Overview
This page describes package manager updates for WhiteSource Renovate and WhiteSource Remediate.
Version 22.3.2
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 31.28.2 to 32.10.2.
New feature highlights:
gradle: Option
deepExtract
is now removed and will be ignoredSupport for cron syntax for schedules
pip_requirements: added support for packages from a git repository
node: added support for Node.js codenames
ubuntu: added support for Ubuntu codenames
config: read config from branches in baseBranches
npm: support for custom registryUrls
NOTE: A full list of features can be found on Octoclairvoyant.
Package Managers
The following package manager default versions have been updated:
poetry@1.1.13
gradle@6.9.2
composer@2.3.1
elixir@1.13.3
git@2.35.1
golang@1.18.0
dotnet@3.1.417
cocoapods@1.11.3
yarn@1.22.18
php@7.4.28
hashin@0.17.0
helm@3.8.1
npm@8.5.5
pnpm@6.32.3
ruby@3.1.1
rust@1.59.0
pipenv@2022
node@16.14.2
Version 22.2.2
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 29.18.0 to 31.28.2.
New feature highlights:
Support for Confidential issues in GitLab.
Terraform modules using bitbucket source URLs can be parsed as the
bitbucket-tags
datasource. This will enable theStabilityDays
functionality.Support for updates for buildkite plugins hosted on Github.
Support for plugin entries in the Gradle catalog using the short string-form syntax.
Ssupport for the composer platform package for constraint extraction.
Added sentry-dotnet monorepo.
Added ZXing.Net monorepo.
Support
getDigest
for GitLab repositories.Added 'and', 'or' and 'containsString' to handlebar helpers
Added autodiscovery support for Github App
NOTE: A full list of features can be found on Octoclairvoyant.
Package Managers
The following package manager default versions have been updated:
node@16.13.1
npm@8.3.0
dotnet@3.1.416
Version 21.11.1
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 27.31.10 to 29.18.0.
New feature highlights:
Platform automerge is no longer enabled by default.
Go: modules lookups will now no longer fallback to Renovate native lookups if GOPROXY is configured and without "direct" explicitly configured.
Manager/regex: allow arbitrary regex groups for templates.
Config:
hostRules
are no longer automatically derived from env variables such asNPM_X_TOKEN
.
NOTE: A full list of features can be found on Octoclairvoyant.
Package Managers
The following package manager default versions have been updated:
yarn@1.22.17
php@7.4.26
composer@2.1.12
golang@1.17.3
pipenv@2021.11.15
rust@1.56.1
pnp@6.22.2
dotnet@3.1.415
helm@3.7.1
Version 21.9.1.1
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 27.14.2 to 27.31.10.
New feature highlights:
Added option to write discovered repositories to a json.
Composer: added support for authentication for http-basic and bearer types.
Go modules: added support for in gitlab subgroups.
Docker: added support for authenticating at ECR with session tokens.
GitHub Actions: added support for composite actions.
Helm: added support for inline image definitions.
NOTE: A full list of features can be found on Octoclairvoyant.
Package Managers
The following package manager default versions have been updated:
node@14.18.1
yarn@1.22.15
gradle@6.9.1
elixir@1.12.3
php@7.4.24
composer@2.1.9
golang@1.17.2
python@3.9.7
poetry@1.1.11
rust@1.55.0
cocoapods@1.11.2
pnpm@6.16.1
dotnet@3.1.414
helm@3.7.0
Version 21.8.2
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 25.76.2 to 27.14.2.
Important or breaking changes:
git-submodules: Git Submodules cloning now needs to be explicitly enabled
yarn: It is no longer supported to configure a "yarnrc" override in Renovate config
gradle: Gradle extraction now defaults to JS-based parsing (previously "gradle-lite")
pre-commit manager is no longer enabled by default and must be opted into manually
Dependency Dashboard is now enabled by default in the config:base preset
Git: Blobless git cloning is now used, instead of shallow clone
Significant features:
go: GOPROXY support
rubygems: support GitHub Packages
docker: use HEAD requests as optimization
git: gitAuthor is repo-configurable
gradle: Add support for Gradle's TOML version Catalogs
helmv3: support helm chart dependencies in OCI images
Package Managers
Third-party package managers are unchanged.
Version 21.8.1
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 25.48.0 to 25.76.2. These changes mostly do not affect Remediate users, which use Remediate-only mode and have not enabled Renovate.
New feature highlights:
Added dependency dashboard label configuration
Added support for Terraform community providers during lock file generation.
The regex versioning now supports an optional
build
match group, which is handled as 4th version part.Added an implementation of
getDigest()
for thegithub-releases
datasource.Supporting tag dependencies extraction for the GitLab and vanilla git
NOTE: A full list of features can be found on Octoclairvoyant
Package Managers
The following package manager default versions have been updated:
cocoapods@1.10.2
composer@2.1.6
dotnet@3.1.412
elixir@1.12.2
git@2.33.0
golang@1.17.0
helm@3.6.3
java@11.0.12
node@14.17.5
openjdk@16.0.2
php@7.4.22
pnpm@6.12.1
poetry@1.1.8
python@3.9.6
ruby@3.0.2
rust@1.54.0
yarn@1.22.11
Version 21.6.2
WhiteSource Renovate
The WhiteSource Renovate OSS was updated from 24.119.14 to 25.48.0. These changes mostly do not affect Remediate users, which use Remediate-only mode and have not enabled Renovate.
Important changes:
Remediate will no longer read
~/.npmrc
from disk. npm credentials can be configured in multiple other ways described in https://docs.renovatebot.com/private-npm-modules/ including environment variables or a configuration file.Major updates for Docker dependencies will now be enabled by default.
Grouping of Node.js packages into a single PR is no longer hardcoded. If you are not already using the
config:base
preset then you can addgroup:Nodejs
to yourextends
instead.Patch updates are not considered updateType=minor by default, so any rules you have for
minor
need to havepatch
added to them in order to take effect. It is no necessary to configureseparateMinorPatch
in order to applypatch
rules.trustLevel
is no longer supported and instead broken intoallowCustomCrateRegistries
,allowScripts
, andexposeAllEnv
.
NOTE: A full list of changes can be found on Octoclairvoyant
Package Managers
The following package manager default versions have been updated:
git@2.32.2
node@14.17.1
elixir@1.12.1
php@7.4.20
composer@2.1.3
golang@1.16.5
python@3.9.5
pipenv@2021.5.29
rust@1.53.0
pnpm@6.8.0
dotnet@3.1.410
lerna@4.0.0
helm@3.6.1