Skip to content

chore(deps): update renovate group to v42 (major) #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update renovate group to v42 (major) #97

wants to merge 1 commit into from

Conversation

@msclock-bot
Copy link
Contributor

@msclock-bot msclock-bot bot commented Jul 2, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
ghcr.io/renovatebot/renovate (source) container major 40.45.2 -> 42.0.1
renovatebot/pre-commit-hooks repository major 40.45.1 -> 42.0.1

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.

Release Notes

renovatebot/renovate (ghcr.io/renovatebot/renovate)

v42.0.1

Compare Source

Documentation
Miscellaneous Chores
Build System
  • deps: update dependency google-auth-library to v10.5.0 (main) (#​39146) (748a623)

v42.0.0

Compare Source

Breaking changes for 42

Using minimumReleaseAge will now require a release timestamp #​38843

When specifying minimumReleaseAge, Renovate will look for a release timestamp to determine the age of the release, and whether it matched the minimumReleaseAge configuration.

Before Renovate 42, if a release timestamp was not present, Renovate would treat the dependency update as if the release timestamp was present and the dependency had passed that lifetime.

This means that users with artifact proxies, or in cases that the release timestamp wasn't consistently present could lead to dependencies "slipping through", and being updated before Renovate's policy enforced it to.

As of Renovate 42, the configuration minimumReleaseAgeBehaviour (added in 41.150.0) requires the release timestamp to be present.

If the release timestamp isn't present, Renovate will mark it as "awaiting schedule", and will output a debug log message to explain why.

You can revert to the existing behaviour by setting minimumReleaseAgeBehaviour=timestamp-optional.

Note that not all datasources support this functionality, nor do custom registries (such as Artifactory, etc).
For more details on how to verify support for your repository, check out the Minimum Release Age documentation

minimumReleaseAge: 3 days will now be set by default for npm in config:best-practices #​37967

For users of config:best-practices, the Minimum Release Age functionality will now apply by default for the npm ecosystem.

This will introduce a delay of 3 days between package publishing and Renovate suggesting an update for the release, so:

  • there is time for malware researchers and scanners to (possibly) detect any malicious behaviour in new releases, before your CI infrastructure or developers receive a malicious version upgrade
  • you are not at risk of the package being unpublished in the 3 day window that the npm registry allows

This will be enforced by default for packages using the npm datasource via the security:minimumReleaseAgeNpm preset.

[!NOTE]
This may require additional configuration if using a custom registry, or you have packages that you wish to not have minimum release age checks.

For more details on this functionality, check out the Minimum Release Age documentation.

Renovate now defaults to using Node.JS 24 #​38939

With Node 24 now in Long Term Support (LTS) release status, we have moved to target Node.JS 24 (^24.11.0) as our default engine for Node, and retain support for Node 22.

The pre-built Docker containers have been updated to use Node 24.

If you self-host without using our Docker image, you should be able to continue running Renovate with Node 22, for instance if you build your own image, or run the renovate npm package.

Redis clusters now authenticate to all nodes in the cluster with the provided credentials

When running Renovate against a Redis cluster with authentication, it was possible that a NOAUTH Authentication required error may appear:

DEBUG: Redis cache init
DEBUG: Redis cache connected
...
 WARN: Error while setting Redis cache value (repository=jcl-test/example)
       "err": {"message": "NOAUTH Authentication required."}

Renovate will now use the same authentication for all nodes in a cluster.

Support Yarn Catalogs #​38215

We now support the official Yarn Catalog functionality.

As part of this, we have removed support for the yarn-plugin-catalogs community plugin.

If you are using the yarn-plugin-catalogs community plugin, you will need to migrate your catalogs to the official Yarn Catalog functionality before Renovate 42 will update your dependencies.

Remove versioning modules needing to implement rangeStrategy=pin #​36261

This is an internal refactor to make it easier for creating and maintaining versioning modules.

This should not be a non-breaking change, as the versioning modules will have defaults available.

However, we're releasing it as part of this major release, and highlighting it, in case it does lead to breaking changes.

PGP encryption is now performed using Bouncy Castle #​39032

GPG encryption is no longer performed using kbpgp Keybase's PGP for JavaScript), and has been replaced with a Bouncy Castle version.

Some users have found license compliance issues with the kbpgp package, so this will now resolve them.

Legacy RSA encryption has been removed #​39111

Deprecated since 37.315.0 (2024-04-21), the legacy RSA encryption is now no longer available.

Change to the default User Agent #​37535

The user-agent header for Renovate's outgoing HTTP calls has changed the default to Renovate/${version}.

Default tool version updates #​39100

For users of the upstream Renovate container images, the following tools have been updated to new major versions:

Tool Version
Erlang 28
Gradle 9
Java 25
Node 24
Python 3.14.0

Commentary for 42

Focus on minimumReleaseAge

You'll notice that there are a number of big features here - and in recent minor releases - that focus on Minimum Release Age.

With recent supply chain attacks, the Renovate team have been hard at work improving the support we've had in Renovate (since 2019!) for this functionality, and making it as predictable as possible, so we can then enable it by default for users of config:best-practices.

We're starting with the enabling of the npm datasource, but will look to extend this functionality in future major releases, based on community feedback, and ecosystem support.

Deprecations

As part of this release, we want to make you aware of deprecated features which will be removed as of Renovate 43:

42.0.0 (2025-11-06)

⚠ BREAKING CHANGES
  • deps: Update ghcr.io/renovatebot/base-image Docker tag to v12 (main) (#​39100)
  • deps: Needs NodeJS v24.11.0 instead of v24.10.0. NodeJS v22 is still supported.
  • npm: communit plugin yarn-catalogs-plugin is not supported anymore
  • drop legacy rsa encryption (#​39111)
  • remove rangeStrategy=pin from versioning modules (#​36261)
  • minimumReleaseAge: require a release timestamp by default (#​38843)
  • best-practices: provide default minimumReleaseAge for npm (#​37967)
  • redis: add default auth to redis clusters (#​37337)
  • remove the "Bot" from user-agent header (#​37535)
Features
Bug Fixes
Code Refactoring
Build System

v41.173.1

Compare Source

Build System

v41.173.0

Compare Source

Features
  • swift: add support for GitHub and GitLab specific datasources (#​38417) (a017e2a)
Miscellaneous Chores

v41.172.2

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.72.2 (main) (#​39125) (87179c8)

v41.172.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.72.1 (main) (#​39124) (afa851b)

v41.172.0

Compare Source

Features
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.72.0 (main) (#​39118) (8320378)
Bug Fixes
Documentation
  • minimumReleaseAge: clarify behaviour with prCreation and internalChecksFilter (#​39116) (e4cf116)
Miscellaneous Chores

v41.171.9

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.24.0 (main) (#​39112) (aec07f0)

v41.171.8

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.20 (main) (#​39104) (ca66274)
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.71.2 (main) (#​39105) (5d538a5)
Miscellaneous Chores
  • deps: update containerbase/internal-tools action to v3.14.15 (main) (#​39106) (ba54be4)
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.24.0 (main) (#​39107) (4791cc0)

v41.171.7

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.19 (main) (#​39103) (01fa029)
  • presets: branches shouldn't be created until minimumReleaseAge passes (#​39066) (03716cd)
Documentation
Miscellaneous Chores
  • deps: update containerbase/internal-tools action to v3.14.14 (main) (#​39102) (2fe8b45)

v41.171.4

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.71.1 (main) (#​39086) (7c9a0ea)
Miscellaneous Chores
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.23.19 (main) (#​39085) (36a1d11)

v41.171.3

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.18 (main) (#​39084) (a2d2cf3)
Miscellaneous Chores

v41.171.2

Compare Source

Build System

v41.171.1

Compare Source

Build System

v41.171.0

Compare Source

Features
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.71.0 (main) (#​39078) (cb4098e)
Miscellaneous Chores

v41.170.1

Compare Source

Bug Fixes
  • Reorder saveCache and pruneStaleBranches in repository finalization (#​39072) (14f6998)
Miscellaneous Chores

v41.170.0

Compare Source

Features
Miscellaneous Chores

v41.169.4

Compare Source

Bug Fixes
Documentation
Miscellaneous Chores

v41.169.3

Compare Source

Bug Fixes
Documentation
  • docker: clarify release timestamp support is Docker Hub only (#​38989) (b73ec24)
Miscellaneous Chores
Continuous Integration

v41.169.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.70.3 (main) (#​39024) (1987f1b)

v41.169.0

Compare Source

Features
Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.17 (main) (#​39022) (6856270)
Miscellaneous Chores
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.23.17 (main) (#​39021) (3cb61c4)

v41.168.6

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.70.2 (main) (#​39020) (870ce85)
Miscellaneous Chores
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.23.16 (main) (#​39013) (6f81413)
  • validate all handlebars helpers are documented (#​38932) (cf7997a)

v41.168.5

Compare Source

Bug Fixes
  • deps: update dependency mkdocs-material to v9.6.23 (main) (#​39011) (15dc1ad)

v41.168.4

Compare Source

Build System

v41.168.3

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.70.1 (main) (#​39006) (0a971f6)

v41.168.2

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.15 (main) (#​39005) (4f65f24)

v41.168.1

Compare Source

Tests
Build System

v41.168.0

Compare Source

Features
Miscellaneous Chores

v41.167.2

Compare Source

Bug Fixes
Tests

v41.167.1

Compare Source

Bug Fixes
  • gerrit: remove memCache to fix prNo coming as null when pr-created (#​38957) (fc3f7a8)
Miscellaneous Chores

v41.167.0

Compare Source

Features
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.70.0 (main) (#​38972) (cc86fce)

v41.166.0

Compare Source

Features
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.69.1 (main) (#​38971) (e565f93)

v41.165.7

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.14 (main) (#​38970) (98cdfa4)
Miscellaneous Chores
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.23.14 (main) (#​38969) (a1af689)

v41.165.6

Compare Source

Miscellaneous Chores
Build System
  • deps: update dependency google-auth-library to v10.4.2 (main) (#​38967) (ec07bb4)

v41.165.5

Compare Source

Documentation
  • rangeStrategy: document that rangeStrategy=update-lockfile works with uv (#​38912) (75c4435)
Miscellaneous Chores
Build System

v41.165.4

Compare Source

Miscellaneous Chores
Build System

v41.165.3

Compare Source

Bug Fixes
  • tools: correct migration validation logic in check-fenced-code.ts (#​38936) (9ef9ee5)
Documentation
Miscellaneous Chores

v41.165.2

Compare Source

Bug Fixes
  • workers/branch: skip branch update if pendingChecks=true (#​38720) (cdd0ab4)

v41.165.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.68.2 (main) (#​38926) (7dd48a6)

v41.164.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.68.1 (main) (#​38920) (60dfbbb)
Miscellaneous Chores

v41.164.0

Compare Source

Features
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.68.0 (main) (#​38916) (a69bb1d)
Build System

v41.163.7

Compare Source

Miscellaneous Chores
Build System

v41.163.6

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.67.10 (main) (#​38910) (5873418)
Build System

v41.163.5

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.13 (main) (#​38909) (6901a93)
Miscellaneous Chores
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.23.13 (main) (#​38908) (24eff2f)

v41.163.4

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.12 (main) (#​38904) (27d1f13)
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.67.9 (main) (#​38905) (c0eee61)

v41.163.2

Compare Source

Documentation
Miscellaneous Chores
Build System

v41.163.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.67.8 (main) (#​38888) (34d73a8)

v41.163.0

Compare Source

Features
Miscellaneous Chores

v41.162.2

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v10.67.7 (main) (#​38878) (a83fb74)

v41.162.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/containerbase/sidecar docker tag to v13.23.11 (main) (#​38876) (0b78d68)
Miscellaneous Chores
  • deps: update ghcr.io/containerbase/devcontainer docker tag to v13.23.11 (main) (#​38875) (b6347c5)

v41.161.0

Compare Source

Features

v41.160.1

Compare Source

Bug Fixes

v41.160.0

Compare Source

Features

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@msclock-bot msclock-bot bot added the renovate label Jul 2, 2025
@codecov
Copy link

codecov bot commented Jul 2, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (6115724) to head (dc066d5).

Additional details and impacted files 
@@            Coverage Diff            @@
##            master       #97   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines           99        99           
=========================================
  Hits            99        99

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch 7 times, most recently from cf71bfb to d85de39 Compare July 7, 2025 00:54
@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch 6 times, most recently from efc082e to ea5090d Compare August 7, 2025 00:55
@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch 8 times, most recently from 01a4e42 to 128dee3 Compare September 6, 2025 00:43
@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch 4 times, most recently from acd2636 to 5c448d5 Compare October 7, 2025 00:44
@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch 3 times, most recently from a9420ee to bcf372a Compare November 2, 2025 00:52
@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch 6 times, most recently from 5ebb3cb to 0946b99 Compare November 6, 2025 00:47
@msclock-bot msclock-bot bot force-pushed the renovate-github/major-renovate-group branch from 0946b99 to dc066d5 Compare November 7, 2025 00:47
@msclock-bot msclock-bot bot changed the title chore(deps): update renovate group to v41 (major) chore(deps): update renovate group to v42 (major) Nov 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant