renovate 42.13.0 → 42.13.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/config/presets/internal/security.js +9 -0
  2. package/dist/config/presets/internal/security.js.map +1 -1
  3. package/package.json +2 -2
  4. package/renovate-schema.json +2 -2
package/dist/config/presets/internal/security.js CHANGED
@@ -42,6 +42,15 @@ exports.presets = {
42
42
  internalChecksFilter: 'strict',
43
43
  prCreation: 'not-pending',
44
44
  },
45
+ packageRules: [
46
+ {
47
+ description: 'Do not require Minimum Release Age for update types that are controlled by the package manager',
48
+ matchUpdateTypes: ['lockFileMaintenance'],
49
+ prBodyNotes: [
50
+ "⚠️ Renovate's lock file maintenance functionality does not support validating Minimum Release Age, as the package manager performs the required changes to update package(s). Confirm whether your package manager perform its own validation for the Minimum Release Age of packages.",
51
+ ],
52
+ },
53
+ ],
45
54
  },
46
55
  };
47
56
  //# sourceMappingURL=security.js.map
package/dist/config/presets/internal/security.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../lib/config/presets/internal/security.ts"],"names":[],"mappings":";;;AAEa,QAAA,OAAO,GAA2B;IAC7C,mBAAmB,EAAE;QACnB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE;YACZ;gBACE,eAAe,EAAE,CAAC,uBAAuB,CAAC;gBAC1C,iBAAiB,EAAE;oBACjB,OAAO,EACL,2KAA2K;iBAC9K;gBACD,aAAa,EAAE;oBACb,SAAS;oBACT,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,SAAS;oBACT,SAAS;iBACV;aACF;SACF;KACF;IACD,uBAAuB,EAAE;QACvB,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,CAAC,oBAAoB,CAAC;QAC/B,YAAY,EAAE;YACZ;gBACE,OAAO,EAAE,KAAK;gBACd,iBAAiB,EAAE,CAAC,GAAG,CAAC;aACzB;SACF;QACD,mBAAmB,EAAE;YACnB,OAAO,EAAE,IAAI;SACd;QACD,sBAAsB,EAAE,IAAI;KAC7B;IACD,oBAAoB,EAAE;QACpB,WAAW,EACT,kUAAkU;QACpU,GAAG,EAAE;YACH,iBAAiB,EAAE,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ;YAC9B,UAAU,EAAE,aAAa;SAC1B;KACF;CACF,CAAC","sourcesContent":["import type { Preset } from '../types';\n\nexport const presets: Record<string, Preset> = {\n 'openssf-scorecard': {\n description: 'Show OpenSSF badge on pull requests.',\n packageRules: [\n {\n matchSourceUrls: ['https://github.com/**'],\n prBodyDefinitions: {\n OpenSSF:\n '[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})',\n },\n prBodyColumns: [\n 'Package',\n 'Type',\n 'Update',\n 'Change',\n 'Pending',\n 'OpenSSF',\n ],\n },\n ],\n },\n 'only-security-updates': {\n description:\n 'Only update dependencies if vulnerabilities have been detected.',\n extends: ['config:recommended'],\n packageRules: [\n {\n enabled: false,\n matchPackageNames: ['*'],\n },\n ],\n vulnerabilityAlerts: {\n enabled: true,\n },\n osvVulnerabilityAlerts: true,\n },\n minimumReleaseAgeNpm: {\n description:\n 'Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.',\n npm: {\n minimumReleaseAge: '3 days',\n internalChecksFilter: 'strict',\n prCreation: 'not-pending',\n },\n },\n};\n"]}
1
+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../lib/config/presets/internal/security.ts"],"names":[],"mappings":";;;AAEa,QAAA,OAAO,GAA2B;IAC7C,mBAAmB,EAAE;QACnB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE;YACZ;gBACE,eAAe,EAAE,CAAC,uBAAuB,CAAC;gBAC1C,iBAAiB,EAAE;oBACjB,OAAO,EACL,2KAA2K;iBAC9K;gBACD,aAAa,EAAE;oBACb,SAAS;oBACT,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,SAAS;oBACT,SAAS;iBACV;aACF;SACF;KACF;IACD,uBAAuB,EAAE;QACvB,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,CAAC,oBAAoB,CAAC;QAC/B,YAAY,EAAE;YACZ;gBACE,OAAO,EAAE,KAAK;gBACd,iBAAiB,EAAE,CAAC,GAAG,CAAC;aACzB;SACF;QACD,mBAAmB,EAAE;YACnB,OAAO,EAAE,IAAI;SACd;QACD,sBAAsB,EAAE,IAAI;KAC7B;IACD,oBAAoB,EAAE;QACpB,WAAW,EACT,kUAAkU;QACpU,GAAG,EAAE;YACH,iBAAiB,EAAE,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ;YAC9B,UAAU,EAAE,aAAa;SAC1B;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EACT,gGAAgG;gBAClG,gBAAgB,EAAE,CAAC,qBAAqB,CAAC;gBACzC,WAAW,EAAE;oBACX,wRAAwR;iBACzR;aACF;SACF;KACF;CACF,CAAC","sourcesContent":["import type { Preset } from '../types';\n\nexport const presets: Record<string, Preset> = {\n 'openssf-scorecard': {\n description: 'Show OpenSSF badge on pull requests.',\n packageRules: [\n {\n matchSourceUrls: ['https://github.com/**'],\n prBodyDefinitions: {\n OpenSSF:\n '[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})',\n },\n prBodyColumns: [\n 'Package',\n 'Type',\n 'Update',\n 'Change',\n 'Pending',\n 'OpenSSF',\n ],\n },\n ],\n },\n 'only-security-updates': {\n description:\n 'Only update dependencies if vulnerabilities have been detected.',\n extends: ['config:recommended'],\n packageRules: [\n {\n enabled: false,\n matchPackageNames: ['*'],\n },\n ],\n vulnerabilityAlerts: {\n enabled: true,\n },\n osvVulnerabilityAlerts: true,\n },\n minimumReleaseAgeNpm: {\n description:\n 'Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.',\n npm: {\n minimumReleaseAge: '3 days',\n internalChecksFilter: 'strict',\n prCreation: 'not-pending',\n },\n packageRules: [\n {\n description:\n 'Do not require Minimum Release Age for update types that are controlled by the package manager',\n matchUpdateTypes: ['lockFileMaintenance'],\n prBodyNotes: [\n \"⚠️ Renovate's lock file maintenance functionality does not support validating Minimum Release Age, as the package manager performs the required changes to update package(s). Confirm whether your package manager perform its own validation for the Minimum Release Age of packages.\",\n ],\n },\n ],\n },\n};\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "renovate",
3
3
  "description": "Automated dependency updates. Flexible so you don't need to be.",
4
- "version": "42.13.0",
4
+ "version": "42.13.2",
5
5
  "type": "commonjs",
6
6
  "bin": {
7
7
  "renovate": "dist/renovate.js",
@@ -294,7 +294,7 @@
294
294
  "tsx": "4.20.6",
295
295
  "type-fest": "5.2.0",
296
296
  "typescript": "5.9.3",
297
- "typescript-eslint": "8.46.3",
297
+ "typescript-eslint": "8.46.4",
298
298
  "unified": "11.0.5",
299
299
  "vite": "7.2.2",
300
300
  "vite-tsconfig-paths": "5.1.4",
package/renovate-schema.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
- "title": "JSON schema for Renovate 42.13.0 config files (https://renovatebot.com/)",
2
+ "title": "JSON schema for Renovate 42.13.2 config files (https://renovatebot.com/)",
3
3
  "$schema": "http://json-schema.org/draft-07/schema#",
4
- "x-renovate-version": "42.13.0",
4
+ "x-renovate-version": "42.13.2",
5
5
  "allowComments": true,
6
6
  "type": "object",
7
7
  "properties": {