wvffle/renovate-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

chore(deps): update ghcr.io/renovatebot/renovate docker tag to v42 #7

Open
renovate-bot wants to merge 1 commit from renovate/ghcr.io-renovatebot-renovate-42.x into master
pull from: renovate/ghcr.io-renovatebot-renovate-42.x
merge into: wvffle:master
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate-bot commented 2025-11-06 11:21:41 +00:00
Collaborator
Copy link

This PR contains the following updates:

Package Type Update Change
ghcr.io/renovatebot/renovate (source) container major 41.173.1 -> 42.2.0

Release Notes

renovatebot/renovate (ghcr.io/renovatebot/renovate)

v42.2.0

Compare Source

Features
  • manager/npm: use volta node pin as node version constraint (#​38816) (3b81143)
Miscellaneous Chores
Build System

v42.1.3

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v12.1.4 (main) (#​39174) (1216402)
Build System

v42.1.2

Compare Source

Bug Fixes

v42.1.1

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v12.1.3 (main) (#​39172) (0ffd324)

v42.1.0

Compare Source

Features
Code Refactoring
  • deb: Split DebDatasource in smaller pieces and prepare for mutli-compression feature (#​38254) (5d36cf1)
  • presets: add type for presets with global-only configuration (#​39166) (8348930)
Build System
Continuous Integration

v42.0.3

Compare Source

Bug Fixes
  • deps: update ghcr.io/renovatebot/base-image docker tag to v12.1.2 (main) (#​39164) (534a686)
Documentation

v42.0.2

Compare Source

Bug Fixes
Miscellaneous Chores

v42.0.1

Compare Source

Documentation
Miscellaneous Chores
Build System
  • deps: update dependency google-auth-library to v10.5.0 (main) (#​39146) (748a623)

v42.0.0

Compare Source

Breaking changes for 42

Using minimumReleaseAge will now require a release timestamp #​38843

When specifying minimumReleaseAge, Renovate will look for a release timestamp to determine the age of the release, and whether it matched the minimumReleaseAge configuration.

Before Renovate 42, if a release timestamp was not present, Renovate would treat the dependency update as if the release timestamp was present and the dependency had passed that lifetime.

This means that users with artifact proxies, or in cases that the release timestamp wasn't consistently present could lead to dependencies "slipping through", and being updated before Renovate's policy enforced it to.

As of Renovate 42, the configuration minimumReleaseAgeBehaviour (added in 41.150.0) requires the release timestamp to be present.

If the release timestamp isn't present, Renovate will mark it as "awaiting schedule", and will output a debug log message to explain why.

You can revert to the existing behaviour by setting minimumReleaseAgeBehaviour=timestamp-optional.

Note that not all datasources support this functionality, nor do custom registries (such as Artifactory, etc).
For more details on how to verify support for your repository, check out the Minimum Release Age documentation

minimumReleaseAge: 3 days will now be set by default for npm in config:best-practices #​37967

For users of config:best-practices, the Minimum Release Age functionality will now apply by default for the npm ecosystem.

This will introduce a delay of 3 days between package publishing and Renovate suggesting an update for the release, so:

  • there is time for malware researchers and scanners to (possibly) detect any malicious behaviour in new releases, before your CI infrastructure or developers receive a malicious version upgrade
  • you are not at risk of the package being unpublished in the 3 day window that the npm registry allows

This will be enforced by default for packages using the npm datasource via the security:minimumReleaseAgeNpm preset.

[!NOTE]
This may require additional configuration if using a custom registry, or you have packages that you wish to not have minimum release age checks.

For more details on this functionality, check out the Minimum Release Age documentation.

Renovate now defaults to using Node.JS 24 #​38939

With Node 24 now in Long Term Support (LTS) release status, we have moved to target Node.JS 24 (^24.11.0) as our default engine for Node, and retain support for Node 22.

The pre-built Docker containers have been updated to use Node 24.

If you self-host without using our Docker image, you should be able to continue running Renovate with Node 22, for instance if you build your own image, or run the renovate npm package.

Redis clusters now authenticate to all nodes in the cluster with the provided credentials

When running Renovate against a Redis cluster with authentication, it was possible that a NOAUTH Authentication required error may appear:

DEBUG: Redis cache init
DEBUG: Redis cache connected
...
 WARN: Error while setting Redis cache value (repository=jcl-test/example)
       "err": {"message": "NOAUTH Authentication required."}

Renovate will now use the same authentication for all nodes in a cluster.

Support Yarn Catalogs #​38215

We now support the official Yarn Catalog functionality.

As part of this, we have removed support for the yarn-plugin-catalogs community plugin.

If you are using the yarn-plugin-catalogs community plugin, you will need to migrate your catalogs to the official Yarn Catalog functionality before Renovate 42 will update your dependencies.

Remove versioning modules needing to implement rangeStrategy=pin #​36261

This is an internal refactor to make it easier for creating and maintaining versioning modules.

This should not be a non-breaking change, as the versioning modules will have defaults available.

However, we're releasing it as part of this major release, and highlighting it, in case it does lead to breaking changes.

PGP encryption is now performed using Bouncy Castle #​39032

GPG encryption is no longer performed using kbpgp Keybase's PGP for JavaScript), and has been replaced with a Bouncy Castle version.

Some users have found license compliance issues with the kbpgp package, so this will now resolve them.

Legacy RSA encryption has been removed #​39111

Deprecated since 37.315.0 (2024-04-21), the legacy RSA encryption is now no longer available.

Change to the default User Agent #​37535

The user-agent header for Renovate's outgoing HTTP calls has changed the default to Renovate/${version}.

Default tool version updates #​39100

For users of the upstream Renovate container images, the following tools have been updated to new major versions:

Tool Version
Erlang 28
Gradle 9
Java 25
Node 24
Python 3.14.0

Commentary for 42

Focus on minimumReleaseAge

You'll notice that there are a number of big features here - and in recent minor releases - that focus on Minimum Release Age.

With recent supply chain attacks, the Renovate team have been hard at work improving the support we've had in Renovate (since 2019!) for this functionality, and making it as predictable as possible, so we can then enable it by default for users of config:best-practices.

You can read more about this focus in a blog post we've written on the Mend blog.

We're starting with the enabling of the npm datasource, but will look to extend this functionality in future major releases, based on community feedback, and ecosystem support.

Deprecations

As part of this release, we want to make you aware of deprecated features which will be removed as of Renovate 43:

42.0.0 (2025-11-06)

⚠ BREAKING CHANGES
  • deps: Update ghcr.io/renovatebot/base-image Docker tag to v12 (main) (#​39100)
  • deps: Needs NodeJS v24.11.0 instead of v24.10.0. NodeJS v22 is still supported.
  • npm: communit plugin yarn-catalogs-plugin is not supported anymore
  • drop legacy rsa encryption (#​39111)
  • remove rangeStrategy=pin from versioning modules (#​36261)
  • minimumReleaseAge: require a release timestamp by default (#​38843)
  • best-practices: provide default minimumReleaseAge for npm (#​37967)
  • redis: add default auth to redis clusters (#​37337)
  • remove the "Bot" from user-agent header (#​37535)
Features
Bug Fixes
Code Refactoring
Build System

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/renovatebot/renovate](https://renovatebot.com) ([source](https://github.com/renovatebot/renovate)) | container | major | `41.173.1` -> `42.2.0` | --- ### Release Notes <details> <summary>renovatebot/renovate (ghcr.io/renovatebot/renovate)</summary> ### [`v42.2.0`](https://github.com/renovatebot/renovate/releases/tag/42.2.0) [Compare Source](https://github.com/renovatebot/renovate/compare/42.1.3...42.2.0) ##### Features - **manager/npm:** use volta node pin as node version constraint ([#&#8203;38816](https://github.com/renovatebot/renovate/issues/38816)) ([3b81143](https://github.com/renovatebot/renovate/commit/3b811438d4d90c91e27a6f340b2b57afb205188e)) ##### Miscellaneous Chores - **deps:** update dependency esbuild to v0.25.12 (main) ([#&#8203;39179](https://github.com/renovatebot/renovate/issues/39179)) ([3a149c9](https://github.com/renovatebot/renovate/commit/3a149c9edcbae0964ae491e3753cf255145937ca)) - **deps:** update dependency globals to v16.5.0 (main) ([#&#8203;39176](https://github.com/renovatebot/renovate/issues/39176)) ([d53217b](https://github.com/renovatebot/renovate/commit/d53217b9a65d5e2c6c522cc7ea20e71bc64ade54)) - **deps:** update dependency graphql to v16.12.0 (main) ([#&#8203;39178](https://github.com/renovatebot/renovate/issues/39178)) ([d453b0e](https://github.com/renovatebot/renovate/commit/d453b0e90684fa0f4c98673732befbadd2b849b2)) ##### Build System - **deps:** update dependency simple-git to v3.30.0 (main) ([#&#8203;39180](https://github.com/renovatebot/renovate/issues/39180)) ([19fd8e4](https://github.com/renovatebot/renovate/commit/19fd8e4e50c8ada782916823f4dec83fbac1d638)) ### [`v42.1.3`](https://github.com/renovatebot/renovate/releases/tag/42.1.3) [Compare Source](https://github.com/renovatebot/renovate/compare/42.1.2...42.1.3) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v12.1.4 (main) ([#&#8203;39174](https://github.com/renovatebot/renovate/issues/39174)) ([1216402](https://github.com/renovatebot/renovate/commit/1216402ca44244e10484761a2ebee90153bd47fa)) ##### Build System - **deps:** update dependency [@&#8203;renovatebot/osv-offline](https://github.com/renovatebot/osv-offline) to v1.7.10 (main) ([#&#8203;39173](https://github.com/renovatebot/renovate/issues/39173)) ([a8f1501](https://github.com/renovatebot/renovate/commit/a8f150193c53c0b8f91b64be85edb1cb9364e047)) ### [`v42.1.2`](https://github.com/renovatebot/renovate/releases/tag/42.1.2) [Compare Source](https://github.com/renovatebot/renovate/compare/42.1.1...42.1.2) ##### Bug Fixes - **nuget:** correct escaping syntax ([#&#8203;39120](https://github.com/renovatebot/renovate/issues/39120)) ([50471cb](https://github.com/renovatebot/renovate/commit/50471cbd253d3ee613bb120ee7274b3a03965f6f)) - skip npm installation if no constraint specified ([#&#8203;38974](https://github.com/renovatebot/renovate/issues/38974)) ([98eef7e](https://github.com/renovatebot/renovate/commit/98eef7e82da17ee9a025aa7f06c1ed250d74300e)) ### [`v42.1.1`](https://github.com/renovatebot/renovate/releases/tag/42.1.1) [Compare Source](https://github.com/renovatebot/renovate/compare/42.1.0...42.1.1) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v12.1.3 (main) ([#&#8203;39172](https://github.com/renovatebot/renovate/issues/39172)) ([0ffd324](https://github.com/renovatebot/renovate/commit/0ffd3241cbc064b0a3e037dfab0ab0da8d3c0656)) ### [`v42.1.0`](https://github.com/renovatebot/renovate/releases/tag/42.1.0) [Compare Source](https://github.com/renovatebot/renovate/compare/42.0.3...42.1.0) ##### Features - **pip-compile:** Support more `uv pip compile` options ([#&#8203;39167](https://github.com/renovatebot/renovate/issues/39167)) ([0b02c42](https://github.com/renovatebot/renovate/commit/0b02c4257a91c11d2c89372ab21f2c03f2f34824)) ##### Code Refactoring - **deb:** Split DebDatasource in smaller pieces and prepare for mutli-compression feature ([#&#8203;38254](https://github.com/renovatebot/renovate/issues/38254)) ([5d36cf1](https://github.com/renovatebot/renovate/commit/5d36cf1d1496cf0bbd98318a3f9cbdf0811e1f04)) - **presets:** add type for presets with global-only configuration ([#&#8203;39166](https://github.com/renovatebot/renovate/issues/39166)) ([8348930](https://github.com/renovatebot/renovate/commit/83489302d7248ed918e96a890ebfffe2cbe334d8)) ##### Build System - **deps:** update dependency [@&#8203;sindresorhus/is](https://github.com/sindresorhus/is) to v7.1.1 (main) ([#&#8203;39169](https://github.com/renovatebot/renovate/issues/39169)) ([2ed5bc5](https://github.com/renovatebot/renovate/commit/2ed5bc52a0fd751985a2581657e6d5b1f0e4753f)) ##### Continuous Integration - add an "ago" note to the notification ([#&#8203;39161](https://github.com/renovatebot/renovate/issues/39161)) ([a75dc8c](https://github.com/renovatebot/renovate/commit/a75dc8c4023b6539ea2c5f8c29b5783bfdaed2d1)) ### [`v42.0.3`](https://github.com/renovatebot/renovate/releases/tag/42.0.3) [Compare Source](https://github.com/renovatebot/renovate/compare/42.0.2...42.0.3) ##### Bug Fixes - **deps:** update ghcr.io/renovatebot/base-image docker tag to v12.1.2 (main) ([#&#8203;39164](https://github.com/renovatebot/renovate/issues/39164)) ([534a686](https://github.com/renovatebot/renovate/commit/534a68691d5dfc7eb4f962baaa6f7e0029433d90)) ##### Documentation - reference glob tool ([#&#8203;39154](https://github.com/renovatebot/renovate/issues/39154)) ([6f6a94a](https://github.com/renovatebot/renovate/commit/6f6a94abf9c0dd7b8fea987b066901ad36f161d5)) ### [`v42.0.2`](https://github.com/renovatebot/renovate/releases/tag/42.0.2) [Compare Source](https://github.com/renovatebot/renovate/compare/42.0.1...42.0.2) ##### Bug Fixes - **git-submodules:** avoid network call during extract ([#&#8203;39147](https://github.com/renovatebot/renovate/issues/39147)) ([7688550](https://github.com/renovatebot/renovate/commit/7688550150c6ad7868f403dcd1d9578316fa28b7)) ##### Miscellaneous Chores - **deps:** update dependency rimraf to v6.1.0 (main) ([#&#8203;39150](https://github.com/renovatebot/renovate/issues/39150)) ([c94c65f](https://github.com/renovatebot/renovate/commit/c94c65f52a7c6c31132d07cd07782e6a8ae96495)) ### [`v42.0.1`](https://github.com/renovatebot/renovate/releases/tag/42.0.1) [Compare Source](https://github.com/renovatebot/renovate/compare/42.0.0...42.0.1) ##### Documentation - **major-release:** document "why", "when", "how" ([#&#8203;38963](https://github.com/renovatebot/renovate/issues/38963)) ([cd757d8](https://github.com/renovatebot/renovate/commit/cd757d84fcd427ae7e47ce06be38796d9f552752)) - **minimumReleaseAge:** document how to opt-out a dependency ([#&#8203;39119](https://github.com/renovatebot/renovate/issues/39119)) ([81697ad](https://github.com/renovatebot/renovate/commit/81697ad087888a461c3105de584fe37fcbb55724)) ##### Miscellaneous Chores - **deps:** update dependency [@&#8203;smithy/util-stream](https://github.com/smithy/util-stream) to v4.5.5 (main) ([#&#8203;39143](https://github.com/renovatebot/renovate/issues/39143)) ([1563b41](https://github.com/renovatebot/renovate/commit/1563b418577b4258eda1da91c393fe54a2c0391d)) - **deps:** update dependency [@&#8203;vitest/eslint-plugin](https://github.com/vitest/eslint-plugin) to v1.4.0 (main) ([#&#8203;39138](https://github.com/renovatebot/renovate/issues/39138)) ([bddc1c3](https://github.com/renovatebot/renovate/commit/bddc1c35d79ce77dca926f630c458de4df1b3068)) - update pull request template ([#&#8203;39136](https://github.com/renovatebot/renovate/issues/39136)) ([39a1b86](https://github.com/renovatebot/renovate/commit/39a1b8640eb317955b9166841f50d33864e2e038)) ##### Build System - **deps:** update dependency google-auth-library to v10.5.0 (main) ([#&#8203;39146](https://github.com/renovatebot/renovate/issues/39146)) ([748a623](https://github.com/renovatebot/renovate/commit/748a623d8e6e5d93f345d04d6d341200f23afea6)) ### [`v42.0.0`](https://github.com/renovatebot/renovate/releases/tag/42.0.0) [Compare Source](https://github.com/renovatebot/renovate/compare/41.173.1...42.0.0) #### Breaking changes for 42 ##### Using `minimumReleaseAge` will now require a release timestamp [#&#8203;38843](https://github.com/renovatebot/renovate/issues/38843) When specifying `minimumReleaseAge`, Renovate will look for a release timestamp to determine the age of the release, and whether it matched the `minimumReleaseAge` configuration. Before Renovate 42, if a release timestamp was not present, Renovate would treat the dependency update as if the release timestamp was present and the dependency had passed that lifetime. This means that users with artifact proxies, or in cases that the release timestamp wasn't consistently present could lead to dependencies "slipping through", and being updated before Renovate's policy enforced it to. As of Renovate 42, the configuration [`minimumReleaseAgeBehaviour`](https://docs.renovatebot.com/configuration-options/#minimumreleaseagebehaviour) (added in 41.150.0) requires the release timestamp to be present. If the release timestamp isn't present, Renovate will mark it as "awaiting schedule", and will output a debug log message to explain why. You can revert to the existing behaviour by setting `minimumReleaseAgeBehaviour=timestamp-optional`. Note that not all datasources support this functionality, nor do custom registries (such as Artifactory, etc). For more details on how to verify support for your repository, check out the [Minimum Release Age documentation](https://docs.renovatebot.com/key-concepts/minimum-release-age/) ##### `minimumReleaseAge: 3 days` will now be set by default for npm in `config:best-practices` [#&#8203;37967](https://github.com/renovatebot/renovate/issues/37967) For users of [`config:best-practices`](https://docs.renovatebot.com/presets-config/#configbest-practices), the [Minimum Release Age](https://docs.renovatebot.com/key-concepts/minimum-release-age/) functionality will now apply by default for the npm ecosystem. This will introduce a delay of **3 days** between package publishing and Renovate suggesting an update for the release, so: - there is time for malware researchers and scanners to (possibly) detect any malicious behaviour in new releases, before your CI infrastructure or developers receive a malicious version upgrade - you are not at risk of the package being unpublished in the 3 day window that the npm registry allows This will be enforced by default for packages using the [`npm` datasource](https://docs.renovatebot.com/modules/datasource/npm/) via the [`security:minimumReleaseAgeNpm`](https://docs.renovatebot.com/presets-security/#securityminimumreleaseagenpm) preset. > \[!NOTE] > This may require additional configuration if using a custom registry, or you have packages that you wish to not have minimum release age checks. For more details on this functionality, check out the [Minimum Release Age documentation](https://docs.renovatebot.com/key-concepts/minimum-release-age/). ##### Renovate now defaults to using Node.JS 24 [#&#8203;38939](https://github.com/renovatebot/renovate/issues/38939) With Node 24 now in Long Term Support (LTS) release status, we have moved to target Node.JS 24 (`^24.11.0`) as our default engine for Node, and retain support for Node 22. The pre-built Docker containers have been updated to use Node 24. If you self-host *without* using our Docker image, you should be able to continue running Renovate with Node 22, for instance if you build your own image, or run the `renovate` npm package. ##### Redis clusters now authenticate to all nodes in the cluster with the provided credentials When running Renovate against a Redis cluster with authentication, it was possible that a `NOAUTH Authentication required` error may appear: ``` DEBUG: Redis cache init DEBUG: Redis cache connected ... WARN: Error while setting Redis cache value (repository=jcl-test/example) "err": {"message": "NOAUTH Authentication required."} ``` Renovate will now use the same authentication for all nodes in a cluster. ##### Support Yarn Catalogs [#&#8203;38215](https://github.com/renovatebot/renovate/issues/38215) We now support the official [Yarn Catalog](https://yarnpkg.com/features/catalogs) functionality. As part of this, we have removed support for the [yarn-plugin-catalogs](https://github.com/toss/yarn-plugin-catalogs) community plugin. If you are using the [yarn-plugin-catalogs](https://github.com/toss/yarn-plugin-catalogs) community plugin, you will need to migrate your catalogs to the official Yarn Catalog functionality before Renovate 42 will update your dependencies. ##### Remove versioning modules needing to implement `rangeStrategy=pin` [#&#8203;36261](https://github.com/renovatebot/renovate/issues/36261) This is an internal refactor to make it easier for creating and maintaining versioning modules. This *should* not be a non-breaking change, as the versioning modules will have defaults available. However, we're releasing it as part of this major release, and highlighting it, in case it does lead to breaking changes. ##### PGP encryption is now performed using Bouncy Castle [#&#8203;39032](https://github.com/renovatebot/renovate/issues/39032) GPG encryption is no longer performed using [`kbpgp` Keybase's PGP for JavaScript)](https://www.npmjs.com/package/@&#8203;renovatebot/kbpgp), and has been replaced with a Bouncy Castle version. Some users have found license compliance issues with the `kbpgp` package, so this will now resolve them. ##### Legacy RSA encryption has been removed [#&#8203;39111](https://github.com/renovatebot/renovate/issues/39111) [Deprecated](https://github.com/renovatebot/renovate/pull/28557) since 37.315.0 (2024-04-21), the legacy RSA encryption is now no longer available. ##### Change to the default User Agent [#&#8203;37535](https://github.com/renovatebot/renovate/issues/37535) The `user-agent` header for Renovate's outgoing HTTP calls has changed the default to `Renovate/${version}`. ##### Default tool version updates [#&#8203;39100](https://github.com/renovatebot/renovate/issues/39100) For users of the upstream Renovate container images, the following tools have been updated to new major versions: | Tool | Version | | ------ | ------- | | Erlang | 28 | | Gradle | 9 | | Java | 25 | | Node | 24 | | Python | 3.14.0 | #### Commentary for 42 ##### Focus on `minimumReleaseAge` You'll notice that there are a number of big features here - and in recent minor releases - that focus on [Minimum Release Age](https://docs.renovatebot.com/key-concepts/minimum-release-age/). With recent supply chain attacks, the Renovate team have been hard at work improving the support we've had in Renovate (since 2019!) for this functionality, and making it as predictable as possible, so we can then enable it by default for users of `config:best-practices`. You can read more about this focus [in a blog post we've written on the Mend blog](https://www.mend.io/blog/secure-npm-ecosystem-with-mend-renovate/). We're starting with the enabling of the `npm` datasource, but will look to extend this functionality in future major releases, based on community feedback, and ecosystem support. #### Deprecations As part of this release, we want to make you aware of deprecated features which will be removed as of Renovate 43: - [the `renovate-schema.json` will only support repository configuration](https://github.com/renovatebot/renovate/issues/38728), and a separate `renovate-admin-schema.json` will be needed for global/self-hosted configuration #### [42.0.0](https://github.com/renovatebot/renovate/compare/41.173.1...42.0.0) (2025-11-06) ##### ⚠ BREAKING CHANGES - **deps:** Update ghcr.io/renovatebot/base-image Docker tag to v12 (main) ([#&#8203;39100](https://github.com/renovatebot/renovate/issues/39100)) - **deps:** Needs NodeJS v24.11.0 instead of v24.10.0. NodeJS v22 is still supported. - **npm:** communit plugin yarn-catalogs-plugin is not supported anymore - drop legacy rsa encryption ([#&#8203;39111](https://github.com/renovatebot/renovate/issues/39111)) - remove rangeStrategy=pin from versioning modules ([#&#8203;36261](https://github.com/renovatebot/renovate/issues/36261)) - **minimumReleaseAge:** require a release timestamp by default ([#&#8203;38843](https://github.com/renovatebot/renovate/issues/38843)) - **best-practices:** provide default `minimumReleaseAge` for npm ([#&#8203;37967](https://github.com/renovatebot/renovate/issues/37967)) - **redis:** add default auth to redis clusters ([#&#8203;37337](https://github.com/renovatebot/renovate/issues/37337)) - remove the "Bot" from user-agent header ([#&#8203;37535](https://github.com/renovatebot/renovate/issues/37535)) ##### Features - **best-practices:** provide default `minimumReleaseAge` for npm ([#&#8203;37967](https://github.com/renovatebot/renovate/issues/37967)) ([e371de1](https://github.com/renovatebot/renovate/commit/e371de1b9501807eeadcb3e190ccfe982b2df977)), closes [#&#8203;37952](https://github.com/renovatebot/renovate/issues/37952) - **deps:** Update ghcr.io/renovatebot/base-image Docker tag to v12 (main) ([#&#8203;39100](https://github.com/renovatebot/renovate/issues/39100)) ([f9f810f](https://github.com/renovatebot/renovate/commit/f9f810f486621e6f43d2f5a59fe1877691366490)) - **minimumReleaseAge:** require a release timestamp by default ([#&#8203;38843](https://github.com/renovatebot/renovate/issues/38843)) ([1cf9b1c](https://github.com/renovatebot/renovate/commit/1cf9b1c6a4713a315c367153d2fe31dc5d4f3347)), closes [#&#8203;37952](https://github.com/renovatebot/renovate/issues/37952) - **npm:** support yarn catalogs ([#&#8203;38215](https://github.com/renovatebot/renovate/issues/38215)) ([d7a741b](https://github.com/renovatebot/renovate/commit/d7a741b831bc569f7564fe859b6ff0e16e7fca83)) - replace `kbpgp` with `bcpgp` ([#&#8203;39032](https://github.com/renovatebot/renovate/issues/39032)) ([6de0097](https://github.com/renovatebot/renovate/commit/6de0097dc87165b661f52821f0b3ef72cf52ec6e)) ##### Bug Fixes - drop legacy rsa encryption ([#&#8203;39111](https://github.com/renovatebot/renovate/issues/39111)) ([f1eefcf](https://github.com/renovatebot/renovate/commit/f1eefcf3938e34f2eaba6ba52fe67cb01cdcb416)) - **redis:** add default auth to redis clusters ([#&#8203;37337](https://github.com/renovatebot/renovate/issues/37337)) ([df9844d](https://github.com/renovatebot/renovate/commit/df9844d5ad019ca23930ea9ef8b9bf882848367f)) - remove the "Bot" from user-agent header ([#&#8203;37535](https://github.com/renovatebot/renovate/issues/37535)) ([4e4a0f9](https://github.com/renovatebot/renovate/commit/4e4a0f99b0da3352e417dbc52f4409557248c2ce)) ##### Code Refactoring - remove rangeStrategy=pin from versioning modules ([#&#8203;36261](https://github.com/renovatebot/renovate/issues/36261)) ([0d5d7a8](https://github.com/renovatebot/renovate/commit/0d5d7a866987dd694a13bea9b4ff176cab1a6355)) ##### Build System - **deps:** update dependency node to v24 (main) ([#&#8203;38939](https://github.com/renovatebot/renovate/issues/38939)) ([2e3da4d](https://github.com/renovatebot/renovate/commit/2e3da4d48cce8febf336e20811789d6a889deda6)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from 5c0d7a64ab to 5bea61b7bb 2025-11-06 20:18:17 +00:00 Compare
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from 5bea61b7bb to 941118437f 2025-11-07 11:21:42 +00:00 Compare
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from 941118437f to b454efa472 2025-11-07 15:18:53 +00:00 Compare
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from b454efa472 to 3c5fc1f0db 2025-11-07 19:19:56 +00:00 Compare
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from 3c5fc1f0db to 26577e3367 2025-11-07 20:18:57 +00:00 Compare
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from 26577e3367 to 08b4ac6db0 2025-11-07 23:18:40 +00:00 Compare
renovate-bot force-pushed renovate/ghcr.io-renovatebot-renovate-42.x from 08b4ac6db0 to a9675b287e 2025-11-09 09:18:23 +00:00 Compare
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/ghcr.io-renovatebot-renovate-42.x:renovate/ghcr.io-renovatebot-renovate-42.x
git switch renovate/ghcr.io-renovatebot-renovate-42.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master
git merge --no-ff renovate/ghcr.io-renovatebot-renovate-42.x
git switch renovate/ghcr.io-renovatebot-renovate-42.x
git rebase master
git switch master
git merge --ff-only renovate/ghcr.io-renovatebot-renovate-42.x
git switch renovate/ghcr.io-renovatebot-renovate-42.x
git rebase master
git switch master
git merge --no-ff renovate/ghcr.io-renovatebot-renovate-42.x
git switch master
git merge --squash renovate/ghcr.io-renovatebot-renovate-42.x
git switch master
git merge --ff-only renovate/ghcr.io-renovatebot-renovate-42.x
git switch master
git merge renovate/ghcr.io-renovatebot-renovate-42.x
git push origin master
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: wvffle/renovate-config#7
No description provided.
Delete branch "renovate/ghcr.io-renovatebot-renovate-42.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?