renovate 42.16.0 → 42.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/config/presets/internal/security.js +4 -0
  2. package/dist/config/presets/internal/security.js.map +1 -1
  3. package/package.json +2 -2
  4. package/renovate-schema.json +2 -2
package/dist/config/presets/internal/security.js CHANGED
@@ -45,17 +45,21 @@ exports.presets = {
45
45
  packageRules: [
46
46
  {
47
47
  description: 'Do not require Minimum Release Age for update types that are controlled by the package manager',
48
+ matchDatasources: ['npm'],
48
49
  matchUpdateTypes: ['lockFileMaintenance'],
49
50
  prBodyNotes: [
50
51
  "⚠️ Renovate's lock file maintenance functionality does not support validating Minimum Release Age, as the package manager performs the required changes to update package(s). Confirm whether your package manager perform its own validation for the Minimum Release Age of packages.",
51
52
  ],
53
+ minimumReleaseAge: null,
52
54
  },
53
55
  {
54
56
  description: 'Do not require Minimum Release Age for package replacements',
57
+ matchDatasources: ['npm'],
55
58
  matchUpdateTypes: ['replacement'],
56
59
  prBodyNotes: [
57
60
  "⚠️ Renovate's replacement functionality [does not currently](https://github.com/renovatebot/renovate/issues/39400) wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).",
58
61
  ],
62
+ minimumReleaseAge: null,
59
63
  },
60
64
  ],
61
65
  },
package/dist/config/presets/internal/security.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../lib/config/presets/internal/security.ts"],"names":[],"mappings":";;;AAEa,QAAA,OAAO,GAA2B;IAC7C,mBAAmB,EAAE;QACnB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE;YACZ;gBACE,eAAe,EAAE,CAAC,uBAAuB,CAAC;gBAC1C,iBAAiB,EAAE;oBACjB,OAAO,EACL,2KAA2K;iBAC9K;gBACD,aAAa,EAAE;oBACb,SAAS;oBACT,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,SAAS;oBACT,SAAS;iBACV;aACF;SACF;KACF;IACD,uBAAuB,EAAE;QACvB,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,CAAC,oBAAoB,CAAC;QAC/B,YAAY,EAAE;YACZ;gBACE,OAAO,EAAE,KAAK;gBACd,iBAAiB,EAAE,CAAC,GAAG,CAAC;aACzB;SACF;QACD,mBAAmB,EAAE;YACnB,OAAO,EAAE,IAAI;SACd;QACD,sBAAsB,EAAE,IAAI;KAC7B;IACD,oBAAoB,EAAE;QACpB,WAAW,EACT,kUAAkU;QACpU,GAAG,EAAE;YACH,iBAAiB,EAAE,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ;YAC9B,UAAU,EAAE,aAAa;SAC1B;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EACT,gGAAgG;gBAClG,gBAAgB,EAAE,CAAC,qBAAqB,CAAC;gBACzC,WAAW,EAAE;oBACX,wRAAwR;iBACzR;aACF;YACD;gBACE,WAAW,EACT,6DAA6D;gBAC/D,gBAAgB,EAAE,CAAC,aAAa,CAAC;gBACjC,WAAW,EAAE;oBACX,yRAAyR;iBAC1R;aACF;SACF;KACF;CACF,CAAC","sourcesContent":["import type { Preset } from '../types';\n\nexport const presets: Record<string, Preset> = {\n 'openssf-scorecard': {\n description: 'Show OpenSSF badge on pull requests.',\n packageRules: [\n {\n matchSourceUrls: ['https://github.com/**'],\n prBodyDefinitions: {\n OpenSSF:\n '[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})',\n },\n prBodyColumns: [\n 'Package',\n 'Type',\n 'Update',\n 'Change',\n 'Pending',\n 'OpenSSF',\n ],\n },\n ],\n },\n 'only-security-updates': {\n description:\n 'Only update dependencies if vulnerabilities have been detected.',\n extends: ['config:recommended'],\n packageRules: [\n {\n enabled: false,\n matchPackageNames: ['*'],\n },\n ],\n vulnerabilityAlerts: {\n enabled: true,\n },\n osvVulnerabilityAlerts: true,\n },\n minimumReleaseAgeNpm: {\n description:\n 'Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.',\n npm: {\n minimumReleaseAge: '3 days',\n internalChecksFilter: 'strict',\n prCreation: 'not-pending',\n },\n packageRules: [\n {\n description:\n 'Do not require Minimum Release Age for update types that are controlled by the package manager',\n matchUpdateTypes: ['lockFileMaintenance'],\n prBodyNotes: [\n \"⚠️ Renovate's lock file maintenance functionality does not support validating Minimum Release Age, as the package manager performs the required changes to update package(s). Confirm whether your package manager perform its own validation for the Minimum Release Age of packages.\",\n ],\n },\n {\n description:\n 'Do not require Minimum Release Age for package replacements',\n matchUpdateTypes: ['replacement'],\n prBodyNotes: [\n \"⚠️ Renovate's replacement functionality [does not currently](https://github.com/renovatebot/renovate/issues/39400) wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).\",\n ],\n },\n ],\n },\n};\n"]}
1
+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../../../../lib/config/presets/internal/security.ts"],"names":[],"mappings":";;;AAEa,QAAA,OAAO,GAA2B;IAC7C,mBAAmB,EAAE;QACnB,WAAW,EAAE,sCAAsC;QACnD,YAAY,EAAE;YACZ;gBACE,eAAe,EAAE,CAAC,uBAAuB,CAAC;gBAC1C,iBAAiB,EAAE;oBACjB,OAAO,EACL,2KAA2K;iBAC9K;gBACD,aAAa,EAAE;oBACb,SAAS;oBACT,MAAM;oBACN,QAAQ;oBACR,QAAQ;oBACR,SAAS;oBACT,SAAS;iBACV;aACF;SACF;KACF;IACD,uBAAuB,EAAE;QACvB,WAAW,EACT,iEAAiE;QACnE,OAAO,EAAE,CAAC,oBAAoB,CAAC;QAC/B,YAAY,EAAE;YACZ;gBACE,OAAO,EAAE,KAAK;gBACd,iBAAiB,EAAE,CAAC,GAAG,CAAC;aACzB;SACF;QACD,mBAAmB,EAAE;YACnB,OAAO,EAAE,IAAI;SACd;QACD,sBAAsB,EAAE,IAAI;KAC7B;IACD,oBAAoB,EAAE;QACpB,WAAW,EACT,kUAAkU;QACpU,GAAG,EAAE;YACH,iBAAiB,EAAE,QAAQ;YAC3B,oBAAoB,EAAE,QAAQ;YAC9B,UAAU,EAAE,aAAa;SAC1B;QACD,YAAY,EAAE;YACZ;gBACE,WAAW,EACT,gGAAgG;gBAClG,gBAAgB,EAAE,CAAC,KAAK,CAAC;gBACzB,gBAAgB,EAAE,CAAC,qBAAqB,CAAC;gBACzC,WAAW,EAAE;oBACX,wRAAwR;iBACzR;gBACD,iBAAiB,EAAE,IAAI;aACxB;YACD;gBACE,WAAW,EACT,6DAA6D;gBAC/D,gBAAgB,EAAE,CAAC,KAAK,CAAC;gBACzB,gBAAgB,EAAE,CAAC,aAAa,CAAC;gBACjC,WAAW,EAAE;oBACX,yRAAyR;iBAC1R;gBACD,iBAAiB,EAAE,IAAI;aACxB;SACF;KACF;CACF,CAAC","sourcesContent":["import type { Preset } from '../types';\n\nexport const presets: Record<string, Preset> = {\n 'openssf-scorecard': {\n description: 'Show OpenSSF badge on pull requests.',\n packageRules: [\n {\n matchSourceUrls: ['https://github.com/**'],\n prBodyDefinitions: {\n OpenSSF:\n '[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/{{sourceRepo}}/badge)](https://securityscorecards.dev/viewer/?uri=github.com/{{sourceRepo}})',\n },\n prBodyColumns: [\n 'Package',\n 'Type',\n 'Update',\n 'Change',\n 'Pending',\n 'OpenSSF',\n ],\n },\n ],\n },\n 'only-security-updates': {\n description:\n 'Only update dependencies if vulnerabilities have been detected.',\n extends: ['config:recommended'],\n packageRules: [\n {\n enabled: false,\n matchPackageNames: ['*'],\n },\n ],\n vulnerabilityAlerts: {\n enabled: true,\n },\n osvVulnerabilityAlerts: true,\n },\n minimumReleaseAgeNpm: {\n description:\n 'Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.',\n npm: {\n minimumReleaseAge: '3 days',\n internalChecksFilter: 'strict',\n prCreation: 'not-pending',\n },\n packageRules: [\n {\n description:\n 'Do not require Minimum Release Age for update types that are controlled by the package manager',\n matchDatasources: ['npm'],\n matchUpdateTypes: ['lockFileMaintenance'],\n prBodyNotes: [\n \"⚠️ Renovate's lock file maintenance functionality does not support validating Minimum Release Age, as the package manager performs the required changes to update package(s). Confirm whether your package manager perform its own validation for the Minimum Release Age of packages.\",\n ],\n minimumReleaseAge: null,\n },\n {\n description:\n 'Do not require Minimum Release Age for package replacements',\n matchDatasources: ['npm'],\n matchUpdateTypes: ['replacement'],\n prBodyNotes: [\n \"⚠️ Renovate's replacement functionality [does not currently](https://github.com/renovatebot/renovate/issues/39400) wire in the release age for a package, so the Minimum Release Age checks can apply. You will need to manually validate the Minimum Release Age for these package(s).\",\n ],\n minimumReleaseAge: null,\n },\n ],\n },\n};\n"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "renovate",
3
3
  "description": "Automated dependency updates. Flexible so you don't need to be.",
4
- "version": "42.16.0",
4
+ "version": "42.16.1",
5
5
  "type": "commonjs",
6
6
  "bin": {
7
7
  "renovate": "dist/renovate.js",
@@ -283,7 +283,7 @@
283
283
  "jest-extended": "6.0.0",
284
284
  "lint-staged": "16.2.6",
285
285
  "markdownlint-cli2": "0.18.1",
286
- "memfs": "4.50.0",
286
+ "memfs": "4.51.0",
287
287
  "nock": "14.0.10",
288
288
  "npm-run-all2": "8.0.4",
289
289
  "nyc": "17.1.0",
package/renovate-schema.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
- "title": "JSON schema for Renovate 42.16.0 config files (https://renovatebot.com/)",
2
+ "title": "JSON schema for Renovate 42.16.1 config files (https://renovatebot.com/)",
3
3
  "$schema": "http://json-schema.org/draft-07/schema#",
4
- "x-renovate-version": "42.16.0",
4
+ "x-renovate-version": "42.16.1",
5
5
  "allowComments": true,
6
6
  "type": "object",
7
7
  "properties": {