Overview
This page describes package manager updates for WhiteSource Renovate and WhiteSource Remediate.
Version 21.9.1.1
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 27.31.10 to 29.18.0.
New feature highlights:
Platform automerge is no longer enabled by default.
Go: modules lookups will now no longer fallback to Renovate native lookups if GOPROXY is configured and without "direct" explicitly configured.
Manager/regex: allow arbitrary regex groups for templates.
Config:
hostRules
are no longer automatically derived from env variables such asNPM_X_TOKEN
.
NOTE: A full list of features can be found on Octoclairvoyant.
Package Managers
The following package manager default versions have been updated:
yarn@1.22.17
php@7.4.26
composer@2.1.12
golang@1.17.3
pipenv@2021.11.15
rust@1.56.1
pnp@6.22.2
dotnet@3.1.415
helm@3.7.1
Version 21.9.1.1
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 27.14.2 to 27.31.10.
New feature highlights:
Added option to write discovered repositories to a json.
Composer: added support for authentication for http-basic and bearer types.
Go modules: added support for in gitlab subgroups.
Docker: added support for authenticating at ECR with session tokens.
GitHub Actions: added support for composite actions.
Helm: added support for inline image definitions.
NOTE: A full list of features can be found on Octoclairvoyant.
Package Managers
The following package manager default versions have been updated:
node@14.18.1
yarn@1.22.15
gradle@6.9.1
elixir@1.12.3
php@7.4.24
composer@2.1.9
golang@1.17.2
python@3.9.7
poetry@1.1.11
rust@1.55.0
cocoapods@1.11.2
pnpm@6.16.1
dotnet@3.1.414
helm@3.7.0
Version 21.8.2
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 25.76.2 to 27.14.2.
Important or breaking changes:
git-submodules: Git Submodules cloning now needs to be explicitly enabled
yarn: It is no longer supported to configure a "yarnrc" override in Renovate config
gradle: Gradle extraction now defaults to JS-based parsing (previously "gradle-lite")
pre-commit manager is no longer enabled by default and must be opted into manually
Dependency Dashboard is now enabled by default in the config:base preset
Git: Blobless git cloning is now used, instead of shallow clone
Significant features:
go: GOPROXY support
rubygems: support GitHub Packages
docker: use HEAD requests as optimization
git: gitAuthor is repo-configurable
gradle: Add support for Gradle's TOML version Catalogs
helmv3: support helm chart dependencies in OCI images
Package Managers
Third-party package managers are unchanged.
Version 21.8.1
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 25.48.0 to 25.76.2. These changes mostly do not affect Remediate users, which use Remediate-only mode and have not enabled Renovate.
New feature highlights:
Added dependency dashboard label configuration
Added support for Terraform community providers during lock file generation.
The regex versioning now supports an optional
build
match group, which is handled as 4th version part.Added an implementation of
getDigest()
for thegithub-releases
datasource.Supporting tag dependencies extraction for the GitLab and vanilla git
NOTE: A full list of features can be found on Octoclairvoyant
Package Managers
The following package manager default versions have been updated:
cocoapods@1.10.2
composer@2.1.6
dotnet@3.1.412
elixir@1.12.2
git@2.33.0
golang@1.17.0
helm@3.6.3
java@11.0.12
node@14.17.5
openjdk@16.0.2
php@7.4.22
pnpm@6.12.1
poetry@1.1.8
python@3.9.6
ruby@3.0.2
rust@1.54.0
yarn@1.22.11
Version 21.6.2
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 24.119.14 to 25.48.0. These changes mostly do not affect Remediate users, which use Remediate-only mode and have not enabled Renovate.
Important changes:
Remediate will no longer read
~/.npmrc
from disk. npm credentials can be configured in multiple other ways described in https://docs.renovatebot.com/private-npm-modules/ including environment variables or a configuration file.Major updates for Docker dependencies will now be enabled by default.
Grouping of Node.js packages into a single PR is no longer hardcoded. If you are not already using the
config:base
preset then you can addgroup:Nodejs
to yourextends
instead.Patch updates are not considered updateType=minor by default, so any rules you have for
minor
need to havepatch
added to them in order to take effect. It is no necessary to configureseparateMinorPatch
in order to applypatch
rules.trustLevel
is no longer supported and instead broken intoallowCustomCrateRegistries
,allowScripts
, andexposeAllEnv
.
NOTE: A full list of changes can be found on Octoclairvoyant
Package Managers
The following package manager default versions have been updated:
git@2.32.2
node@14.17.1
elixir@1.12.1
php@7.4.20
composer@2.1.3
golang@1.16.5
python@3.9.5
pipenv@2021.5.29
rust@1.53.0
pnpm@6.8.0
dotnet@3.1.410
lerna@4.0.0
helm@3.6.1