renovate 41.0.0-next.21 → 41.0.0-next.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (399) hide show
  1. package/dist/config/decrypt.js +5 -3
  2. package/dist/config/decrypt.js.map +1 -1
  3. package/dist/config/options/index.js +45 -3
  4. package/dist/config/options/index.js.map +1 -1
  5. package/dist/config/presets/github/index.js +2 -2
  6. package/dist/config/presets/github/index.js.map +1 -1
  7. package/dist/config/presets/internal/group.js +21 -0
  8. package/dist/config/presets/internal/group.js.map +1 -1
  9. package/dist/config/presets/internal/workarounds.js +11 -0
  10. package/dist/config/presets/internal/workarounds.js.map +1 -1
  11. package/dist/config/secrets.d.ts +2 -0
  12. package/dist/config/secrets.js +10 -77
  13. package/dist/config/secrets.js.map +1 -1
  14. package/dist/config/types.d.ts +9 -1
  15. package/dist/config/types.js.map +1 -1
  16. package/dist/config-validator.js +4 -2
  17. package/dist/config-validator.js.map +1 -1
  18. package/dist/data/monorepo.json +10 -1
  19. package/dist/data-files.generated.d.ts +1 -1
  20. package/dist/data-files.generated.js +2 -1
  21. package/dist/data-files.generated.js.map +1 -1
  22. package/dist/instrumentation/index.js +5 -3
  23. package/dist/instrumentation/index.js.map +1 -1
  24. package/dist/instrumentation/reporting.d.ts +2 -2
  25. package/dist/instrumentation/reporting.js +3 -7
  26. package/dist/instrumentation/reporting.js.map +1 -1
  27. package/dist/instrumentation/types.d.ts +11 -5
  28. package/dist/instrumentation/types.js.map +1 -1
  29. package/dist/instrumentation/utils.js +3 -2
  30. package/dist/instrumentation/utils.js.map +1 -1
  31. package/dist/logger/once.js +2 -0
  32. package/dist/logger/once.js.map +1 -1
  33. package/dist/modules/datasource/aws-eks-addon/schema.d.ts +14 -38
  34. package/dist/modules/datasource/aws-eks-addon/schema.js +11 -22
  35. package/dist/modules/datasource/aws-eks-addon/schema.js.map +1 -1
  36. package/dist/modules/datasource/cdnjs/index.js +2 -1
  37. package/dist/modules/datasource/cdnjs/index.js.map +1 -1
  38. package/dist/modules/datasource/crate/index.js +7 -2
  39. package/dist/modules/datasource/crate/index.js.map +1 -1
  40. package/dist/modules/datasource/docker/ecr.js +2 -2
  41. package/dist/modules/datasource/docker/ecr.js.map +1 -1
  42. package/dist/modules/datasource/docker/index.js +26 -9
  43. package/dist/modules/datasource/docker/index.js.map +1 -1
  44. package/dist/modules/datasource/docker/schema.d.ts +9 -87
  45. package/dist/modules/datasource/docker/schema.js +1 -1
  46. package/dist/modules/datasource/docker/schema.js.map +1 -1
  47. package/dist/modules/datasource/git-refs/base.js +2 -6
  48. package/dist/modules/datasource/git-refs/base.js.map +1 -1
  49. package/dist/modules/datasource/go/goproxy-parser.js +6 -2
  50. package/dist/modules/datasource/go/goproxy-parser.js.map +1 -1
  51. package/dist/modules/datasource/go/index.js +4 -2
  52. package/dist/modules/datasource/go/index.js.map +1 -1
  53. package/dist/modules/datasource/go/releases-goproxy.js +3 -2
  54. package/dist/modules/datasource/go/releases-goproxy.js.map +1 -1
  55. package/dist/modules/datasource/index.js +1 -1
  56. package/dist/modules/datasource/index.js.map +1 -1
  57. package/dist/modules/datasource/maven/index.js +5 -19
  58. package/dist/modules/datasource/maven/index.js.map +1 -1
  59. package/dist/modules/datasource/maven/util.js +8 -1
  60. package/dist/modules/datasource/maven/util.js.map +1 -1
  61. package/dist/modules/datasource/npm/get.js +2 -1
  62. package/dist/modules/datasource/npm/get.js.map +1 -1
  63. package/dist/modules/datasource/npm/npmrc.js +2 -1
  64. package/dist/modules/datasource/npm/npmrc.js.map +1 -1
  65. package/dist/modules/datasource/nuget/v3.js +3 -2
  66. package/dist/modules/datasource/nuget/v3.js.map +1 -1
  67. package/dist/modules/datasource/pod/index.js +3 -1
  68. package/dist/modules/datasource/pod/index.js.map +1 -1
  69. package/dist/modules/datasource/pypi/index.js +2 -1
  70. package/dist/modules/datasource/pypi/index.js.map +1 -1
  71. package/dist/modules/datasource/types.d.ts +2 -1
  72. package/dist/modules/datasource/types.js.map +1 -1
  73. package/dist/modules/manager/asdf/upgradeable-tooling.js +8 -0
  74. package/dist/modules/manager/asdf/upgradeable-tooling.js.map +1 -1
  75. package/dist/modules/manager/bazel/rules/git.d.ts +7 -7
  76. package/dist/modules/manager/bazel/rules/git.js +6 -1
  77. package/dist/modules/manager/bazel/rules/git.js.map +1 -1
  78. package/dist/modules/manager/bazel-module/bazelrc.d.ts +2 -0
  79. package/dist/modules/manager/bazel-module/bazelrc.js +30 -1
  80. package/dist/modules/manager/bazel-module/bazelrc.js.map +1 -1
  81. package/dist/modules/manager/bazel-module/parser/rules.js +1 -0
  82. package/dist/modules/manager/bazel-module/parser/rules.js.map +1 -1
  83. package/dist/modules/manager/bazel-module/rules.d.ts +62 -24
  84. package/dist/modules/manager/bazel-module/rules.js +10 -4
  85. package/dist/modules/manager/bazel-module/rules.js.map +1 -1
  86. package/dist/modules/manager/cargo/extract.js +2 -1
  87. package/dist/modules/manager/cargo/extract.js.map +1 -1
  88. package/dist/modules/manager/composer/schema.js +1 -1
  89. package/dist/modules/manager/composer/schema.js.map +1 -1
  90. package/dist/modules/manager/docker-compose/extract.js +2 -0
  91. package/dist/modules/manager/docker-compose/extract.js.map +1 -1
  92. package/dist/modules/manager/docker-compose/schema.d.ts +120 -9
  93. package/dist/modules/manager/docker-compose/schema.js +35 -4
  94. package/dist/modules/manager/docker-compose/schema.js.map +1 -1
  95. package/dist/modules/manager/fingerprint.generated.js +19 -19
  96. package/dist/modules/manager/fingerprint.generated.js.map +1 -1
  97. package/dist/modules/manager/fleet/extract.js +2 -2
  98. package/dist/modules/manager/fleet/extract.js.map +1 -1
  99. package/dist/modules/manager/fleet/schema.d.ts +5 -5
  100. package/dist/modules/manager/fleet/schema.js +1 -1
  101. package/dist/modules/manager/fleet/schema.js.map +1 -1
  102. package/dist/modules/manager/flux/extract.js +1 -1
  103. package/dist/modules/manager/flux/extract.js.map +1 -1
  104. package/dist/modules/manager/git-submodules/extract.js +2 -6
  105. package/dist/modules/manager/git-submodules/extract.js.map +1 -1
  106. package/dist/modules/manager/git-submodules/update.js +3 -7
  107. package/dist/modules/manager/git-submodules/update.js.map +1 -1
  108. package/dist/modules/manager/github-actions/extract.js +1 -1
  109. package/dist/modules/manager/github-actions/extract.js.map +1 -1
  110. package/dist/modules/manager/gleam/artifacts.js +5 -1
  111. package/dist/modules/manager/gleam/artifacts.js.map +1 -1
  112. package/dist/modules/manager/gomod/artifacts.js +8 -6
  113. package/dist/modules/manager/gomod/artifacts.js.map +1 -1
  114. package/dist/modules/manager/gradle/extract.js +4 -1
  115. package/dist/modules/manager/gradle/extract.js.map +1 -1
  116. package/dist/modules/manager/gradle/utils.js +8 -14
  117. package/dist/modules/manager/gradle/utils.js.map +1 -1
  118. package/dist/modules/manager/helmfile/utils.js +1 -1
  119. package/dist/modules/manager/helmfile/utils.js.map +1 -1
  120. package/dist/modules/manager/helmv3/artifacts.js +8 -2
  121. package/dist/modules/manager/helmv3/artifacts.js.map +1 -1
  122. package/dist/modules/manager/helmv3/common.d.ts +1 -1
  123. package/dist/modules/manager/helmv3/common.js +9 -3
  124. package/dist/modules/manager/helmv3/common.js.map +1 -1
  125. package/dist/modules/manager/hermit/artifacts.js +2 -2
  126. package/dist/modules/manager/hermit/artifacts.js.map +1 -1
  127. package/dist/modules/manager/kubernetes/extract.js +2 -2
  128. package/dist/modules/manager/kubernetes/extract.js.map +1 -1
  129. package/dist/modules/manager/kustomize/artifacts.js +1 -1
  130. package/dist/modules/manager/kustomize/artifacts.js.map +1 -1
  131. package/dist/modules/manager/maven/extract.d.ts +1 -1
  132. package/dist/modules/manager/maven/extract.js +82 -24
  133. package/dist/modules/manager/maven/extract.js.map +1 -1
  134. package/dist/modules/manager/maven/index.d.ts +0 -1
  135. package/dist/modules/manager/maven/index.js +2 -4
  136. package/dist/modules/manager/maven/index.js.map +1 -1
  137. package/dist/modules/manager/maven/update.js +15 -0
  138. package/dist/modules/manager/maven/update.js.map +1 -1
  139. package/dist/modules/manager/mise/backends.d.ts +48 -0
  140. package/dist/modules/manager/mise/backends.js +219 -0
  141. package/dist/modules/manager/mise/backends.js.map +1 -0
  142. package/dist/modules/manager/mise/extract.js +77 -10
  143. package/dist/modules/manager/mise/extract.js.map +1 -1
  144. package/dist/modules/manager/mise/index.js +37 -2
  145. package/dist/modules/manager/mise/index.js.map +1 -1
  146. package/dist/modules/manager/mise/schema.d.ts +24 -0
  147. package/dist/modules/manager/mise/schema.js +7 -1
  148. package/dist/modules/manager/mise/schema.js.map +1 -1
  149. package/dist/modules/manager/mise/upgradeable-tooling.js +210 -1
  150. package/dist/modules/manager/mise/upgradeable-tooling.js.map +1 -1
  151. package/dist/modules/manager/mix/artifacts.js +5 -0
  152. package/dist/modules/manager/mix/artifacts.js.map +1 -1
  153. package/dist/modules/manager/npm/extract/index.js +27 -24
  154. package/dist/modules/manager/npm/extract/index.js.map +1 -1
  155. package/dist/modules/manager/npm/post-update/index.js +9 -3
  156. package/dist/modules/manager/npm/post-update/index.js.map +1 -1
  157. package/dist/modules/manager/npm/post-update/npm.js +8 -5
  158. package/dist/modules/manager/npm/post-update/npm.js.map +1 -1
  159. package/dist/modules/manager/npm/post-update/pnpm.js +4 -0
  160. package/dist/modules/manager/npm/post-update/pnpm.js.map +1 -1
  161. package/dist/modules/manager/npm/post-update/utils.js +17 -0
  162. package/dist/modules/manager/npm/post-update/utils.js.map +1 -1
  163. package/dist/modules/manager/npm/post-update/yarn.js +7 -5
  164. package/dist/modules/manager/npm/post-update/yarn.js.map +1 -1
  165. package/dist/modules/manager/npm/schema.d.ts +116 -0
  166. package/dist/modules/manager/npm/schema.js +9 -0
  167. package/dist/modules/manager/npm/schema.js.map +1 -1
  168. package/dist/modules/manager/npm/utils.js +1 -1
  169. package/dist/modules/manager/npm/utils.js.map +1 -1
  170. package/dist/modules/manager/nuget/util.js +9 -0
  171. package/dist/modules/manager/nuget/util.js.map +1 -1
  172. package/dist/modules/manager/pep621/processors/uv.js +1 -1
  173. package/dist/modules/manager/pep621/processors/uv.js.map +1 -1
  174. package/dist/modules/manager/pip-compile/artifacts.js +6 -4
  175. package/dist/modules/manager/pip-compile/artifacts.js.map +1 -1
  176. package/dist/modules/manager/pip_requirements/common.js +2 -1
  177. package/dist/modules/manager/pip_requirements/common.js.map +1 -1
  178. package/dist/modules/manager/poetry/schema.js +2 -1
  179. package/dist/modules/manager/poetry/schema.js.map +1 -1
  180. package/dist/modules/manager/pre-commit/index.js +2 -1
  181. package/dist/modules/manager/pre-commit/index.js.map +1 -1
  182. package/dist/modules/manager/renovate-config-presets/index.d.ts +1 -1
  183. package/dist/modules/manager/renovate-config-presets/index.js +1 -3
  184. package/dist/modules/manager/renovate-config-presets/index.js.map +1 -1
  185. package/dist/modules/manager/terraform/extractors/others/modules.js +4 -9
  186. package/dist/modules/manager/terraform/extractors/others/modules.js.map +1 -1
  187. package/dist/modules/manager/terraform/extractors/resources/generic-docker-image-ref.d.ts +1 -0
  188. package/dist/modules/manager/terraform/extractors/resources/generic-docker-image-ref.js +9 -4
  189. package/dist/modules/manager/terraform/extractors/resources/generic-docker-image-ref.js.map +1 -1
  190. package/dist/modules/manager/terraform/extractors/resources/utils.d.ts +1 -0
  191. package/dist/modules/manager/terraform/extractors/resources/utils.js +4 -1
  192. package/dist/modules/manager/terraform/extractors/resources/utils.js.map +1 -1
  193. package/dist/modules/manager/terraform/hcl/types.d.ts +1 -0
  194. package/dist/modules/manager/terraform/hcl/types.js.map +1 -1
  195. package/dist/modules/manager/types.d.ts +3 -0
  196. package/dist/modules/manager/types.js.map +1 -1
  197. package/dist/modules/platform/bitbucket-server/index.js +4 -2
  198. package/dist/modules/platform/bitbucket-server/index.js.map +1 -1
  199. package/dist/modules/platform/codecommit/codecommit-client.js +7 -5
  200. package/dist/modules/platform/codecommit/codecommit-client.js.map +1 -1
  201. package/dist/modules/platform/codecommit/index.js +7 -5
  202. package/dist/modules/platform/codecommit/index.js.map +1 -1
  203. package/dist/modules/platform/default-scm.d.ts +1 -0
  204. package/dist/modules/platform/default-scm.js +3 -0
  205. package/dist/modules/platform/default-scm.js.map +1 -1
  206. package/dist/modules/platform/gerrit/client.d.ts +6 -7
  207. package/dist/modules/platform/gerrit/client.js +58 -38
  208. package/dist/modules/platform/gerrit/client.js.map +1 -1
  209. package/dist/modules/platform/gerrit/index.d.ts +4 -3
  210. package/dist/modules/platform/gerrit/index.js +103 -42
  211. package/dist/modules/platform/gerrit/index.js.map +1 -1
  212. package/dist/modules/platform/gerrit/scm.d.ts +1 -1
  213. package/dist/modules/platform/gerrit/scm.js +56 -34
  214. package/dist/modules/platform/gerrit/scm.js.map +1 -1
  215. package/dist/modules/platform/gerrit/types.d.ts +23 -12
  216. package/dist/modules/platform/gerrit/types.js.map +1 -1
  217. package/dist/modules/platform/gerrit/utils.d.ts +8 -4
  218. package/dist/modules/platform/gerrit/utils.js +24 -12
  219. package/dist/modules/platform/gerrit/utils.js.map +1 -1
  220. package/dist/modules/platform/gitea/index.js +7 -2
  221. package/dist/modules/platform/gitea/index.js.map +1 -1
  222. package/dist/modules/platform/gitea/types.d.ts +2 -1
  223. package/dist/modules/platform/gitea/types.js.map +1 -1
  224. package/dist/modules/platform/github/index.js +12 -26
  225. package/dist/modules/platform/github/index.js.map +1 -1
  226. package/dist/modules/platform/gitlab/code-owners.d.ts +2 -0
  227. package/dist/modules/platform/gitlab/code-owners.js +38 -0
  228. package/dist/modules/platform/gitlab/code-owners.js.map +1 -0
  229. package/dist/modules/platform/gitlab/index.d.ts +2 -1
  230. package/dist/modules/platform/gitlab/index.js +29 -56
  231. package/dist/modules/platform/gitlab/index.js.map +1 -1
  232. package/dist/modules/platform/gitlab/pr-cache.d.ts +21 -0
  233. package/dist/modules/platform/gitlab/pr-cache.js +124 -0
  234. package/dist/modules/platform/gitlab/pr-cache.js.map +1 -0
  235. package/dist/modules/platform/gitlab/types.d.ts +7 -0
  236. package/dist/modules/platform/gitlab/types.js.map +1 -1
  237. package/dist/modules/platform/gitlab/utils.js +1 -0
  238. package/dist/modules/platform/gitlab/utils.js.map +1 -1
  239. package/dist/modules/platform/types.d.ts +8 -0
  240. package/dist/modules/platform/types.js.map +1 -1
  241. package/dist/modules/versioning/api.js +2 -0
  242. package/dist/modules/versioning/api.js.map +1 -1
  243. package/dist/modules/versioning/cargo/index.js +20 -0
  244. package/dist/modules/versioning/cargo/index.js.map +1 -1
  245. package/dist/modules/versioning/composer/index.js +4 -0
  246. package/dist/modules/versioning/composer/index.js.map +1 -1
  247. package/dist/modules/versioning/lambda-node/index.d.ts +8 -0
  248. package/dist/modules/versioning/lambda-node/index.js +27 -0
  249. package/dist/modules/versioning/lambda-node/index.js.map +1 -0
  250. package/dist/modules/versioning/lambda-node/schedule.d.ts +10 -0
  251. package/dist/modules/versioning/lambda-node/schedule.js +19 -0
  252. package/dist/modules/versioning/lambda-node/schedule.js.map +1 -0
  253. package/dist/modules/versioning/npm/index.js +2 -0
  254. package/dist/modules/versioning/npm/index.js.map +1 -1
  255. package/dist/modules/versioning/npm/range.js +4 -0
  256. package/dist/modules/versioning/npm/range.js.map +1 -1
  257. package/dist/modules/versioning/pep440/index.js +1 -1
  258. package/dist/modules/versioning/pep440/index.js.map +1 -1
  259. package/dist/modules/versioning/python/index.d.ts +1 -0
  260. package/dist/modules/versioning/python/index.js +9 -0
  261. package/dist/modules/versioning/python/index.js.map +1 -1
  262. package/dist/modules/versioning/semver/index.d.ts +1 -0
  263. package/dist/modules/versioning/semver/index.js +15 -0
  264. package/dist/modules/versioning/semver/index.js.map +1 -1
  265. package/dist/modules/versioning/semver-coerced/index.js +9 -0
  266. package/dist/modules/versioning/semver-coerced/index.js.map +1 -1
  267. package/dist/modules/versioning/types.d.ts +1 -0
  268. package/dist/modules/versioning/types.js.map +1 -1
  269. package/dist/util/cache/memory/index.d.ts +1 -0
  270. package/dist/util/cache/memory/index.js +17 -6
  271. package/dist/util/cache/memory/index.js.map +1 -1
  272. package/dist/util/cache/package/index.js +2 -1
  273. package/dist/util/cache/package/index.js.map +1 -1
  274. package/dist/util/cache/package/key.js +1 -1
  275. package/dist/util/cache/package/key.js.map +1 -1
  276. package/dist/util/cache/package/types.d.ts +2 -2
  277. package/dist/util/cache/package/types.js.map +1 -1
  278. package/dist/util/cache/repository/impl/s3.js +2 -1
  279. package/dist/util/cache/repository/impl/s3.js.map +1 -1
  280. package/dist/util/cache/repository/types.d.ts +3 -0
  281. package/dist/util/cache/repository/types.js.map +1 -1
  282. package/dist/util/env.d.ts +6 -0
  283. package/dist/util/env.js +13 -0
  284. package/dist/util/env.js.map +1 -1
  285. package/dist/util/exec/common.js +2 -1
  286. package/dist/util/exec/common.js.map +1 -1
  287. package/dist/util/exec/containerbase.js +2 -1
  288. package/dist/util/exec/containerbase.js.map +1 -1
  289. package/dist/util/exec/env.js +1 -0
  290. package/dist/util/exec/env.js.map +1 -1
  291. package/dist/util/exec/utils.d.ts +1 -1
  292. package/dist/util/exec/utils.js +1 -1
  293. package/dist/util/exec/utils.js.map +1 -1
  294. package/dist/util/fs/index.js +2 -2
  295. package/dist/util/fs/index.js.map +1 -1
  296. package/dist/util/git/auth.js +4 -2
  297. package/dist/util/git/auth.js.map +1 -1
  298. package/dist/util/git/error.js +2 -1
  299. package/dist/util/git/error.js.map +1 -1
  300. package/dist/util/git/index.d.ts +20 -0
  301. package/dist/util/git/index.js +140 -10
  302. package/dist/util/git/index.js.map +1 -1
  303. package/dist/util/git/types.d.ts +1 -0
  304. package/dist/util/git/types.js.map +1 -1
  305. package/dist/util/github/graphql/datasource-fetcher.js +2 -3
  306. package/dist/util/github/graphql/datasource-fetcher.js.map +1 -1
  307. package/dist/util/github/graphql/query-adapters/tags-query-adapter.d.ts +48 -2
  308. package/dist/util/github/graphql/query-adapters/tags-query-adapter.js +27 -7
  309. package/dist/util/github/graphql/query-adapters/tags-query-adapter.js.map +1 -1
  310. package/dist/util/host-rules.js +4 -3
  311. package/dist/util/host-rules.js.map +1 -1
  312. package/dist/util/http/cache/package-http-cache-provider.d.ts +4 -4
  313. package/dist/util/http/cache/package-http-cache-provider.js +4 -4
  314. package/dist/util/http/cache/package-http-cache-provider.js.map +1 -1
  315. package/dist/util/http/github.js +20 -12
  316. package/dist/util/http/github.js.map +1 -1
  317. package/dist/util/http/gitlab.js +2 -1
  318. package/dist/util/http/gitlab.js.map +1 -1
  319. package/dist/util/http/http.js +7 -3
  320. package/dist/util/http/http.js.map +1 -1
  321. package/dist/util/interpolator.d.ts +8 -0
  322. package/dist/util/interpolator.js +85 -0
  323. package/dist/util/interpolator.js.map +1 -0
  324. package/dist/util/merge-confidence/index.js +4 -1
  325. package/dist/util/merge-confidence/index.js.map +1 -1
  326. package/dist/util/promises.d.ts +4 -4
  327. package/dist/util/promises.js +3 -4
  328. package/dist/util/promises.js.map +1 -1
  329. package/dist/util/regex.js +3 -2
  330. package/dist/util/regex.js.map +1 -1
  331. package/dist/util/{schema-utils.d.ts → schema-utils/index.d.ts} +2 -2
  332. package/dist/util/{schema-utils.js → schema-utils/index.js} +5 -5
  333. package/dist/util/schema-utils/index.js.map +1 -0
  334. package/dist/util/schema-utils/v4.d.ts +7 -0
  335. package/dist/util/schema-utils/v4.js +64 -0
  336. package/dist/util/schema-utils/v4.js.map +1 -0
  337. package/dist/util/stats.d.ts +13 -2
  338. package/dist/util/stats.js +38 -27
  339. package/dist/util/stats.js.map +1 -1
  340. package/dist/workers/global/config/parse/codespaces.js +7 -4
  341. package/dist/workers/global/config/parse/codespaces.js.map +1 -1
  342. package/dist/workers/global/index.js +7 -5
  343. package/dist/workers/global/index.js.map +1 -1
  344. package/dist/workers/repository/config-migration/branch/migrated-data.js +1 -1
  345. package/dist/workers/repository/config-migration/branch/migrated-data.js.map +1 -1
  346. package/dist/workers/repository/dependency-dashboard.d.ts +1 -0
  347. package/dist/workers/repository/dependency-dashboard.js +47 -0
  348. package/dist/workers/repository/dependency-dashboard.js.map +1 -1
  349. package/dist/workers/repository/index.js +1 -0
  350. package/dist/workers/repository/index.js.map +1 -1
  351. package/dist/workers/repository/init/inherited.js +10 -6
  352. package/dist/workers/repository/init/inherited.js.map +1 -1
  353. package/dist/workers/repository/init/merge.d.ts +2 -2
  354. package/dist/workers/repository/init/merge.js +12 -5
  355. package/dist/workers/repository/init/merge.js.map +1 -1
  356. package/dist/workers/repository/package-files.js +11 -1
  357. package/dist/workers/repository/package-files.js.map +1 -1
  358. package/dist/workers/repository/process/extract-update.d.ts +1 -1
  359. package/dist/workers/repository/process/extract-update.js +15 -10
  360. package/dist/workers/repository/process/extract-update.js.map +1 -1
  361. package/dist/workers/repository/process/index.d.ts +1 -1
  362. package/dist/workers/repository/process/index.js +6 -3
  363. package/dist/workers/repository/process/index.js.map +1 -1
  364. package/dist/workers/repository/process/libyear.js +15 -7
  365. package/dist/workers/repository/process/libyear.js.map +1 -1
  366. package/dist/workers/repository/process/lookup/abandonment.d.ts +3 -0
  367. package/dist/workers/repository/process/lookup/abandonment.js +50 -0
  368. package/dist/workers/repository/process/lookup/abandonment.js.map +1 -0
  369. package/dist/workers/repository/process/lookup/current.js +0 -5
  370. package/dist/workers/repository/process/lookup/current.js.map +1 -1
  371. package/dist/workers/repository/process/lookup/generate.js +10 -0
  372. package/dist/workers/repository/process/lookup/generate.js.map +1 -1
  373. package/dist/workers/repository/process/lookup/index.js +7 -0
  374. package/dist/workers/repository/process/lookup/index.js.map +1 -1
  375. package/dist/workers/repository/process/lookup/timestamps.d.ts +4 -4
  376. package/dist/workers/repository/process/lookup/timestamps.js +10 -10
  377. package/dist/workers/repository/process/lookup/timestamps.js.map +1 -1
  378. package/dist/workers/repository/process/lookup/types.d.ts +4 -0
  379. package/dist/workers/repository/process/lookup/types.js.map +1 -1
  380. package/dist/workers/repository/update/branch/auto-replace.js +30 -7
  381. package/dist/workers/repository/update/branch/auto-replace.js.map +1 -1
  382. package/dist/workers/repository/update/branch/bump-versions.d.ts +2 -0
  383. package/dist/workers/repository/update/branch/bump-versions.js +192 -0
  384. package/dist/workers/repository/update/branch/bump-versions.js.map +1 -0
  385. package/dist/workers/repository/update/branch/execute-post-upgrade-commands.js +14 -8
  386. package/dist/workers/repository/update/branch/execute-post-upgrade-commands.js.map +1 -1
  387. package/dist/workers/repository/update/branch/get-updated.js +3 -4
  388. package/dist/workers/repository/update/branch/get-updated.js.map +1 -1
  389. package/dist/workers/repository/update/branch/index.js +3 -0
  390. package/dist/workers/repository/update/branch/index.js.map +1 -1
  391. package/dist/workers/repository/update/pr/changelog/release-notes.js +23 -19
  392. package/dist/workers/repository/update/pr/changelog/release-notes.js.map +1 -1
  393. package/dist/workers/repository/update/pr/code-owners.js +13 -9
  394. package/dist/workers/repository/update/pr/code-owners.js.map +1 -1
  395. package/dist/workers/repository/updates/generate.js +1 -0
  396. package/dist/workers/repository/updates/generate.js.map +1 -1
  397. package/package.json +75 -80
  398. package/renovate-schema.json +78 -14
  399. package/dist/util/schema-utils.js.map +0 -1
package/dist/config/decrypt.js CHANGED
@@ -9,6 +9,7 @@ const tslib_1 = require("tslib");
9
9
  const is_1 = tslib_1.__importDefault(require("@sindresorhus/is"));
10
10
  const error_messages_1 = require("../constants/error-messages");
11
11
  const logger_1 = require("../logger");
12
+ const env_1 = require("../util/env");
12
13
  const regex_1 = require("../util/regex");
13
14
  const sanitize_1 = require("../util/sanitize");
14
15
  const url_1 = require("../util/url");
@@ -26,7 +27,7 @@ function setPrivateKeys(pKey, pKeyOld) {
26
27
  async function tryDecrypt(key, encryptedStr, repository, keyName) {
27
28
  let decryptedStr = null;
28
29
  if (key?.startsWith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) {
29
- const decryptedObjStr = process.env.RENOVATE_X_USE_OPENPGP === 'true'
30
+ const decryptedObjStr = (0, env_1.getEnv)().RENOVATE_X_USE_OPENPGP === 'true'
30
31
  ? await (0, openpgp_1.tryDecryptOpenPgp)(key, encryptedStr)
31
32
  : await (0, kbpgp_1.tryDecryptKbPgp)(key, encryptedStr);
32
33
  if (decryptedObjStr) {
@@ -151,12 +152,13 @@ async function decryptConfig(config, repository, existingPath = '$') {
151
152
  }
152
153
  }
153
154
  else {
154
- if (process.env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {
155
+ const env = (0, env_1.getEnv)();
156
+ if (env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {
155
157
  const error = new Error(error_messages_1.CONFIG_VALIDATION);
156
158
  error.validationSource = 'config';
157
159
  error.validationError = 'Encrypted config unsupported';
158
160
  error.validationMessage = `This config contains an encrypted object at location \`$.${key}\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \`privateKey\` in Global Configuration.`;
159
- if (process.env.MEND_HOSTED === 'true') {
161
+ if (env.MEND_HOSTED === 'true') {
160
162
  error.validationMessage = `Mend-hosted Renovate Apps no longer support the use of encrypted secrets in Renovate file config (e.g. renovate.json).
161
163
  Please migrate all secrets to the Developer Portal using the web UI available at https://developer.mend.io/
162
164
 
package/dist/config/decrypt.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../lib/config/decrypt.ts"],"names":[],"mappings":";;AAmBA,wCAMC;AAED,gCAmCC;AAED,wDAqFC;AAED,sCA4FC;AAED,gDAyBC;;AA9QD,kEAAkC;AAClC,gEAAgE;AAChE,sCAAmC;AACnC,yCAAsC;AACtC,+CAA0D;AAC1D,qCAAyE;AACzE,2CAAkD;AAClD,6CAG0B;AAC1B,+CAAsD;AACtD,qCAAwC;AACxC,qCAA2C;AAG3C,IAAI,UAA8B,CAAC;AACnC,IAAI,aAAiC,CAAC;AAEtC,SAAgB,cAAc,CAC5B,IAAwB,EACxB,OAA2B;IAE3B,UAAU,GAAG,IAAI,CAAC;IAClB,aAAa,GAAG,OAAO,CAAC;AAC1B,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,YAAoB,EACpB,UAAkB,EAClB,OAAe;IAEf,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,GAAG,EAAE,UAAU,CAAC,uCAAuC,CAAC,EAAE,CAAC;QAC7D,MAAM,eAAe,GACnB,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,MAAM;YAC3C,CAAC,CAAC,MAAM,IAAA,2BAAiB,EAAC,GAAG,EAAE,YAAY,CAAC;YAC5C,CAAC,CAAC,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC/C,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,GAAG,sBAAsB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,YAAY,GAAG,IAAA,mCAA0B,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC7D,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,6FAA6F,CAC9F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,IAAA,iCAAwB,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YAC3D,qCAAqC;YACrC,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,2FAA2F,CAC5F,CAAC;YACJ,CAAC;YACD,oBAAoB;QACtB,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,wBAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,mCAAmC,CAAC;YAC5D,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEhD,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;QAC7C,IAAI,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;YACvC,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,IAAI,UAAU,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,WAAW,GAAG,GAAG;aACpB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,yBAAmB,EAAC,CAAC,CAAC,CAAC,CAAC;QAEtC,IAAI,YAAE,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAChD,GAAG,SAAS,GAAG,IAAI,EAAE,CAAC,WAAW,EAAE,CACpC,CAAC;YACF,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;gBAC9B,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;oBACtC,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,EACf,4CAA4C,CAC7C,CAAC;YACF,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,KAAK,CAAC,eAAe,GAAG,0DAA0D,WAAW,IAAI,CAAC;YAClG,MAAM,KAAK,CAAC;QACd,CAAC;QAED,4BAA4B;QAC5B,MAAM,KAAK,GACT,eAAe,KAAK,SAAS;YAC3B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAA,yBAAmB,EAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACzD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9B,IACE,WAAW,CAAC,IAAI,CACd,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,KAAK,CAC/D,EACD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,EAAE,qCAAqC,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,KAAK,CAAC,eAAe,GAAG,mDAAmD,WAAW,IAAI,CAAC;QAC3F,MAAM,KAAK,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,UAAkB,EAClB,YAAY,GAAG,GAAG;IAElB,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,GAAG,KAAK,WAAW,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,6BAA6B,IAAI,EAAE,CAAC,CAAC;YAEnE,MAAM,gBAAgB,GAAG,qBAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAC9D,IAAI,YAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAChC,eAAM,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/C,eAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBACrD,IAAI,YAAY,GAAG,MAAM,UAAU,CACjC,UAAU,EACV,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACF,IAAI,aAAa,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACtD,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;wBACvD,YAAY,GAAG,MAAM,UAAU,CAC7B,aAAa,EACb,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACJ,CAAC;oBACD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACrC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;wBAC7C,KAAK,CAAC,eAAe,GAAG,2BAA2B,IAAI,oCAAoC,CAAC;wBAC5F,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,eAAM,CAAC,KAAK,CAAC,aAAa,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBAC7C,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;wBACxB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAA,aAAK,EAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;wBACrD,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;wBAC9B,IAAA,iCAAsB,EAAC,KAAK,CAAC,CAAC;oBAChC,CAAC;yBAAM,CAAC;wBACN,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;wBACrC,IAAA,iCAAsB,EAAC,YAAY,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,MAAM,EAAE,CAAC;oBACvD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,kCAAiB,CAAC,CAAC;oBAC3C,KAAK,CAAC,gBAAgB,GAAG,QAAQ,CAAC;oBAClC,KAAK,CAAC,eAAe,GAAG,8BAA8B,CAAC;oBACvD,KAAK,CAAC,iBAAiB,GAAG,4DAA4D,GAAG,sJAAsJ,CAAC;oBAChP,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;wBACvC,KAAK,CAAC,iBAAiB,GAAG;;;+FAGyD,CAAC;oBACtF,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC,SAAS,CAAC;QACnC,CAAC;aAAM,IAAI,YAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1C,IAAI,YAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,IAAI,KAAK,GAAG,CAAC;oBAC/C,eAAe,CAAC,GAAG,CAAsB,CAAC,IAAI,CAC7C,MAAM,aAAa,CAAC,IAAsB,EAAE,UAAU,EAAE,IAAI,CAAC,CAC9D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACL,eAAe,CAAC,GAAG,CAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAe,CAAC,GAAG,CAAC,GAAG,MAAM,aAAa,CACxC,GAAqB,EACrB,UAAU,EACV,IAAI,CACL,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC,SAAS,CAAC;IACjC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,oBAAoB;QACpB,eAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,IAAA,iBAAW,EAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,sBAAsB;QACtB,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { CONFIG_VALIDATION } from '../constants/error-messages';\nimport { logger } from '../logger';\nimport { regEx } from '../util/regex';\nimport { addSecretForSanitizing } from '../util/sanitize';\nimport { ensureTrailingSlash, parseUrl, trimSlashes } from '../util/url';\nimport { tryDecryptKbPgp } from './decrypt/kbpgp';\nimport {\n tryDecryptPublicKeyDefault,\n tryDecryptPublicKeyPKCS1,\n} from './decrypt/legacy';\nimport { tryDecryptOpenPgp } from './decrypt/openpgp';\nimport { GlobalConfig } from './global';\nimport { DecryptedObject } from './schema';\nimport type { RenovateConfig } from './types';\n\nlet privateKey: string | undefined;\nlet privateKeyOld: string | undefined;\n\nexport function setPrivateKeys(\n pKey: string | undefined,\n pKeyOld: string | undefined,\n): void {\n privateKey = pKey;\n privateKeyOld = pKeyOld;\n}\n\nexport async function tryDecrypt(\n key: string,\n encryptedStr: string,\n repository: string,\n keyName: string,\n): Promise<string | null> {\n let decryptedStr: string | null = null;\n if (key?.startsWith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) {\n const decryptedObjStr =\n process.env.RENOVATE_X_USE_OPENPGP === 'true'\n ? await tryDecryptOpenPgp(key, encryptedStr)\n : await tryDecryptKbPgp(key, encryptedStr);\n if (decryptedObjStr) {\n decryptedStr = validateDecryptedValue(decryptedObjStr, repository);\n }\n } else {\n decryptedStr = tryDecryptPublicKeyDefault(key, encryptedStr);\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated default padding, please change to using PGP encryption.',\n );\n } else {\n decryptedStr = tryDecryptPublicKeyPKCS1(key, encryptedStr);\n /* v8 ignore start -- not testable */\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated PKCS1 padding, please change to using PGP encryption.',\n );\n }\n /* v8 ignore stop */\n }\n }\n return decryptedStr;\n}\n\nexport function validateDecryptedValue(\n decryptedObjStr: string,\n repository: string,\n): string | null {\n try {\n const decryptedObj = DecryptedObject.safeParse(decryptedObjStr);\n if (!decryptedObj.success) {\n const error = new Error('config-validation');\n error.validationError = `Could not parse decrypted config.`;\n throw error;\n }\n\n const { o: org, r: repo, v: value } = decryptedObj.data;\n\n if (!is.nonEmptyString(value)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a value.`;\n throw error;\n }\n\n if (!is.nonEmptyString(org)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a scope.`;\n throw error;\n }\n\n const repositories = [repository.toUpperCase()];\n\n const azureCollection = getAzureCollection();\n if (is.nonEmptyString(azureCollection)) {\n // used for full 'org/project/repo' matching\n repositories.push(`${azureCollection}/${repository}`.toUpperCase());\n // used for org prefix matching without repo\n repositories.push(`${azureCollection}/*/`.toUpperCase());\n }\n\n const orgPrefixes = org\n .split(',')\n .map((o) => o.trim())\n .map((o) => o.toUpperCase())\n .map((o) => ensureTrailingSlash(o));\n\n if (is.nonEmptyString(repo)) {\n const scopedRepos = orgPrefixes.map((orgPrefix) =>\n `${orgPrefix}${repo}`.toUpperCase(),\n );\n for (const rp of repositories) {\n if (scopedRepos.some((r) => r === rp)) {\n return value;\n }\n }\n\n logger.debug(\n { scopedRepos },\n 'Secret is scoped to a different repository',\n );\n const error = new Error('config-validation');\n const scopeString = scopedRepos.join(',');\n error.validationError = `Encrypted secret is scoped to a different repository: \"${scopeString}\".`;\n throw error;\n }\n\n // no scoped repos, only org\n const azcol =\n azureCollection === undefined\n ? undefined\n : ensureTrailingSlash(azureCollection).toUpperCase();\n for (const rp of repositories) {\n if (\n orgPrefixes.some(\n (orgPrefix) => rp.startsWith(orgPrefix) && orgPrefix !== azcol,\n )\n ) {\n return value;\n }\n }\n logger.debug({ orgPrefixes }, 'Secret is scoped to a different org');\n const error = new Error('config-validation');\n const scopeString = orgPrefixes.join(',');\n error.validationError = `Encrypted secret is scoped to a different org: \"${scopeString}\".`;\n throw error;\n } catch (err) {\n logger.warn({ err }, 'Could not parse decrypted string');\n }\n return null;\n}\n\nexport async function decryptConfig(\n config: RenovateConfig,\n repository: string,\n existingPath = '$',\n): Promise<RenovateConfig> {\n logger.trace({ config }, 'decryptConfig()');\n const decryptedConfig = { ...config };\n for (const [key, val] of Object.entries(config)) {\n if (key === 'encrypted' && is.object(val)) {\n const path = `${existingPath}.${key}`;\n logger.debug({ config: val }, `Found encrypted config in ${path}`);\n\n const encryptedWarning = GlobalConfig.get('encryptedWarning');\n if (is.string(encryptedWarning)) {\n logger.once.warn(encryptedWarning);\n }\n\n if (privateKey) {\n for (const [eKey, eVal] of Object.entries(val)) {\n logger.debug(`Trying to decrypt ${eKey} in ${path}`);\n let decryptedStr = await tryDecrypt(\n privateKey,\n eVal,\n repository,\n eKey,\n );\n if (privateKeyOld && !is.nonEmptyString(decryptedStr)) {\n logger.debug(`Trying to decrypt with old private key`);\n decryptedStr = await tryDecrypt(\n privateKeyOld,\n eVal,\n repository,\n eKey,\n );\n }\n if (!is.nonEmptyString(decryptedStr)) {\n const error = new Error('config-validation');\n error.validationError = `Failed to decrypt field ${eKey}. Please re-encrypt and try again.`;\n throw error;\n }\n logger.debug(`Decrypted ${eKey} in ${path}`);\n if (eKey === 'npmToken') {\n const token = decryptedStr.replace(regEx(/\\n$/), '');\n decryptedConfig[eKey] = token;\n addSecretForSanitizing(token);\n } else {\n decryptedConfig[eKey] = decryptedStr;\n addSecretForSanitizing(decryptedStr);\n }\n }\n } else {\n if (process.env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {\n const error = new Error(CONFIG_VALIDATION);\n error.validationSource = 'config';\n error.validationError = 'Encrypted config unsupported';\n error.validationMessage = `This config contains an encrypted object at location \\`$.${key}\\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \\`privateKey\\` in Global Configuration.`;\n if (process.env.MEND_HOSTED === 'true') {\n error.validationMessage = `Mend-hosted Renovate Apps no longer support the use of encrypted secrets in Renovate file config (e.g. renovate.json).\nPlease migrate all secrets to the Developer Portal using the web UI available at https://developer.mend.io/\n\nRefer to migration documents here: https://docs.renovatebot.com/mend-hosted/migrating-secrets/`;\n }\n throw error;\n } else {\n logger.error('Found encrypted data but no privateKey');\n }\n }\n delete decryptedConfig.encrypted;\n } else if (is.array(val)) {\n decryptedConfig[key] = [];\n for (const [index, item] of val.entries()) {\n if (is.object(item) && !is.array(item)) {\n const path = `${existingPath}.${key}[${index}]`;\n (decryptedConfig[key] as RenovateConfig[]).push(\n await decryptConfig(item as RenovateConfig, repository, path),\n );\n } else {\n (decryptedConfig[key] as unknown[]).push(item);\n }\n }\n } else if (is.object(val) && key !== 'content') {\n const path = `${existingPath}.${key}`;\n decryptedConfig[key] = await decryptConfig(\n val as RenovateConfig,\n repository,\n path,\n );\n }\n }\n delete decryptedConfig.encrypted;\n logger.trace({ config: decryptedConfig }, 'decryptedConfig');\n return decryptedConfig;\n}\n\nexport function getAzureCollection(): string | undefined {\n const platform = GlobalConfig.get('platform');\n if (platform !== 'azure') {\n return undefined;\n }\n\n const endpoint = GlobalConfig.get('endpoint');\n const endpointUrl = parseUrl(endpoint);\n if (endpointUrl === null) {\n // should not happen\n logger.warn({ endpoint }, 'Unable to parse endpoint for token decryption');\n return undefined;\n }\n\n const azureCollection = trimSlashes(endpointUrl.pathname);\n if (!is.nonEmptyString(azureCollection)) {\n logger.debug({ endpoint }, 'Unable to find azure collection name from URL');\n return undefined;\n }\n\n if (azureCollection.startsWith('tfs/')) {\n // Azure DevOps Server\n return azureCollection.substring(4);\n }\n return azureCollection;\n}\n"]}
1
+ {"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../lib/config/decrypt.ts"],"names":[],"mappings":";;AAoBA,wCAMC;AAED,gCAmCC;AAED,wDAqFC;AAED,sCA6FC;AAED,gDAyBC;;AAhRD,kEAAkC;AAClC,gEAAgE;AAChE,sCAAmC;AACnC,qCAAqC;AACrC,yCAAsC;AACtC,+CAA0D;AAC1D,qCAAyE;AACzE,2CAAkD;AAClD,6CAG0B;AAC1B,+CAAsD;AACtD,qCAAwC;AACxC,qCAA2C;AAG3C,IAAI,UAA8B,CAAC;AACnC,IAAI,aAAiC,CAAC;AAEtC,SAAgB,cAAc,CAC5B,IAAwB,EACxB,OAA2B;IAE3B,UAAU,GAAG,IAAI,CAAC;IAClB,aAAa,GAAG,OAAO,CAAC;AAC1B,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,YAAoB,EACpB,UAAkB,EAClB,OAAe;IAEf,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,GAAG,EAAE,UAAU,CAAC,uCAAuC,CAAC,EAAE,CAAC;QAC7D,MAAM,eAAe,GACnB,IAAA,YAAM,GAAE,CAAC,sBAAsB,KAAK,MAAM;YACxC,CAAC,CAAC,MAAM,IAAA,2BAAiB,EAAC,GAAG,EAAE,YAAY,CAAC;YAC5C,CAAC,CAAC,MAAM,IAAA,uBAAe,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC/C,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,GAAG,sBAAsB,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;SAAM,CAAC;QACN,YAAY,GAAG,IAAA,mCAA0B,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAC7D,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,6FAA6F,CAC9F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,YAAY,GAAG,IAAA,iCAAwB,EAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YAC3D,qCAAqC;YACrC,IAAI,YAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5B,eAAM,CAAC,IAAI,CACT,EAAE,OAAO,EAAE,EACX,2FAA2F,CAC5F,CAAC;YACJ,CAAC;YACD,oBAAoB;QACtB,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,wBAAe,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAChE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,mCAAmC,CAAC;YAC5D,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC;QAExD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,KAAK,CAAC,eAAe,GAAG,+CAA+C,CAAC;YACxE,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEhD,MAAM,eAAe,GAAG,kBAAkB,EAAE,CAAC;QAC7C,IAAI,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;YACvC,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,IAAI,UAAU,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,4CAA4C;YAC5C,YAAY,CAAC,IAAI,CAAC,GAAG,eAAe,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,WAAW,GAAG,GAAG;aACpB,KAAK,CAAC,GAAG,CAAC;aACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACpB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;aAC3B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAA,yBAAmB,EAAC,CAAC,CAAC,CAAC,CAAC;QAEtC,IAAI,YAAE,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE,CAChD,GAAG,SAAS,GAAG,IAAI,EAAE,CAAC,WAAW,EAAE,CACpC,CAAC;YACF,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;gBAC9B,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;oBACtC,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YAED,eAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,EACf,4CAA4C,CAC7C,CAAC;YACF,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1C,KAAK,CAAC,eAAe,GAAG,0DAA0D,WAAW,IAAI,CAAC;YAClG,MAAM,KAAK,CAAC;QACd,CAAC;QAED,4BAA4B;QAC5B,MAAM,KAAK,GACT,eAAe,KAAK,SAAS;YAC3B,CAAC,CAAC,SAAS;YACX,CAAC,CAAC,IAAA,yBAAmB,EAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;QACzD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9B,IACE,WAAW,CAAC,IAAI,CACd,CAAC,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,SAAS,KAAK,KAAK,CAC/D,EACD,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,EAAE,qCAAqC,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QAC7C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,KAAK,CAAC,eAAe,GAAG,mDAAmD,WAAW,IAAI,CAAC;QAC3F,MAAM,KAAK,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,kCAAkC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,UAAkB,EAClB,YAAY,GAAG,GAAG;IAElB,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC5C,MAAM,eAAe,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,GAAG,KAAK,WAAW,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,6BAA6B,IAAI,EAAE,CAAC,CAAC;YAEnE,MAAM,gBAAgB,GAAG,qBAAY,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAC9D,IAAI,YAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAChC,eAAM,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YACrC,CAAC;YAED,IAAI,UAAU,EAAE,CAAC;gBACf,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC/C,eAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBACrD,IAAI,YAAY,GAAG,MAAM,UAAU,CACjC,UAAU,EACV,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACF,IAAI,aAAa,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACtD,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;wBACvD,YAAY,GAAG,MAAM,UAAU,CAC7B,aAAa,EACb,IAAI,EACJ,UAAU,EACV,IAAI,CACL,CAAC;oBACJ,CAAC;oBACD,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;wBACrC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;wBAC7C,KAAK,CAAC,eAAe,GAAG,2BAA2B,IAAI,oCAAoC,CAAC;wBAC5F,MAAM,KAAK,CAAC;oBACd,CAAC;oBACD,eAAM,CAAC,KAAK,CAAC,aAAa,IAAI,OAAO,IAAI,EAAE,CAAC,CAAC;oBAC7C,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;wBACxB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,IAAA,aAAK,EAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;wBACrD,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;wBAC9B,IAAA,iCAAsB,EAAC,KAAK,CAAC,CAAC;oBAChC,CAAC;yBAAM,CAAC;wBACN,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;wBACrC,IAAA,iCAAsB,EAAC,YAAY,CAAC,CAAC;oBACvC,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,IAAA,YAAM,GAAE,CAAC;gBACrB,IAAI,GAAG,CAAC,2BAA2B,KAAK,MAAM,EAAE,CAAC;oBAC/C,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,kCAAiB,CAAC,CAAC;oBAC3C,KAAK,CAAC,gBAAgB,GAAG,QAAQ,CAAC;oBAClC,KAAK,CAAC,eAAe,GAAG,8BAA8B,CAAC;oBACvD,KAAK,CAAC,iBAAiB,GAAG,4DAA4D,GAAG,sJAAsJ,CAAC;oBAChP,IAAI,GAAG,CAAC,WAAW,KAAK,MAAM,EAAE,CAAC;wBAC/B,KAAK,CAAC,iBAAiB,GAAG;;;+FAGyD,CAAC;oBACtF,CAAC;oBACD,MAAM,KAAK,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YACD,OAAO,eAAe,CAAC,SAAS,CAAC;QACnC,CAAC;aAAM,IAAI,YAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAC1B,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1C,IAAI,YAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,YAAE,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,IAAI,KAAK,GAAG,CAAC;oBAC/C,eAAe,CAAC,GAAG,CAAsB,CAAC,IAAI,CAC7C,MAAM,aAAa,CAAC,IAAsB,EAAE,UAAU,EAAE,IAAI,CAAC,CAC9D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACL,eAAe,CAAC,GAAG,CAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,YAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YAC/C,MAAM,IAAI,GAAG,GAAG,YAAY,IAAI,GAAG,EAAE,CAAC;YACtC,eAAe,CAAC,GAAG,CAAC,GAAG,MAAM,aAAa,CACxC,GAAqB,EACrB,UAAU,EACV,IAAI,CACL,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC,SAAS,CAAC;IACjC,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAgB,kBAAkB;IAChC,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,QAAQ,GAAG,qBAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,IAAA,cAAQ,EAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,oBAAoB;QACpB,eAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,eAAe,GAAG,IAAA,iBAAW,EAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC1D,IAAI,CAAC,YAAE,CAAC,cAAc,CAAC,eAAe,CAAC,EAAE,CAAC;QACxC,eAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACvC,sBAAsB;QACtB,OAAO,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC","sourcesContent":["import is from '@sindresorhus/is';\nimport { CONFIG_VALIDATION } from '../constants/error-messages';\nimport { logger } from '../logger';\nimport { getEnv } from '../util/env';\nimport { regEx } from '../util/regex';\nimport { addSecretForSanitizing } from '../util/sanitize';\nimport { ensureTrailingSlash, parseUrl, trimSlashes } from '../util/url';\nimport { tryDecryptKbPgp } from './decrypt/kbpgp';\nimport {\n tryDecryptPublicKeyDefault,\n tryDecryptPublicKeyPKCS1,\n} from './decrypt/legacy';\nimport { tryDecryptOpenPgp } from './decrypt/openpgp';\nimport { GlobalConfig } from './global';\nimport { DecryptedObject } from './schema';\nimport type { RenovateConfig } from './types';\n\nlet privateKey: string | undefined;\nlet privateKeyOld: string | undefined;\n\nexport function setPrivateKeys(\n pKey: string | undefined,\n pKeyOld: string | undefined,\n): void {\n privateKey = pKey;\n privateKeyOld = pKeyOld;\n}\n\nexport async function tryDecrypt(\n key: string,\n encryptedStr: string,\n repository: string,\n keyName: string,\n): Promise<string | null> {\n let decryptedStr: string | null = null;\n if (key?.startsWith('-----BEGIN PGP PRIVATE KEY BLOCK-----')) {\n const decryptedObjStr =\n getEnv().RENOVATE_X_USE_OPENPGP === 'true'\n ? await tryDecryptOpenPgp(key, encryptedStr)\n : await tryDecryptKbPgp(key, encryptedStr);\n if (decryptedObjStr) {\n decryptedStr = validateDecryptedValue(decryptedObjStr, repository);\n }\n } else {\n decryptedStr = tryDecryptPublicKeyDefault(key, encryptedStr);\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated default padding, please change to using PGP encryption.',\n );\n } else {\n decryptedStr = tryDecryptPublicKeyPKCS1(key, encryptedStr);\n /* v8 ignore start -- not testable */\n if (is.string(decryptedStr)) {\n logger.warn(\n { keyName },\n 'Encrypted value is using deprecated PKCS1 padding, please change to using PGP encryption.',\n );\n }\n /* v8 ignore stop */\n }\n }\n return decryptedStr;\n}\n\nexport function validateDecryptedValue(\n decryptedObjStr: string,\n repository: string,\n): string | null {\n try {\n const decryptedObj = DecryptedObject.safeParse(decryptedObjStr);\n if (!decryptedObj.success) {\n const error = new Error('config-validation');\n error.validationError = `Could not parse decrypted config.`;\n throw error;\n }\n\n const { o: org, r: repo, v: value } = decryptedObj.data;\n\n if (!is.nonEmptyString(value)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a value.`;\n throw error;\n }\n\n if (!is.nonEmptyString(org)) {\n const error = new Error('config-validation');\n error.validationError = `Encrypted value in config is missing a scope.`;\n throw error;\n }\n\n const repositories = [repository.toUpperCase()];\n\n const azureCollection = getAzureCollection();\n if (is.nonEmptyString(azureCollection)) {\n // used for full 'org/project/repo' matching\n repositories.push(`${azureCollection}/${repository}`.toUpperCase());\n // used for org prefix matching without repo\n repositories.push(`${azureCollection}/*/`.toUpperCase());\n }\n\n const orgPrefixes = org\n .split(',')\n .map((o) => o.trim())\n .map((o) => o.toUpperCase())\n .map((o) => ensureTrailingSlash(o));\n\n if (is.nonEmptyString(repo)) {\n const scopedRepos = orgPrefixes.map((orgPrefix) =>\n `${orgPrefix}${repo}`.toUpperCase(),\n );\n for (const rp of repositories) {\n if (scopedRepos.some((r) => r === rp)) {\n return value;\n }\n }\n\n logger.debug(\n { scopedRepos },\n 'Secret is scoped to a different repository',\n );\n const error = new Error('config-validation');\n const scopeString = scopedRepos.join(',');\n error.validationError = `Encrypted secret is scoped to a different repository: \"${scopeString}\".`;\n throw error;\n }\n\n // no scoped repos, only org\n const azcol =\n azureCollection === undefined\n ? undefined\n : ensureTrailingSlash(azureCollection).toUpperCase();\n for (const rp of repositories) {\n if (\n orgPrefixes.some(\n (orgPrefix) => rp.startsWith(orgPrefix) && orgPrefix !== azcol,\n )\n ) {\n return value;\n }\n }\n logger.debug({ orgPrefixes }, 'Secret is scoped to a different org');\n const error = new Error('config-validation');\n const scopeString = orgPrefixes.join(',');\n error.validationError = `Encrypted secret is scoped to a different org: \"${scopeString}\".`;\n throw error;\n } catch (err) {\n logger.warn({ err }, 'Could not parse decrypted string');\n }\n return null;\n}\n\nexport async function decryptConfig(\n config: RenovateConfig,\n repository: string,\n existingPath = '$',\n): Promise<RenovateConfig> {\n logger.trace({ config }, 'decryptConfig()');\n const decryptedConfig = { ...config };\n for (const [key, val] of Object.entries(config)) {\n if (key === 'encrypted' && is.object(val)) {\n const path = `${existingPath}.${key}`;\n logger.debug({ config: val }, `Found encrypted config in ${path}`);\n\n const encryptedWarning = GlobalConfig.get('encryptedWarning');\n if (is.string(encryptedWarning)) {\n logger.once.warn(encryptedWarning);\n }\n\n if (privateKey) {\n for (const [eKey, eVal] of Object.entries(val)) {\n logger.debug(`Trying to decrypt ${eKey} in ${path}`);\n let decryptedStr = await tryDecrypt(\n privateKey,\n eVal,\n repository,\n eKey,\n );\n if (privateKeyOld && !is.nonEmptyString(decryptedStr)) {\n logger.debug(`Trying to decrypt with old private key`);\n decryptedStr = await tryDecrypt(\n privateKeyOld,\n eVal,\n repository,\n eKey,\n );\n }\n if (!is.nonEmptyString(decryptedStr)) {\n const error = new Error('config-validation');\n error.validationError = `Failed to decrypt field ${eKey}. Please re-encrypt and try again.`;\n throw error;\n }\n logger.debug(`Decrypted ${eKey} in ${path}`);\n if (eKey === 'npmToken') {\n const token = decryptedStr.replace(regEx(/\\n$/), '');\n decryptedConfig[eKey] = token;\n addSecretForSanitizing(token);\n } else {\n decryptedConfig[eKey] = decryptedStr;\n addSecretForSanitizing(decryptedStr);\n }\n }\n } else {\n const env = getEnv();\n if (env.RENOVATE_X_ENCRYPTED_STRICT === 'true') {\n const error = new Error(CONFIG_VALIDATION);\n error.validationSource = 'config';\n error.validationError = 'Encrypted config unsupported';\n error.validationMessage = `This config contains an encrypted object at location \\`$.${key}\\` but no privateKey is configured. To support encrypted config, the Renovate administrator must configure a \\`privateKey\\` in Global Configuration.`;\n if (env.MEND_HOSTED === 'true') {\n error.validationMessage = `Mend-hosted Renovate Apps no longer support the use of encrypted secrets in Renovate file config (e.g. renovate.json).\nPlease migrate all secrets to the Developer Portal using the web UI available at https://developer.mend.io/\n\nRefer to migration documents here: https://docs.renovatebot.com/mend-hosted/migrating-secrets/`;\n }\n throw error;\n } else {\n logger.error('Found encrypted data but no privateKey');\n }\n }\n delete decryptedConfig.encrypted;\n } else if (is.array(val)) {\n decryptedConfig[key] = [];\n for (const [index, item] of val.entries()) {\n if (is.object(item) && !is.array(item)) {\n const path = `${existingPath}.${key}[${index}]`;\n (decryptedConfig[key] as RenovateConfig[]).push(\n await decryptConfig(item as RenovateConfig, repository, path),\n );\n } else {\n (decryptedConfig[key] as unknown[]).push(item);\n }\n }\n } else if (is.object(val) && key !== 'content') {\n const path = `${existingPath}.${key}`;\n decryptedConfig[key] = await decryptConfig(\n val as RenovateConfig,\n repository,\n path,\n );\n }\n }\n delete decryptedConfig.encrypted;\n logger.trace({ config: decryptedConfig }, 'decryptedConfig');\n return decryptedConfig;\n}\n\nexport function getAzureCollection(): string | undefined {\n const platform = GlobalConfig.get('platform');\n if (platform !== 'azure') {\n return undefined;\n }\n\n const endpoint = GlobalConfig.get('endpoint');\n const endpointUrl = parseUrl(endpoint);\n if (endpointUrl === null) {\n // should not happen\n logger.warn({ endpoint }, 'Unable to parse endpoint for token decryption');\n return undefined;\n }\n\n const azureCollection = trimSlashes(endpointUrl.pathname);\n if (!is.nonEmptyString(azureCollection)) {\n logger.debug({ endpoint }, 'Unable to find azure collection name from URL');\n return undefined;\n }\n\n if (azureCollection.startsWith('tfs/')) {\n // Azure DevOps Server\n return azureCollection.substring(4);\n }\n return azureCollection;\n}\n"]}
package/dist/config/options/index.js CHANGED
@@ -106,6 +106,35 @@ const options = [
106
106
  default: [],
107
107
  globalOnly: true,
108
108
  },
109
+ {
110
+ name: 'bumpVersions',
111
+ description: 'A list of bumpVersion config options to bump generic version numbers.',
112
+ type: 'array',
113
+ subType: 'object',
114
+ default: [],
115
+ cli: false,
116
+ env: false,
117
+ experimental: true,
118
+ },
119
+ {
120
+ name: 'bumpType',
121
+ description: 'The semver level to use when bumping versions. This is used by the `bumpVersions` feature.',
122
+ type: 'string',
123
+ parents: ['bumpVersions'],
124
+ },
125
+ {
126
+ name: 'filePatterns',
127
+ description: 'A list of patterns to match files that contain the version string.',
128
+ type: 'array',
129
+ subType: 'string',
130
+ parents: ['bumpVersions'],
131
+ },
132
+ {
133
+ name: 'name',
134
+ description: 'A name for the bumpVersion config. This is used for logging and debugging.',
135
+ type: 'string',
136
+ parents: ['bumpVersions'],
137
+ },
109
138
  {
110
139
  name: 'postUpgradeTasks',
111
140
  description: 'Post-upgrade tasks that are executed before a commit is made by Renovate.',
@@ -1053,6 +1082,7 @@ const options = [
1053
1082
  'helmv3',
1054
1083
  'kubernetes',
1055
1084
  'kustomize',
1085
+ 'maven',
1056
1086
  'terraform',
1057
1087
  'vendir',
1058
1088
  'woodpecker',
@@ -1303,7 +1333,7 @@ const options = [
1303
1333
  },
1304
1334
  {
1305
1335
  name: 'matchSourceUrls',
1306
- description: 'A list of source URLs to exact match against.',
1336
+ description: 'A list of exact match URLs (or URL patterns) to match sourceUrl against.',
1307
1337
  type: 'array',
1308
1338
  subType: 'string',
1309
1339
  allowString: true,
@@ -1727,6 +1757,18 @@ const options = [
1727
1757
  type: 'string',
1728
1758
  default: null,
1729
1759
  },
1760
+ {
1761
+ name: 'abandonmentThreshold',
1762
+ description: 'Flags packages that have not been updated within this period as abandoned.',
1763
+ type: 'string',
1764
+ default: null,
1765
+ },
1766
+ {
1767
+ name: 'dependencyDashboardReportAbandonment',
1768
+ description: 'Controls whether abandoned packages are reported in the dependency dashboard.',
1769
+ type: 'boolean',
1770
+ default: true,
1771
+ },
1730
1772
  {
1731
1773
  name: 'internalChecksAsSuccess',
1732
1774
  description: 'Whether to consider passing internal checks such as `minimumReleaseAge` when determining branch status.',
@@ -2595,10 +2637,10 @@ const options = [
2595
2637
  },
2596
2638
  {
2597
2639
  name: 'matchStrings',
2598
- description: 'Queries to use. Valid only within a `customManagers` object.',
2640
+ description: 'Queries to use. Valid only within `bumpVersions` or `customManagers` object.',
2599
2641
  type: 'array',
2600
2642
  subType: 'string',
2601
- parents: ['customManagers'],
2643
+ parents: ['bumpVersions', 'customManagers'],
2602
2644
  cli: false,
2603
2645
  env: false,
2604
2646
  },