAO,wBAAgB,CAAC,UAAU,CAAC,IAAI,wBAAgB,CAAC,iBAAiB,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,2BAA2B,GAC/B;IACE,GAAG,EAAE,MAAM;IACX,MAAM,EAAE,SAAS;IACjB,SAAS,EAAE,MAAM;IACjB,IAAI,EAAE,SAAS;IACf,mBAAmB,EAAE,SAAS;IAC9B,cAAc,EAAE,SAAS;IACzB,QAAQ,EAAE,SAAS;IACnB,WAAW,EAAE,SAAS;IACtB,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,IAAI;CACZ,CAAC;AAEJ;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,uBAAuB,CAC3C,UAAkB,EAClB,WAAmB,EACnB,cAAsB,EACtB,UAAkB,EAClB,UAAsB;IAEtB,IAAI,YAAE,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,CAAC,cAAc,IAAI,UAAU,IAAI,UAAU,CAAC,EAAE,CAAC;QAClD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACjE,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,OAAO,MAAM,QAAQ,CAAC,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,QAAQ,CACrB,UAAkB,EAClB,WAAmB,EACnB,cAAsB,EACtB,UAAkB;IAElB,qFAAqF;IACrF,IAAI,YAAE,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,kBAAkB,GAAG,WAAW,CAAC,OAAO,CAAC,IAAA,aAAK,EAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,IAAA,kBAAY,EACtB,UAAU,EACV,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,cAAc,EACd,UAAU,CACX,CAAC;IACF,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,GAAG,EAAE,CAAC;IACnC,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEhE,qBAAqB;IACrB,IAAI,YAAY,EAAE,CAAC;QACjB,eAAM,CAAC,KAAK,CACV;YACE,UAAU;YACV,WAAW;YACX,cAAc;YACd,UAAU;YACV,YAAY;SACb,EACD,sCAAsC,CACvC,CAAC;QACF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,UAAU,GAAoB,SAAS,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CACV,MAAM,IAAI,CAAC,gBAAgB,CAAkC,GAAG,CAAC,CAClE,CAAC,IAAI,CAAC;QACP,IAAI,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QAC9B,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAe,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,MAAM,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3D,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,mBAAmB,CAAC,MAAiB;IACzD,UAAU,CAAC,MAAM,CAAC,CAAC;IAEnB,IAAI,YAAE,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACvD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,kBAAY,EAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAe,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,eAAM,CAAC,KAAK,CACV,EAAE,oBAAoB,EAAE,EACxB,mDAAmD,CACpD,CAAC;IACF,OAAO;AACT,CAAC;AAED,SAAS,aAAa,CAAC,uBAA2C;IAChE,MAAM,cAAc,GAAG,4BAA4B,CAAC;IACpD,MAAM,WAAW,GAAG,uBAAuB,IAAI,cAAc,CAAC;IAE9D,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtD,eAAM,CAAC,KAAK,CACV,EAAE,OAAO,EAAE,aAAa,EAAE,EAC1B,gEAAgE,CACjE,CAAC;QACF,OAAO,IAAA,yBAAmB,EAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,WAAW,EAAE,EACpB,oGAAoG,CACrG,CAAC;QACF,OAAO,cAAc,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAgB,WAAW;IACzB,OAAO,SAAS,CAAC,IAAI,CAAC;QACpB,GAAG,EAAE,UAAU;QACf,QAAQ;KACT,CAAC,EAAE,KAAK,CAAC;AACZ,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,GAAQ;IAC/B,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1D,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;QAC5E,MAAM,IAAI,uCAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;QAC5E,MAAM,IAAI,uCAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;QAClD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kDAAkD,CAAC,CAAC;QAC1E,MAAM,IAAI,uCAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,sCAAsC,CAAC,CAAC;AAC/D,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { supportedDatasources as presetSupportedDatasources } from '../../config/presets/internal/merge-confidence';\nimport type { AllConfig, UpdateType } from '../../config/types';\nimport { logger } from '../../logger';\nimport { ExternalHostError } from '../../types/errors/external-host-error';\nimport * as packageCache from '../cache/package';\nimport * as hostRules from '../host-rules';\nimport { Http } from '../http';\nimport { regEx } from '../regex';\nimport { ensureTrailingSlash, joinUrlParts } from '../url';\nimport { MERGE_CONFIDENCE } from './common';\nimport type { MergeConfidence } from './types';\n\nconst hostType = 'merge-confidence';\nconst http = new Http(hostType);\nlet token: string | undefined;\nlet apiBaseUrl: string | undefined;\nlet supportedDatasources: string[] = [];\n\nexport const confidenceLevels: Record<MergeConfidence, number> = {\n low: -1,\n neutral: 0,\n high: 1,\n 'very high': 2,\n};\n\nexport function initConfig({\n mergeConfidenceEndpoint,\n mergeConfidenceDatasources,\n}: AllConfig): void {\n apiBaseUrl = getApiBaseUrl(mergeConfidenceEndpoint);\n token = getApiToken();\n\n supportedDatasources =\n mergeConfidenceDatasources ?? presetSupportedDatasources;\n\n if (!is.nullOrUndefined(token)) {\n logger.debug(`Merge confidence token found for ${apiBaseUrl}`);\n }\n}\n\nexport function resetConfig(): void {\n token = undefined;\n apiBaseUrl = undefined;\n supportedDatasources = [];\n}\n\nexport function isMergeConfidence(value: string): value is MergeConfidence {\n return MERGE_CONFIDENCE.includes(value as MergeConfidence);\n}\n\nexport function isActiveConfidenceLevel(confidence: string): boolean {\n return isMergeConfidence(confidence) && confidence !== 'low';\n}\n\nexport function satisfiesConfidenceLevel(\n confidence: MergeConfidence,\n minimumConfidence: MergeConfidence,\n): boolean {\n return confidenceLevels[confidence] >= confidenceLevels[minimumConfidence];\n}\n\nconst updateTypeConfidenceMapping: Record<UpdateType, MergeConfidence | null> =\n {\n pin: 'high',\n digest: 'neutral',\n pinDigest: 'high',\n bump: 'neutral',\n lockFileMaintenance: 'neutral',\n lockfileUpdate: 'neutral',\n rollback: 'neutral',\n replacement: 'neutral',\n major: null,\n minor: null,\n patch: null,\n };\n\n/**\n * Retrieves the merge confidence of a package update if the merge confidence API is enabled. Otherwise, undefined is returned.\n *\n * @param datasource\n * @param packageName\n * @param currentVersion\n * @param newVersion\n * @param updateType\n *\n * @returns The merge confidence level for the given package release.\n * @throws {ExternalHostError} If a request has been made and an error occurs during the request, such as a timeout, connection reset, authentication failure, or internal server error.\n */\nexport async function getMergeConfidenceLevel(\n datasource: string,\n packageName: string,\n currentVersion: string,\n newVersion: string,\n updateType: UpdateType,\n): Promise<MergeConfidence | undefined> {\n if (is.nullOrUndefined(apiBaseUrl) || is.nullOrUndefined(token)) {\n return undefined;\n }\n\n if (!supportedDatasources.includes(datasource)) {\n return undefined;\n }\n\n if (!(currentVersion && newVersion && updateType)) {\n return 'neutral';\n }\n\n const mappedConfidence = updateTypeConfidenceMapping[updateType];\n if (mappedConfidence) {\n return mappedConfidence;\n }\n\n return await queryApi(datasource, packageName, currentVersion, newVersion);\n}\n\n/**\n * Queries the Merge Confidence API with the given package release information.\n *\n * @param datasource\n * @param packageName\n * @param currentVersion\n * @param newVersion\n *\n * @returns The merge confidence level for the given package release.\n * @throws {ExternalHostError} if a timeout or connection reset error, authentication failure, or internal server error occurs during the request.\n *\n * @remarks\n * Results are cached for 60 minutes to reduce the number of API calls.\n */\nasync function queryApi(\n datasource: string,\n packageName: string,\n currentVersion: string,\n newVersion: string,\n): Promise<MergeConfidence> {\n // istanbul ignore if: defensive, already been validated before calling this function\n if (is.nullOrUndefined(apiBaseUrl) || is.nullOrUndefined(token)) {\n return 'neutral';\n }\n\n const escapedPackageName = packageName.replace(regEx(/\\//g), '%2f');\n const url = joinUrlParts(\n apiBaseUrl,\n 'api/mc/json',\n datasource,\n escapedPackageName,\n currentVersion,\n newVersion,\n );\n const cacheKey = `${token}:${url}`;\n const cachedResult = await packageCache.get(hostType, cacheKey);\n\n // istanbul ignore if\n if (cachedResult) {\n logger.debug(\n {\n datasource,\n packageName,\n currentVersion,\n newVersion,\n cachedResult,\n },\n 'using merge confidence cached result',\n );\n return cachedResult;\n }\n\n let confidence: MergeConfidence = 'neutral';\n try {\n const res = (\n await http.getJsonUnchecked<{ confidence: MergeConfidence }>(url)\n ).body;\n if (isMergeConfidence(res.confidence)) {\n confidence = res.confidence;\n }\n } catch (err) {\n apiErrorHandler(err);\n }\n\n await packageCache.set(hostType, cacheKey, confidence, 60);\n return confidence;\n}\n\n/**\n * Checks the health of the Merge Confidence API by attempting to authenticate with it.\n *\n * @returns Resolves when the API health check is completed successfully.\n *\n * @throws {ExternalHostError} if a timeout, connection reset error, authentication failure, or internal server error occurs during the request.\n *\n * @remarks\n * This function first checks that the API base URL and an authentication bearer token are defined before attempting to\n * authenticate with the API. If either the base URL or token is not defined, it will immediately return\n * without making a request.\n */\nexport async function initMergeConfidence(config: AllConfig): Promise<void> {\n initConfig(config);\n\n if (is.nullOrUndefined(apiBaseUrl) || is.nullOrUndefined(token)) {\n logger.trace('merge confidence API usage is disabled');\n return;\n }\n\n const url = joinUrlParts(apiBaseUrl, 'api/mc/availability');\n try {\n await http.get(url);\n } catch (err) {\n apiErrorHandler(err);\n }\n\n logger.debug(\n { supportedDatasources },\n 'merge confidence API - successfully authenticated',\n );\n return;\n}\n\nfunction getApiBaseUrl(mergeConfidenceEndpoint: string | undefined): string {\n const defaultBaseUrl = 'https://developer.mend.io/';\n const baseFromEnv = mergeConfidenceEndpoint ?? defaultBaseUrl;\n\n try {\n const parsedBaseUrl = new URL(baseFromEnv).toString();\n logger.trace(\n { baseUrl: parsedBaseUrl },\n 'using merge confidence API base found in environment variables',\n );\n return ensureTrailingSlash(parsedBaseUrl);\n } catch (err) {\n logger.warn(\n { err, baseFromEnv },\n 'invalid merge confidence API base URL found in environment variables - using default value instead',\n );\n return defaultBaseUrl;\n }\n}\n\nexport function getApiToken(): string | undefined {\n return hostRules.find({\n url: apiBaseUrl,\n hostType,\n })?.token;\n}\n\n/**\n * Handles errors returned by the Merge Confidence API.\n *\n * @param err - The error object returned by the API.\n * @throws {ExternalHostError} if a timeout or connection reset error, authentication failure, or internal server error occurs during the request.\n */\nfunction apiErrorHandler(err: any): void {\n if (err.code === 'ETIMEDOUT' || err.code === 'ECONNRESET') {\n logger.error({ err }, 'merge confidence API request failed - aborting run');\n throw new ExternalHostError(err, hostType);\n }\n\n if (err.statusCode === 403) {\n logger.error({ err }, 'merge confidence API token rejected - aborting run');\n throw new ExternalHostError(err, hostType);\n }\n\n if (err.statusCode >= 500 && err.statusCode < 600) {\n logger.error({ err }, 'merge confidence API failure: 5xx - aborting run');\n throw new ExternalHostError(err, hostType);\n }\n\n logger.warn({ err }, 'error fetching merge confidence data');\n}\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../lib/util/merge-confidence/index.ts"],"names":[],"mappings":";;;AA2BA,gCAaC;AAED,kCAIC;AAED,8CAEC;AAED,0DAEC;AAED,4DAKC;AA6BD,0DAyBC;AAoFD,kDAoBC;AAsBD,kCAKC;;AAtPD,kEAAkC;AAClC,qFAAoH;AAEpH,yCAAsC;AACtC,gFAA2E;AAC3E,uEAAiD;AACjD,iEAA2C;AAC3C,kCAA+B;AAC/B,yFAA4E;AAC5E,oCAAiC;AACjC,gCAA2D;AAC3D,qCAA4C;AAG5C,MAAM,QAAQ,GAAG,kBAAkB,CAAC;AACpC,MAAM,IAAI,GAAG,IAAI,WAAI,CAAC,QAAQ,CAAC,CAAC;AAChC,IAAI,KAAyB,CAAC;AAC9B,IAAI,UAA8B,CAAC;AACnC,IAAI,oBAAoB,GAAa,EAAE,CAAC;AAE3B,QAAA,gBAAgB,GAAoC;IAC/D,GAAG,EAAE,CAAC,CAAC;IACP,OAAO,EAAE,CAAC;IACV,IAAI,EAAE,CAAC;IACP,WAAW,EAAE,CAAC;CACf,CAAC;AAEF,SAAgB,UAAU,CAAC,EACzB,uBAAuB,EACvB,0BAA0B,GAChB;IACV,UAAU,GAAG,aAAa,CAAC,uBAAuB,CAAC,CAAC;IACpD,KAAK,GAAG,WAAW,EAAE,CAAC;IAEtB,oBAAoB;QAClB,0BAA0B,IAAI,uCAA0B,CAAC;IAE3D,IAAI,CAAC,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,eAAM,CAAC,KAAK,CAAC,oCAAoC,UAAU,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,SAAgB,WAAW;IACzB,KAAK,GAAG,SAAS,CAAC;IAClB,UAAU,GAAG,SAAS,CAAC;IACvB,oBAAoB,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,OAAO,yBAAgB,CAAC,QAAQ,CAAC,KAAwB,CAAC,CAAC;AAC7D,CAAC;AAED,SAAgB,uBAAuB,CAAC,UAAkB;IACxD,OAAO,iBAAiB,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,KAAK,CAAC;AAC/D,CAAC;AAED,SAAgB,wBAAwB,CACtC,UAA2B,EAC3B,iBAAkC;IAElC,OAAO,wBAAgB,CAAC,UAAU,CAAC,IAAI,wBAAgB,CAAC,iBAAiB,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,2BAA2B,GAC/B;IACE,GAAG,EAAE,MAAM;IACX,MAAM,EAAE,SAAS;IACjB,SAAS,EAAE,MAAM;IACjB,IAAI,EAAE,SAAS;IACf,mBAAmB,EAAE,SAAS;IAC9B,cAAc,EAAE,SAAS;IACzB,QAAQ,EAAE,SAAS;IACnB,WAAW,EAAE,SAAS;IACtB,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,IAAI;IACX,KAAK,EAAE,IAAI;CACZ,CAAC;AAEJ;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,uBAAuB,CAC3C,UAAkB,EAClB,WAAmB,EACnB,cAAsB,EACtB,UAAkB,EAClB,UAAsB;IAEtB,IAAI,YAAE,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,CAAC,CAAC,cAAc,IAAI,UAAU,IAAI,UAAU,CAAC,EAAE,CAAC;QAClD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,gBAAgB,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACjE,IAAI,gBAAgB,EAAE,CAAC;QACrB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,OAAO,MAAM,QAAQ,CAAC,UAAU,EAAE,WAAW,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;AAC7E,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,QAAQ,CACrB,UAAkB,EAClB,WAAmB,EACnB,cAAsB,EACtB,UAAkB;IAElB,qFAAqF;IACrF,IAAI,YAAE,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,kBAAkB,GAAG,WAAW,CAAC,OAAO,CAAC,IAAA,aAAK,EAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,IAAA,kBAAY,EACtB,UAAU,EACV,aAAa,EACb,UAAU,EACV,kBAAkB,EAClB,cAAc,EACd,UAAU,CACX,CAAC;IACF,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,GAAG,EAAE,CAAC;IACnC,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAEhE,qBAAqB;IACrB,IAAI,YAAY,EAAE,CAAC;QACjB,eAAM,CAAC,KAAK,CACV;YACE,UAAU;YACV,WAAW;YACX,cAAc;YACd,UAAU;YACV,YAAY;SACb,EACD,sCAAsC,CACvC,CAAC;QACF,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,UAAU,GAAoB,SAAS,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,CACV,MAAM,IAAI,CAAC,gBAAgB,CAAkC,GAAG,EAAE;YAChE,aAAa,EAAE,6CAAgB;SAChC,CAAC,CACH,CAAC,IAAI,CAAC;QACP,IAAI,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QAC9B,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAe,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,MAAM,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IAC3D,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,mBAAmB,CAAC,MAAiB;IACzD,UAAU,CAAC,MAAM,CAAC,CAAC;IAEnB,IAAI,YAAE,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,YAAE,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACvD,OAAO;IACT,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,kBAAY,EAAC,UAAU,EAAE,qBAAqB,CAAC,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAe,CAAC,GAAG,CAAC,CAAC;IACvB,CAAC;IAED,eAAM,CAAC,KAAK,CACV,EAAE,oBAAoB,EAAE,EACxB,mDAAmD,CACpD,CAAC;IACF,OAAO;AACT,CAAC;AAED,SAAS,aAAa,CAAC,uBAA2C;IAChE,MAAM,cAAc,GAAG,4BAA4B,CAAC;IACpD,MAAM,WAAW,GAAG,uBAAuB,IAAI,cAAc,CAAC;IAE9D,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;QACtD,eAAM,CAAC,KAAK,CACV,EAAE,OAAO,EAAE,aAAa,EAAE,EAC1B,gEAAgE,CACjE,CAAC;QACF,OAAO,IAAA,yBAAmB,EAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,WAAW,EAAE,EACpB,oGAAoG,CACrG,CAAC;QACF,OAAO,cAAc,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAgB,WAAW;IACzB,OAAO,SAAS,CAAC,IAAI,CAAC;QACpB,GAAG,EAAE,UAAU;QACf,QAAQ;KACT,CAAC,EAAE,KAAK,CAAC;AACZ,CAAC;AAED;;;;;GAKG;AACH,SAAS,eAAe,CAAC,GAAQ;IAC/B,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1D,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;QAC5E,MAAM,IAAI,uCAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;QAC5E,MAAM,IAAI,uCAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,IAAI,GAAG,CAAC,UAAU,GAAG,GAAG,EAAE,CAAC;QAClD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kDAAkD,CAAC,CAAC;QAC1E,MAAM,IAAI,uCAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,sCAAsC,CAAC,CAAC;AAC/D,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { supportedDatasources as presetSupportedDatasources } from '../../config/presets/internal/merge-confidence';\nimport type { AllConfig, UpdateType } from '../../config/types';\nimport { logger } from '../../logger';\nimport { ExternalHostError } from '../../types/errors/external-host-error';\nimport * as packageCache from '../cache/package';\nimport * as hostRules from '../host-rules';\nimport { Http } from '../http';\nimport { memCacheProvider } from '../http/cache/memory-http-cache-provider';\nimport { regEx } from '../regex';\nimport { ensureTrailingSlash, joinUrlParts } from '../url';\nimport { MERGE_CONFIDENCE } from './common';\nimport type { MergeConfidence } from './types';\n\nconst hostType = 'merge-confidence';\nconst http = new Http(hostType);\nlet token: string | undefined;\nlet apiBaseUrl: string | undefined;\nlet supportedDatasources: string[] = [];\n\nexport const confidenceLevels: Record<MergeConfidence, number> = {\n low: -1,\n neutral: 0,\n high: 1,\n 'very high': 2,\n};\n\nexport function initConfig({\n mergeConfidenceEndpoint,\n mergeConfidenceDatasources,\n}: AllConfig): void {\n apiBaseUrl = getApiBaseUrl(mergeConfidenceEndpoint);\n token = getApiToken();\n\n supportedDatasources =\n mergeConfidenceDatasources ?? presetSupportedDatasources;\n\n if (!is.nullOrUndefined(token)) {\n logger.debug(`Merge confidence token found for ${apiBaseUrl}`);\n }\n}\n\nexport function resetConfig(): void {\n token = undefined;\n apiBaseUrl = undefined;\n supportedDatasources = [];\n}\n\nexport function isMergeConfidence(value: string): value is MergeConfidence {\n return MERGE_CONFIDENCE.includes(value as MergeConfidence);\n}\n\nexport function isActiveConfidenceLevel(confidence: string): boolean {\n return isMergeConfidence(confidence) && confidence !== 'low';\n}\n\nexport function satisfiesConfidenceLevel(\n confidence: MergeConfidence,\n minimumConfidence: MergeConfidence,\n): boolean {\n return confidenceLevels[confidence] >= confidenceLevels[minimumConfidence];\n}\n\nconst updateTypeConfidenceMapping: Record<UpdateType, MergeConfidence | null> =\n {\n pin: 'high',\n digest: 'neutral',\n pinDigest: 'high',\n bump: 'neutral',\n lockFileMaintenance: 'neutral',\n lockfileUpdate: 'neutral',\n rollback: 'neutral',\n replacement: 'neutral',\n major: null,\n minor: null,\n patch: null,\n };\n\n/**\n * Retrieves the merge confidence of a package update if the merge confidence API is enabled. Otherwise, undefined is returned.\n *\n * @param datasource\n * @param packageName\n * @param currentVersion\n * @param newVersion\n * @param updateType\n *\n * @returns The merge confidence level for the given package release.\n * @throws {ExternalHostError} If a request has been made and an error occurs during the request, such as a timeout, connection reset, authentication failure, or internal server error.\n */\nexport async function getMergeConfidenceLevel(\n datasource: string,\n packageName: string,\n currentVersion: string,\n newVersion: string,\n updateType: UpdateType,\n): Promise<MergeConfidence | undefined> {\n if (is.nullOrUndefined(apiBaseUrl) || is.nullOrUndefined(token)) {\n return undefined;\n }\n\n if (!supportedDatasources.includes(datasource)) {\n return undefined;\n }\n\n if (!(currentVersion && newVersion && updateType)) {\n return 'neutral';\n }\n\n const mappedConfidence = updateTypeConfidenceMapping[updateType];\n if (mappedConfidence) {\n return mappedConfidence;\n }\n\n return await queryApi(datasource, packageName, currentVersion, newVersion);\n}\n\n/**\n * Queries the Merge Confidence API with the given package release information.\n *\n * @param datasource\n * @param packageName\n * @param currentVersion\n * @param newVersion\n *\n * @returns The merge confidence level for the given package release.\n * @throws {ExternalHostError} if a timeout or connection reset error, authentication failure, or internal server error occurs during the request.\n *\n * @remarks\n * Results are cached for 60 minutes to reduce the number of API calls.\n */\nasync function queryApi(\n datasource: string,\n packageName: string,\n currentVersion: string,\n newVersion: string,\n): Promise<MergeConfidence> {\n // istanbul ignore if: defensive, already been validated before calling this function\n if (is.nullOrUndefined(apiBaseUrl) || is.nullOrUndefined(token)) {\n return 'neutral';\n }\n\n const escapedPackageName = packageName.replace(regEx(/\\//g), '%2f');\n const url = joinUrlParts(\n apiBaseUrl,\n 'api/mc/json',\n datasource,\n escapedPackageName,\n currentVersion,\n newVersion,\n );\n const cacheKey = `${token}:${url}`;\n const cachedResult = await packageCache.get(hostType, cacheKey);\n\n // istanbul ignore if\n if (cachedResult) {\n logger.debug(\n {\n datasource,\n packageName,\n currentVersion,\n newVersion,\n cachedResult,\n },\n 'using merge confidence cached result',\n );\n return cachedResult;\n }\n\n let confidence: MergeConfidence = 'neutral';\n try {\n const res = (\n await http.getJsonUnchecked<{ confidence: MergeConfidence }>(url, {\n cacheProvider: memCacheProvider,\n })\n ).body;\n if (isMergeConfidence(res.confidence)) {\n confidence = res.confidence;\n }\n } catch (err) {\n apiErrorHandler(err);\n }\n\n await packageCache.set(hostType, cacheKey, confidence, 60);\n return confidence;\n}\n\n/**\n * Checks the health of the Merge Confidence API by attempting to authenticate with it.\n *\n * @returns Resolves when the API health check is completed successfully.\n *\n * @throws {ExternalHostError} if a timeout, connection reset error, authentication failure, or internal server error occurs during the request.\n *\n * @remarks\n * This function first checks that the API base URL and an authentication bearer token are defined before attempting to\n * authenticate with the API. If either the base URL or token is not defined, it will immediately return\n * without making a request.\n */\nexport async function initMergeConfidence(config: AllConfig): Promise<void> {\n initConfig(config);\n\n if (is.nullOrUndefined(apiBaseUrl) || is.nullOrUndefined(token)) {\n logger.trace('merge confidence API usage is disabled');\n return;\n }\n\n const url = joinUrlParts(apiBaseUrl, 'api/mc/availability');\n try {\n await http.get(url);\n } catch (err) {\n apiErrorHandler(err);\n }\n\n logger.debug(\n { supportedDatasources },\n 'merge confidence API - successfully authenticated',\n );\n return;\n}\n\nfunction getApiBaseUrl(mergeConfidenceEndpoint: string | undefined): string {\n const defaultBaseUrl = 'https://developer.mend.io/';\n const baseFromEnv = mergeConfidenceEndpoint ?? defaultBaseUrl;\n\n try {\n const parsedBaseUrl = new URL(baseFromEnv).toString();\n logger.trace(\n { baseUrl: parsedBaseUrl },\n 'using merge confidence API base found in environment variables',\n );\n return ensureTrailingSlash(parsedBaseUrl);\n } catch (err) {\n logger.warn(\n { err, baseFromEnv },\n 'invalid merge confidence API base URL found in environment variables - using default value instead',\n );\n return defaultBaseUrl;\n }\n}\n\nexport function getApiToken(): string | undefined {\n return hostRules.find({\n url: apiBaseUrl,\n hostType,\n })?.token;\n}\n\n/**\n * Handles errors returned by the Merge Confidence API.\n *\n * @param err - The error object returned by the API.\n * @throws {ExternalHostError} if a timeout or connection reset error, authentication failure, or internal server error occurs during the request.\n */\nfunction apiErrorHandler(err: any): void {\n if (err.code === 'ETIMEDOUT' || err.code === 'ECONNRESET') {\n logger.error({ err }, 'merge confidence API request failed - aborting run');\n throw new ExternalHostError(err, hostType);\n }\n\n if (err.statusCode === 403) {\n logger.error({ err }, 'merge confidence API token rejected - aborting run');\n throw new ExternalHostError(err, hostType);\n }\n\n if (err.statusCode >= 500 && err.statusCode < 600) {\n logger.error({ err }, 'merge confidence API failure: 5xx - aborting run');\n throw new ExternalHostError(err, hostType);\n }\n\n logger.warn({ err }, 'error fetching merge confidence data');\n}\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "renovate",
3
3
  "description": "Automated dependency updates. Flexible so you don't need to be.",
4
- "version": "40.8.1",
4
+ "version": "40.9.0",
5
5
  "type": "commonjs",
6
6
  "bin": {
7
7
  "renovate": "dist/renovate.js",
package/renovate-schema.json CHANGED
@@ -1151,7 +1151,7 @@
1151
1151
  "dockerSidecarImage": {
1152
1152
  "description": "Change this value to override the default Renovate sidecar image.",
1153
1153
  "type": "string",
1154
- "default": "ghcr.io/containerbase/sidecar:13.8.21"
1154
+ "default": "ghcr.io/containerbase/sidecar:13.8.22"
1155
1155
  },
1156
1156
  "dockerUser": {
1157
1157
  "description": "Set the `UID` and `GID` for Docker-based binaries if you use `binarySource=docker`.",