Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: improve wording in exposeAllEnv section #9395

Merged
merged 1 commit into from Apr 4, 2021
Merged

docs: improve wording in exposeAllEnv section #9395

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 4 additions & 3 deletions docs/usage/self-hosted-configuration.md
View file
Open in desktop
Expand Up @@ -184,10 +184,11 @@ e.g.

## exposeAllEnv

By default, Renovate will only pass a limited set of environment variables to package managers.
Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against.
By default, Renovate only passes a limited set of environment variables to package managers.
Confidential data can be leaked if a malicious script enumerates all environment variables.
Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against.

Setting this to true will also allow for variable substitution in `.npmrc` files.
Setting this to `true` will also allow for variable substitution in `.npmrc` files.

## force

Expand Down