renovate 41.157.0 → 41.158.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/data/monorepo.json +1 -0
  2. package/dist/util/git/private-key.js +1 -1
  3. package/dist/util/git/private-key.js.map +1 -1
  4. package/package.json +4 -4
  5. package/renovate-schema.json +2 -2
package/dist/data/monorepo.json CHANGED
@@ -386,6 +386,7 @@
386
386
  "https://github.com/FasterXML/jackson-module-scala"
387
387
  ],
388
388
  "jasmine": "https://github.com/jasmine/jasmine",
389
+ "javafx": "https://github.com/openjdk/jfx",
389
390
  "javahamcrest": "https://github.com/hamcrest/JavaHamcrest",
390
391
  "javascriptengineswitcher": "https://github.com/Taritsyn/JavaScriptEngineSwitcher",
391
392
  "jaxb-ri": "https://github.com/eclipse-ee4j/jaxb-ri",
package/dist/util/git/private-key.js CHANGED
@@ -14,7 +14,7 @@ const exec_1 = require("../exec");
14
14
  const regex_1 = require("../regex");
15
15
  const sanitize_1 = require("../sanitize");
16
16
  const string_1 = require("../string");
17
- const sshKeyRegex = (0, regex_1.regEx)(/-----BEGIN ([A-Z ]+ )?PRIVATE KEY-----.*?-----END ([A-Z]+ )?PRIVATE KEY-----/, 's');
17
+ const sshKeyRegex = (0, regex_1.regEx)(/-----BEGIN (?:[A-Z ]+ )?PRIVATE KEY-----.*?-----END (?:[A-Z]+ )?PRIVATE KEY-----/, 's');
18
18
  let gitPrivateKey;
19
19
  /**
20
20
  * Decodes Base64 string if roundtrip encoding matches
package/dist/util/git/private-key.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"private-key.js","sourceRoot":"","sources":["../../../lib/util/git/private-key.ts"],"names":[],"mappings":";;AAoKA,sCAQC;AAED,0CAEC;AAED,4CAEC;;AApLD,8DAAyB;AACzB,kEAAkC;AAClC,gEAA0B;AAC1B,0DAA0B;AAC1B,mEAAqE;AACrE,yCAAsC;AACtC,kCAA+B;AAC/B,oCAA+C;AAC/C,0CAAqD;AACrD,sCAAiD;AAIjD,MAAM,WAAW,GAAG,IAAA,aAAK,EACvB,8EAA8E,EAC9E,GAAG,CACJ,CAAC;AAEF,IAAI,aAAqC,CAAC;AAE1C;;GAEG;AACH,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,KAAK,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,IAAA,iBAAQ,EAAC,YAAY,CAAC,CAAC;IAC5C,IAAI,KAAK,KAAK,YAAY,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAe,UAAU;IACJ,GAAG,CAAS;IACZ,UAAU,CAAqB;IACxC,KAAK,CAAqB;IAGpC,YAAY,GAAW,EAAE,UAA8B;QACrD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC;YACtB,IAAA,iCAAsB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACjB,CAAC;QACD,IAAA,iCAAsB,EAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAE3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,IAAA,iCAAsB,EAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,eAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC;YACH,IAAI,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,oCAAmB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAW;QAChC,eAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC1D,uBAAuB;QACvB,MAAM,IAAA,WAAI,EAAC,8BAA8B,IAAI,CAAC,KAAM,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjE,MAAM,IAAA,WAAI,EAAC,gCAAgC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACtD,MAAM,IAAA,WAAI,EAAC,yBAAyB,IAAI,CAAC,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;CAGF;AAED,MAAM,MAAO,SAAQ,UAAU;IACV,SAAS,GAAG,SAAS,CAAC;IAEzC,YAAY,GAAW,EAAE,UAA8B;QACrD,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QAC9B,IAAI,UAAU,EAAE,CAAC;YACf,eAAM,CAAC,IAAI,CACT,kEAAkE,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IAES,KAAK,CAAC,SAAS;QACvB,MAAM,WAAW,GAAG,eAAK,CAAC,IAAI,CAAC,iBAAE,CAAC,MAAM,EAAE,GAAG,sBAAsB,CAAC,CAAC;QACrE,MAAM,kBAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,WAAI;QACnC,iGAAiG;QACjG,iCAAiC,WAAW,EAAE,CAC/C,CAAC;QACF,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAC9D,MAAM,kBAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC7B,OAAO,GAAG,MAAM,GAAG,MAAM,EAAE;aACxB,KAAK,CAAC,oBAAY,CAAC;aACnB,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;YACrD,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;aACzB,KAAK,CAAC,GAAG,CAAC;aACV,KAAK,EAAE,CAAC;IACb,CAAC;CACF;AAED,MAAM,MAAO,SAAQ,UAAU;IACV,SAAS,GAAG,KAAK,CAAC;IAE3B,KAAK,CAAC,SAAS;QACvB,MAAM,WAAW,GAAG,eAAK,CAAC,IAAI,CAAC,iBAAE,CAAC,MAAM,EAAE,GAAG,sBAAsB,CAAC,CAAC;QACrE,MAAM,kBAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,kBAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,MAAM,kBAAE,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAEnC,+EAA+E;QAC/E,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,IAAA,WAAI;YACR,wBAAwB;YACxB,eAAe;YACf,qBAAqB;YACrB,6CAA6C;YAC7C,oBAAoB,WAAW,QAAQ,IAAI,CAAC,UAAU,SAAS,CAChE,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,2EAA2E;QAC3E,uEAAuE;QACvE,yEAAyE;QACzE,sEAAsE;QACtE,YAAY;QACZ,+EAA+E;QAC/E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,WAAI,EAAC,oBAAoB,WAAW,EAAE,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,GAAG,WAAW,MAAM,CAAC;QACzC,MAAM,kBAAE,CAAC,UAAU,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACzC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,kBAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;AAC/C,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAW,EACX,UAA8B;IAE9B,QAAQ,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,KAAK;YACR,eAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAChD,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACrC,KAAK,KAAK;YACR,eAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAChD,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,SAAgB,aAAa,CAC3B,GAAuB,EACvB,UAA8B;IAE9B,IAAI,CAAC,YAAE,CAAC,8BAA8B,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,aAAa,GAAG,gBAAgB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AACpD,CAAC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,aAAa,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,GAAW;IAChD,MAAM,aAAa,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC;AAC7C,CAAC","sourcesContent":["import os from 'node:os';\nimport is from '@sindresorhus/is';\nimport fs from 'fs-extra';\nimport upath from 'upath';\nimport { PLATFORM_GPG_FAILED } from '../../constants/error-messages';\nimport { logger } from '../../logger';\nimport { exec } from '../exec';\nimport { newlineRegex, regEx } from '../regex';\nimport { addSecretForSanitizing } from '../sanitize';\nimport { fromBase64, toBase64 } from '../string';\n\ntype PrivateKeyFormat = 'gpg' | 'ssh';\n\nconst sshKeyRegex = regEx(\n /-----BEGIN ([A-Z ]+ )?PRIVATE KEY-----.*?-----END ([A-Z]+ )?PRIVATE KEY-----/,\n 's',\n);\n\nlet gitPrivateKey: PrivateKey | undefined;\n\n/**\n * Decodes Base64 string if roundtrip encoding matches\n */\nfunction tryBase64(value: string): string | null {\n const decodedValue = fromBase64(value);\n const encodedValue = toBase64(decodedValue);\n if (value !== encodedValue) {\n return null;\n }\n\n return decodedValue;\n}\n\nabstract class PrivateKey {\n protected readonly key: string;\n protected readonly passphrase: string | undefined;\n protected keyId: string | undefined;\n protected abstract readonly gpgFormat: string;\n\n constructor(key: string, passphrase: string | undefined) {\n const decodedKey = tryBase64(key);\n\n if (decodedKey) {\n this.key = decodedKey;\n addSecretForSanitizing(key, 'global');\n logger.debug('gitPrivateKey: decoded key from Base64');\n } else {\n this.key = key;\n }\n addSecretForSanitizing(this.key, 'global');\n\n this.passphrase = passphrase;\n if (this.passphrase) {\n addSecretForSanitizing(this.passphrase, 'global');\n }\n logger.debug(\n 'gitPrivateKey: successfully set (but not yet written/configured)',\n );\n }\n\n async writeKey(): Promise<void> {\n try {\n this.keyId ??= await this.importKey();\n logger.debug('gitPrivateKey: imported');\n } catch (err) {\n logger.warn({ err }, 'gitPrivateKey: error importing');\n throw new Error(PLATFORM_GPG_FAILED);\n }\n }\n\n async configSigningKey(cwd: string): Promise<void> {\n logger.debug('gitPrivateKey: configuring commit signing');\n // TODO: types (#22198)\n await exec(`git config user.signingkey ${this.keyId!}`, { cwd });\n await exec(`git config commit.gpgsign true`, { cwd });\n await exec(`git config gpg.format ${this.gpgFormat}`, { cwd });\n }\n\n protected abstract importKey(): Promise<string | undefined>;\n}\n\nclass GPGKey extends PrivateKey {\n protected readonly gpgFormat = 'openpgp';\n\n constructor(key: string, passphrase: string | undefined) {\n super(key.trim(), passphrase);\n if (passphrase) {\n logger.warn(\n 'Passphrase is not yet supported for GPG keys, it will be ignored',\n );\n }\n }\n\n protected async importKey(): Promise<string | undefined> {\n const keyFileName = upath.join(os.tmpdir() + '/git-private-gpg.key');\n await fs.outputFile(keyFileName, this.key);\n const { stdout, stderr } = await exec(\n // --batch --no-tty flags allow Renovate to skip warnings about unsupported algorithms in the key\n `gpg --batch --no-tty --import ${keyFileName}`,\n );\n logger.debug({ stdout, stderr }, 'Private key import result');\n await fs.remove(keyFileName);\n return `${stdout}${stderr}`\n .split(newlineRegex)\n .find((line) => line.includes('secret key imported'))\n ?.replace('gpg: key ', '')\n .split(':')\n .shift();\n }\n}\n\nclass SSHKey extends PrivateKey {\n protected readonly gpgFormat = 'ssh';\n\n protected async importKey(): Promise<string | undefined> {\n const keyFileName = upath.join(os.tmpdir() + '/git-private-ssh.key');\n await fs.outputFile(keyFileName, this.key.replace(/\\n?$/, '\\n'));\n process.on('exit', () => fs.removeSync(keyFileName));\n await fs.chmod(keyFileName, 0o600);\n\n // If there's a passphrase, decrypt the private key and save without passphrase\n if (this.passphrase) {\n await exec(\n // -p: change passphrase\n // -f: key file\n // -P: old passphrase\n // -N: new passphrase (empty = no passphrase)\n `ssh-keygen -p -f ${keyFileName} -P \"${this.passphrase}\" -N \"\"`,\n );\n }\n\n // HACK: `git` calls `ssh-keygen -Y sign ...` internally for SSH-based\n // commit signing. Technically, only the private key is needed for signing,\n // but `ssh-keygen` has an implementation quirk which requires also the\n // public key file to exist. Therefore, we derive the public key from the\n // private key just to satisfy `ssh-keygen` until the problem has been\n // resolved.\n // https://github.com/renovatebot/renovate/issues/18197#issuecomment-2152333710\n const { stdout } = await exec(`ssh-keygen -y -f ${keyFileName}`);\n const pubFileName = `${keyFileName}.pub`;\n await fs.outputFile(pubFileName, stdout);\n process.on('exit', () => fs.removeSync(pubFileName));\n return keyFileName;\n }\n}\n\nfunction getPrivateKeyFormat(key: string): PrivateKeyFormat {\n return sshKeyRegex.test(key) ? 'ssh' : 'gpg';\n}\n\nfunction createPrivateKey(\n key: string,\n passphrase: string | undefined,\n): PrivateKey {\n switch (getPrivateKeyFormat(key)) {\n case 'gpg':\n logger.debug('gitPrivateKey: GPG key detected');\n return new GPGKey(key, passphrase);\n case 'ssh':\n logger.debug('gitPrivateKey: SSH key detected');\n return new SSHKey(key, passphrase);\n }\n}\n\nexport function setPrivateKey(\n key: string | undefined,\n passphrase: string | undefined,\n): void {\n if (!is.nonEmptyStringAndNotWhitespace(key)) {\n return;\n }\n gitPrivateKey = createPrivateKey(key, passphrase);\n}\n\nexport async function writePrivateKey(): Promise<void> {\n await gitPrivateKey?.writeKey();\n}\n\nexport async function configSigningKey(cwd: string): Promise<void> {\n await gitPrivateKey?.configSigningKey(cwd);\n}\n"]}
1
+ {"version":3,"file":"private-key.js","sourceRoot":"","sources":["../../../lib/util/git/private-key.ts"],"names":[],"mappings":";;AAoKA,sCAQC;AAED,0CAEC;AAED,4CAEC;;AApLD,8DAAyB;AACzB,kEAAkC;AAClC,gEAA0B;AAC1B,0DAA0B;AAC1B,mEAAqE;AACrE,yCAAsC;AACtC,kCAA+B;AAC/B,oCAA+C;AAC/C,0CAAqD;AACrD,sCAAiD;AAIjD,MAAM,WAAW,GAAG,IAAA,aAAK,EACvB,kFAAkF,EAClF,GAAG,CACJ,CAAC;AAEF,IAAI,aAAqC,CAAC;AAE1C;;GAEG;AACH,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,KAAK,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,IAAA,iBAAQ,EAAC,YAAY,CAAC,CAAC;IAC5C,IAAI,KAAK,KAAK,YAAY,EAAE,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAe,UAAU;IACJ,GAAG,CAAS;IACZ,UAAU,CAAqB;IACxC,KAAK,CAAqB;IAGpC,YAAY,GAAW,EAAE,UAA8B;QACrD,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;QAElC,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC;YACtB,IAAA,iCAAsB,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACjB,CAAC;QACD,IAAA,iCAAsB,EAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAE3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,IAAA,iCAAsB,EAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACpD,CAAC;QACD,eAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC;YACH,IAAI,CAAC,KAAK,KAAK,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,eAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,gCAAgC,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,oCAAmB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,GAAW;QAChC,eAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC1D,uBAAuB;QACvB,MAAM,IAAA,WAAI,EAAC,8BAA8B,IAAI,CAAC,KAAM,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjE,MAAM,IAAA,WAAI,EAAC,gCAAgC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACtD,MAAM,IAAA,WAAI,EAAC,yBAAyB,IAAI,CAAC,SAAS,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;CAGF;AAED,MAAM,MAAO,SAAQ,UAAU;IACV,SAAS,GAAG,SAAS,CAAC;IAEzC,YAAY,GAAW,EAAE,UAA8B;QACrD,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QAC9B,IAAI,UAAU,EAAE,CAAC;YACf,eAAM,CAAC,IAAI,CACT,kEAAkE,CACnE,CAAC;QACJ,CAAC;IACH,CAAC;IAES,KAAK,CAAC,SAAS;QACvB,MAAM,WAAW,GAAG,eAAK,CAAC,IAAI,CAAC,iBAAE,CAAC,MAAM,EAAE,GAAG,sBAAsB,CAAC,CAAC;QACrE,MAAM,kBAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,WAAI;QACnC,iGAAiG;QACjG,iCAAiC,WAAW,EAAE,CAC/C,CAAC;QACF,eAAM,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,2BAA2B,CAAC,CAAC;QAC9D,MAAM,kBAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC7B,OAAO,GAAG,MAAM,GAAG,MAAM,EAAE;aACxB,KAAK,CAAC,oBAAY,CAAC;aACnB,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;YACrD,EAAE,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;aACzB,KAAK,CAAC,GAAG,CAAC;aACV,KAAK,EAAE,CAAC;IACb,CAAC;CACF;AAED,MAAM,MAAO,SAAQ,UAAU;IACV,SAAS,GAAG,KAAK,CAAC;IAE3B,KAAK,CAAC,SAAS;QACvB,MAAM,WAAW,GAAG,eAAK,CAAC,IAAI,CAAC,iBAAE,CAAC,MAAM,EAAE,GAAG,sBAAsB,CAAC,CAAC;QACrE,MAAM,kBAAE,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,kBAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,MAAM,kBAAE,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QAEnC,+EAA+E;QAC/E,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,IAAA,WAAI;YACR,wBAAwB;YACxB,eAAe;YACf,qBAAqB;YACrB,6CAA6C;YAC7C,oBAAoB,WAAW,QAAQ,IAAI,CAAC,UAAU,SAAS,CAChE,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,2EAA2E;QAC3E,uEAAuE;QACvE,yEAAyE;QACzE,sEAAsE;QACtE,YAAY;QACZ,+EAA+E;QAC/E,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,WAAI,EAAC,oBAAoB,WAAW,EAAE,CAAC,CAAC;QACjE,MAAM,WAAW,GAAG,GAAG,WAAW,MAAM,CAAC;QACzC,MAAM,kBAAE,CAAC,UAAU,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACzC,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,kBAAE,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,GAAW;IACtC,OAAO,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;AAC/C,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAW,EACX,UAA8B;IAE9B,QAAQ,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,KAAK;YACR,eAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAChD,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACrC,KAAK,KAAK;YACR,eAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAChD,OAAO,IAAI,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,SAAgB,aAAa,CAC3B,GAAuB,EACvB,UAA8B;IAE9B,IAAI,CAAC,YAAE,CAAC,8BAA8B,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO;IACT,CAAC;IACD,aAAa,GAAG,gBAAgB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;AACpD,CAAC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,aAAa,EAAE,QAAQ,EAAE,CAAC;AAClC,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,GAAW;IAChD,MAAM,aAAa,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC;AAC7C,CAAC","sourcesContent":["import os from 'node:os';\nimport is from '@sindresorhus/is';\nimport fs from 'fs-extra';\nimport upath from 'upath';\nimport { PLATFORM_GPG_FAILED } from '../../constants/error-messages';\nimport { logger } from '../../logger';\nimport { exec } from '../exec';\nimport { newlineRegex, regEx } from '../regex';\nimport { addSecretForSanitizing } from '../sanitize';\nimport { fromBase64, toBase64 } from '../string';\n\ntype PrivateKeyFormat = 'gpg' | 'ssh';\n\nconst sshKeyRegex = regEx(\n /-----BEGIN (?:[A-Z ]+ )?PRIVATE KEY-----.*?-----END (?:[A-Z]+ )?PRIVATE KEY-----/,\n 's',\n);\n\nlet gitPrivateKey: PrivateKey | undefined;\n\n/**\n * Decodes Base64 string if roundtrip encoding matches\n */\nfunction tryBase64(value: string): string | null {\n const decodedValue = fromBase64(value);\n const encodedValue = toBase64(decodedValue);\n if (value !== encodedValue) {\n return null;\n }\n\n return decodedValue;\n}\n\nabstract class PrivateKey {\n protected readonly key: string;\n protected readonly passphrase: string | undefined;\n protected keyId: string | undefined;\n protected abstract readonly gpgFormat: string;\n\n constructor(key: string, passphrase: string | undefined) {\n const decodedKey = tryBase64(key);\n\n if (decodedKey) {\n this.key = decodedKey;\n addSecretForSanitizing(key, 'global');\n logger.debug('gitPrivateKey: decoded key from Base64');\n } else {\n this.key = key;\n }\n addSecretForSanitizing(this.key, 'global');\n\n this.passphrase = passphrase;\n if (this.passphrase) {\n addSecretForSanitizing(this.passphrase, 'global');\n }\n logger.debug(\n 'gitPrivateKey: successfully set (but not yet written/configured)',\n );\n }\n\n async writeKey(): Promise<void> {\n try {\n this.keyId ??= await this.importKey();\n logger.debug('gitPrivateKey: imported');\n } catch (err) {\n logger.warn({ err }, 'gitPrivateKey: error importing');\n throw new Error(PLATFORM_GPG_FAILED);\n }\n }\n\n async configSigningKey(cwd: string): Promise<void> {\n logger.debug('gitPrivateKey: configuring commit signing');\n // TODO: types (#22198)\n await exec(`git config user.signingkey ${this.keyId!}`, { cwd });\n await exec(`git config commit.gpgsign true`, { cwd });\n await exec(`git config gpg.format ${this.gpgFormat}`, { cwd });\n }\n\n protected abstract importKey(): Promise<string | undefined>;\n}\n\nclass GPGKey extends PrivateKey {\n protected readonly gpgFormat = 'openpgp';\n\n constructor(key: string, passphrase: string | undefined) {\n super(key.trim(), passphrase);\n if (passphrase) {\n logger.warn(\n 'Passphrase is not yet supported for GPG keys, it will be ignored',\n );\n }\n }\n\n protected async importKey(): Promise<string | undefined> {\n const keyFileName = upath.join(os.tmpdir() + '/git-private-gpg.key');\n await fs.outputFile(keyFileName, this.key);\n const { stdout, stderr } = await exec(\n // --batch --no-tty flags allow Renovate to skip warnings about unsupported algorithms in the key\n `gpg --batch --no-tty --import ${keyFileName}`,\n );\n logger.debug({ stdout, stderr }, 'Private key import result');\n await fs.remove(keyFileName);\n return `${stdout}${stderr}`\n .split(newlineRegex)\n .find((line) => line.includes('secret key imported'))\n ?.replace('gpg: key ', '')\n .split(':')\n .shift();\n }\n}\n\nclass SSHKey extends PrivateKey {\n protected readonly gpgFormat = 'ssh';\n\n protected async importKey(): Promise<string | undefined> {\n const keyFileName = upath.join(os.tmpdir() + '/git-private-ssh.key');\n await fs.outputFile(keyFileName, this.key.replace(/\\n?$/, '\\n'));\n process.on('exit', () => fs.removeSync(keyFileName));\n await fs.chmod(keyFileName, 0o600);\n\n // If there's a passphrase, decrypt the private key and save without passphrase\n if (this.passphrase) {\n await exec(\n // -p: change passphrase\n // -f: key file\n // -P: old passphrase\n // -N: new passphrase (empty = no passphrase)\n `ssh-keygen -p -f ${keyFileName} -P \"${this.passphrase}\" -N \"\"`,\n );\n }\n\n // HACK: `git` calls `ssh-keygen -Y sign ...` internally for SSH-based\n // commit signing. Technically, only the private key is needed for signing,\n // but `ssh-keygen` has an implementation quirk which requires also the\n // public key file to exist. Therefore, we derive the public key from the\n // private key just to satisfy `ssh-keygen` until the problem has been\n // resolved.\n // https://github.com/renovatebot/renovate/issues/18197#issuecomment-2152333710\n const { stdout } = await exec(`ssh-keygen -y -f ${keyFileName}`);\n const pubFileName = `${keyFileName}.pub`;\n await fs.outputFile(pubFileName, stdout);\n process.on('exit', () => fs.removeSync(pubFileName));\n return keyFileName;\n }\n}\n\nfunction getPrivateKeyFormat(key: string): PrivateKeyFormat {\n return sshKeyRegex.test(key) ? 'ssh' : 'gpg';\n}\n\nfunction createPrivateKey(\n key: string,\n passphrase: string | undefined,\n): PrivateKey {\n switch (getPrivateKeyFormat(key)) {\n case 'gpg':\n logger.debug('gitPrivateKey: GPG key detected');\n return new GPGKey(key, passphrase);\n case 'ssh':\n logger.debug('gitPrivateKey: SSH key detected');\n return new SSHKey(key, passphrase);\n }\n}\n\nexport function setPrivateKey(\n key: string | undefined,\n passphrase: string | undefined,\n): void {\n if (!is.nonEmptyStringAndNotWhitespace(key)) {\n return;\n }\n gitPrivateKey = createPrivateKey(key, passphrase);\n}\n\nexport async function writePrivateKey(): Promise<void> {\n await gitPrivateKey?.writeKey();\n}\n\nexport async function configSigningKey(cwd: string): Promise<void> {\n await gitPrivateKey?.configSigningKey(cwd);\n}\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "renovate",
3
3
  "description": "Automated dependency updates. Flexible so you don't need to be.",
4
- "version": "41.157.0",
4
+ "version": "41.158.0",
5
5
  "type": "commonjs",
6
6
  "bin": {
7
7
  "renovate": "dist/renovate.js",
@@ -157,7 +157,7 @@
157
157
  "glob": "11.0.3",
158
158
  "global-agent": "3.0.0",
159
159
  "good-enough-parser": "1.1.23",
160
- "google-auth-library": "10.4.0",
160
+ "google-auth-library": "10.4.1",
161
161
  "got": "11.8.6",
162
162
  "graph-data-structure": "4.5.0",
163
163
  "handlebars": "4.7.8",
@@ -222,7 +222,7 @@
222
222
  "@ls-lint/ls-lint": "2.3.1",
223
223
  "@openpgp/web-stream-tools": "0.2.0",
224
224
  "@semantic-release/exec": "7.1.0",
225
- "@smithy/util-stream": "4.5.2",
225
+ "@smithy/util-stream": "4.5.3",
226
226
  "@types/auth-header": "1.0.6",
227
227
  "@types/aws4": "1.11.6",
228
228
  "@types/better-sqlite3": "7.6.13",
@@ -267,7 +267,7 @@
267
267
  "common-tags": "1.8.2",
268
268
  "conventional-changelog-conventionalcommits": "9.1.0",
269
269
  "emojibase-data": "16.0.3",
270
- "esbuild": "0.25.10",
270
+ "esbuild": "0.25.11",
271
271
  "eslint": "9.35.0",
272
272
  "eslint-config-prettier": "10.1.8",
273
273
  "eslint-formatter-gha": "1.6.0",
package/renovate-schema.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
- "title": "JSON schema for Renovate 41.157.0 config files (https://renovatebot.com/)",
2
+ "title": "JSON schema for Renovate 41.158.0 config files (https://renovatebot.com/)",
3
3
  "$schema": "http://json-schema.org/draft-07/schema#",
4
- "x-renovate-version": "41.157.0",
4
+ "x-renovate-version": "41.158.0",
5
5
  "allowComments": true,
6
6
  "type": "object",
7
7
  "properties": {