Merge branch 'main' into acr_metadata-read

.devcontainer/Dockerfile

@@ -1,6 +1,6 @@
-FROM containerbase/node:14.19.1@sha256:c2281a0bc1b0e1f9515febee40ce838c8bcfe53cd96993448811f0bf463231c2
+FROM containerbase/node:14.19.1@sha256:5552fd998481adb13a7bd005e6b743cbc89b37c7de5e9c5a9bf1d82700663bf7
 
 USER root
 
 # renovate: datasource=npm
-RUN install-tool yarn 1.22.17
+RUN install-tool yarn 1.22.18

.github/contributing.md

@@ -1,9 +1,12 @@
 # Contributing
 
-## Security
+## Security / Disclosure
 
-If you think you've found a **security issue**, please do not mention it in this repository.
-Instead, email renovate-disclosure@whitesourcesoftware.com with as much details as possible so that it can be handled confidentially.
+If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com).
+This way we can evaluate the bug and hopefully fix it before it gets abused.
+Please give us enough time to investigate the bug before you report it anywhere else.
+
+Please do not create GitHub issues for security-related doubts or problems.
 
 ## Support
 

SECURITY.md

@@ -1,4 +1,7 @@
-# Security Policy
+# Security / Disclosure
 
-Please send an email to [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com) describing what you have found.
-Please do not raise an issue in this repository or publicize your concern in any other forum without giving us adequate time to investigate first.
+If you find any bug with Renovate that may be a security problem, then e-mail us at: [renovate-disclosure@whitesourcesoftware.com](mailto:renovate-disclosure@whitesourcesoftware.com).
+This way we can evaluate the bug and hopefully fix it before it gets abused.
+Please give us enough time to investigate the bug before you report it anywhere else.
+
+Please do not create GitHub issues for security-related doubts or problems.

data/node-js-schedule.json

@@ -101,5 +101,17 @@
     "maintenance": "2023-10-18",
     "end": "2025-04-30",
     "codename": ""
+  },
+  "v19": {
+    "start": "2022-10-18",
+    "maintenance": "2023-04-01",
+    "end": "2023-06-01"
+  },
+  "v20": {
+    "start": "2023-04-18",
+    "lts": "2023-10-24",
+    "maintenance": "2024-10-22",
+    "end": "2026-04-30",
+    "codename": ""
   }
 }

data/ubuntu-distro-info.json

@@ -0,0 +1,38 @@
+{
+  "4.10": "warty",
+  "5.04": "hoary",
+  "5.10": "breezy",
+  "6.06": "dapper",
+  "6.10": "edgy",
+  "7.04": "feisty",
+  "7.10": "gutsy",
+  "8.04": "hardy",
+  "8.10": "intrepid",
+  "9.04": "jaunty",
+  "9.10": "karmic",
+  "10.04": "lucid",
+  "10.10": "maverick",
+  "11.04": "natty",
+  "11.10": "oneiric",
+  "12.04": "precise",
+  "12.10": "quantal",
+  "13.04": "raring",
+  "13.10": "saucy",
+  "14.04": "trusty",
+  "14.10": "utopic",
+  "15.04": "vivid",
+  "15.10": "wily",
+  "16.04": "xenial",
+  "16.10": "yakkety",
+  "17.04": "zesty",
+  "17.10": "artful",
+  "18.04": "bionic",
+  "18.10": "cosmic",
+  "19.04": "disco",
+  "19.10": "eoan",
+  "20.04": "focal",
+  "20.10": "groovy",
+  "21.04": "hirsute",
+  "21.10": "impish",
+  "22.04": "jammy"
+}

docs/development/style-guide.md

@@ -0,0 +1,15 @@
+# Renovate style guide
+
+This document describes the correct style for user-facing text in the:
+
+- Documentation
+- Error and debug messages
+- Texts created by the bot in issues and pull requests
+
+## Use American English
+
+Set your spell checker to the correct language.
+
+## Use plain language
+
+Follow the [Plain language guidelines](https://www.plainlanguage.gov/guidelines/).

docs/usage/configuration-options.md

@@ -1756,6 +1756,21 @@ Here's an example of where you use this to group together all packages from the
 }
 ```
 
+### matchSourceUrls
+
+Here's an example of where you use this to match exact package urls:
+
+```json
+{
+  "packageRules": [
+    {
+      "matchSourceUrls": ["https://github.com/facebook/react"],
+      "groupName": "React"
+    }
+  ]
+}
+```
+
 ### matchUpdateTypes
 
 Use this field to match rules against types of updates.
@@ -1837,11 +1852,11 @@ For example, GitHub might automerge a Renovate branch even if it's behind the ba
 
 ## platformCommit
 
-Supports only GitHub App mode and not when using Personal Access Tokens.
-
-To avoid errors, `gitAuthor` or `gitIgnoredAuthors` should be manually adjusted accordingly.
+Only use this option if you run Renovate as a [GitHub App](https://docs.github.com/en/developers/apps/getting-started-with-apps/about-apps).
+It does not apply when you use a Personal Access Token as credential.
 
-The primary reason to use this option is because commits will then be signed automatically if authenticating as an app.
+When `platformCommit` is enabled, Renovate will create commits with GitHub's API instead of using `git` directly.
+This way Renovate can use GitHub's [Commit signing support for bots and other GitHub Apps](https://github.blog/2019-08-15-commit-signing-support-for-bots-and-other-github-apps/) feature.
 
 ## postUpdateOptions
 

docs/usage/docker.md

@@ -117,6 +117,27 @@ If you wish to enable major versions then add the preset `docker:enableMajor` to
 Renovate has some Docker-specific intelligence when it comes to versions.
 For example:
 
+### Ubuntu codenames
+
+Renovate understands [Ubuntu release code names](https://wiki.ubuntu.com/Releases) and will offer upgrades to the latest LTS release (e.g. from `ubuntu:xenial` to `ubuntu:focal`).
+
+For this to work you must follow this naming scheme:
+
+- The first term of the full codename is used (e.g. `bionic` for `Bionic Beaver` release)
+- The codename is in lowercase
+
+For example, Renovate will offer to upgrade the following `Dockerfile` layer:
+
+```dockerfile
+FROM ubuntu:yakkety
+```
+
+To
+
+```dockerfile
+FROM ubuntu:focal
+```
+
 ## Configuring/Disabling
 
 If you wish to make changes that apply to all Docker managers, then add them to the `docker` config object.
@@ -229,7 +250,7 @@ To get access to the token a custom Renovate Docker image is needed that include
 The Dockerfile to create such an image can look like this:
 
 ```Dockerfile
-FROM renovate/renovate:32.6.7
+FROM renovate/renovate:32.7.5
 # Include the "Docker tip" which you can find here https://cloud.google.com/sdk/docs/install
 # under "Installation" for "Debian/Ubuntu"
 RUN ...

docs/usage/gitlab-bot-security.md

@@ -80,8 +80,8 @@ Bot services are better if they are provisioned with a "bot identity" so that us
 Until the hosted app can be reactivated, we recommend users migrate to use self-hosted pipelines to run Renovate.
 Please see the [renovate-bot/renovate-runner README on GitLab](https://gitlab.com/renovate-bot/renovate-runner/-/blob/HEAD/README.md) for instructions on how to set this up as easily as possible.
 
-The Renovate team is working to find a feasible design for the app so that we can reactive it securely in future.
-We welcome any ideas you may have.
+We're trying to find a workable design for the GitLab app, so we can enable it safely again.
+If you have any ideas, open a [discussion](https://github.com/renovatebot/renovate/discussions) and let us know!
 
 ## Acknowledgments
 

docs/usage/self-hosted-configuration.md

@@ -292,6 +292,17 @@ Like this:
 
 ## dryRun
 
+Use `dryRun` to preview the behavior of Renovate in logs, without making any changes to the repository files.
+
+You can choose from the following behaviors for the `dryRun` config option:
+
+- `null`: Default behavior - Performs a regular Renovate run including creating/updating/deleting branches and PRs
+- `"extract"`: Performs a very quick package file scan to identify the extracted dependencies
+- `"lookup"`: Performs a package file scan to identify the extracted dependencies and updates available
+- `"full"`: Performs a dry run by logging messages instead of creating/updating/deleting branches and PRs
+
+Information provided mainly in debug log level.
+
 ## endpoint
 
 ## executionTimeout
@@ -564,6 +575,17 @@ Example url: `redis://localhost`.
 
 ## repositories
 
+Elements in the `repositories` array can be an object if you wish to define additional settings:
+
+```js
+{
+  repositories: [
+    { repository: 'g/r1', bumpVersion: true },
+    'g/r2'
+  ],
+}
+```
+
 ## repositoryCache
 
 Set this to `"enabled"` to have Renovate maintain a JSON file cache per-repository to speed up extractions.

lib/config/migration.ts

@@ -122,11 +122,6 @@ export function migrateConfig(
           regEx(/{{depNameShort}}/g),
           '{{depName}}'
         );
-      } else if (key === 'ignoreNpmrcFile') {
-        delete migratedConfig.ignoreNpmrcFile;
-        if (!is.string(migratedConfig.npmrc)) {
-          migratedConfig.npmrc = '';
-        }
       } else if (
         key === 'branchPrefix' &&
         is.string(val) &&

lib/config/migrations/custom/ignore-npmrc-file-migration.spec.ts

@@ -0,0 +1,38 @@
+import { IgnoreNpmrcFileMigration } from './ignore-npmrc-file-migration';
+
+describe('config/migrations/custom/ignore-npmrc-file-migration', () => {
+  it('should init npmrc field', () => {
+    expect(IgnoreNpmrcFileMigration).toMigrate(
+      {
+        ignoreNpmrcFile: true,
+      },
+      {
+        npmrc: '',
+      }
+    );
+  });
+
+  it('should not change npmrc field if it represents string value', () => {
+    expect(IgnoreNpmrcFileMigration).toMigrate(
+      {
+        ignoreNpmrcFile: true,
+        npmrc: '',
+      },
+      {
+        npmrc: '',
+      }
+    );
+  });
+
+  it('should change npmrc field if it not represents string value', () => {
+    expect(IgnoreNpmrcFileMigration).toMigrate(
+      {
+        ignoreNpmrcFile: true,
+        npmrc: true,
+      } as any,
+      {
+        npmrc: '',
+      }
+    );
+  });
+});

lib/config/migrations/custom/ignore-npmrc-file-migration.ts

@@ -0,0 +1,15 @@
+import is from '@sindresorhus/is';
+import { AbstractMigration } from '../base/abstract-migration';
+
+export class IgnoreNpmrcFileMigration extends AbstractMigration {
+  override readonly deprecated = true;
+  override readonly propertyName = 'ignoreNpmrcFile';
+
+  override run(): void {
+    const npmrc = this.get('npmrc');
+
+    if (!is.string(npmrc)) {
+      this.setHard('npmrc', '');
+    }
+  }
+}

lib/config/migrations/migrations-service.ts

@@ -16,6 +16,7 @@ import { EnabledManagersMigration } from './custom/enabled-managers-migration';
 import { GoModTidyMigration } from './custom/go-mod-tidy-migration';
 import { HostRulesMigration } from './custom/host-rules-migration';
 import { IgnoreNodeModulesMigration } from './custom/ignore-node-modules-migration';
+import { IgnoreNpmrcFileMigration } from './custom/ignore-npmrc-file-migration';
 import { PackageNameMigration } from './custom/package-name-migration';
 import { PackagePatternMigration } from './custom/package-pattern-migration';
 import { PackagesMigration } from './custom/packages-migration';
@@ -78,6 +79,7 @@ export class MigrationsService {
     GoModTidyMigration,
     HostRulesMigration,
     IgnoreNodeModulesMigration,
+    IgnoreNpmrcFileMigration,
     PackageNameMigration,
     PackagePatternMigration,
     PackagesMigration,

lib/config/options/index.ts

@@ -152,8 +152,7 @@ const options: RenovateOptions[] = [
   },
   {
     name: 'extends',
-    description:
-      'Configuration presets to use/extend. Note: does not work if configured in config.js.',
+    description: 'Configuration presets to use/extend.',
     stage: 'package',
     type: 'array',
     subType: 'string',
@@ -246,9 +245,10 @@ const options: RenovateOptions[] = [
     name: 'dryRun',
     description:
       'If enabled, perform a dry run by logging messages instead of creating/updating/deleting branches and PRs.',
-    type: 'boolean',
+    type: 'string',
     globalOnly: true,
-    default: false,
+    allowedValues: ['extract', 'lookup', 'full'],
+    default: null,
   },
   {
     name: 'printConfig',
@@ -1023,6 +1023,18 @@ const options: RenovateOptions[] = [
     cli: false,
     env: false,
   },
+  {
+    name: 'matchSourceUrls',
+    description: 'A list of source URLs to exact match against.',
+    type: 'array',
+    subType: 'string',
+    allowString: true,
+    stage: 'package',
+    parent: 'packageRules',
+    mergeable: true,
+    cli: false,
+    env: false,
+  },
   {
     name: 'replacementName',
     description:

lib/config/presets/npm/index.ts

@@ -31,11 +31,11 @@ export async function getPreset({
       );
     }
     const body = (await http.getJson<NpmResponse>(packageUrl)).body;
-    dep = body.versions[body['dist-tags'].latest];
+    dep = body.versions[body['dist-tags']?.latest];
   } catch (err) {
     throw new Error(PRESET_DEP_NOT_FOUND);
   }
-  if (!dep['renovate-config']) {
+  if (!dep?.['renovate-config']) {
     throw new Error(PRESET_RENOVATE_CONFIG_NOT_FOUND);
   }
   const presetConfig = dep['renovate-config'][presetName];

lib/config/types.ts

@@ -11,6 +11,7 @@ export type RenovateConfigStage =
   | 'pr';
 
 export type RepositoryCacheConfig = 'disabled' | 'enabled' | 'reset';
+export type DryRunConfig = 'extract' | 'lookup' | 'full';
 
 export interface GroupConfig extends Record<string, unknown> {
   branchName?: string;
@@ -104,7 +105,7 @@ export interface RepoGlobalConfig {
   dockerChildPrefix?: string;
   dockerImagePrefix?: string;
   dockerUser?: string;
-  dryRun?: boolean;
+  dryRun?: DryRunConfig;
   executionTimeout?: number;
   exposeAllEnv?: boolean;
   migratePresets?: Record<string, string>;
@@ -274,6 +275,7 @@ export interface PackageRule
   excludePackagePrefixes?: string[];
   matchCurrentVersion?: string | Range;
   matchSourceUrlPrefixes?: string[];
+  matchSourceUrls?: string[];
   matchUpdateTypes?: UpdateType[];
 }