Renovate Blog

Renovate is Now Part of WhiteSource

We’re excited to announce that Renovate has joined WhiteSource, the world’s leading Software Composition Analysis solution. Read on to learn about the great things this brings to Renovate users. 

Go Modules Vulnerability Disclosure

Last month we were made aware of an occurrence of GitHub.com token leakage. It affected only users who had also experienced Go Modules checksum update failures prior to September 6th, which was less than 0.1% of accounts. We resolved the problem within an hour but have spent the last month code reviewing and improving security in Renovate in general, and now present our findings and plans.

October 18, 2019

Introducing Renovate’s “Master Issue”

Renovate’s new lightweight dashboard-within-an-issue.

April 24, 2019

Ruby Bundler Support in Renovate

Bundler support in Renovate is now ready for testing!

January 14, 2019

Automating CircleCI Orb Updates

CircleCI recently launched Orbs, “a package manager for software delivery automation”. Here we will describe to you how to use Renovate to keep your Orb definitions up-to-date.

December 17, 2019

Automating Go Module Dependency Updates

Go’s new “Minimal Version Selection” approach to modules provides consistency of versions, but projects can remain stuck on outdated dependencies without maintainer conscientiousness or automation. This article discusses how to automate dependency updates to free up module maintainer time for other tasks.

October 02, 2018

Automated Dependency Updates for Bitbucket Cloud

Renovate now has beta support for the Bitbucket Cloud platform. This post describes how you can use Renovate to run against your repositories hosted on https://bitbucket.org.

August 29, 2018

Automated Dependency Updates for Kubernetes Manifests

Renovate now supports keeping Docker dependencies up-to-date in Kubernetes manifests. Read on to learn how to configure file matching to get it started.

August 04, 2018

New feature – GitHub Vulnerability Alerts

Renovate now supports raising Pull Requests immediately for any JavaScript or Python package identified as having a vulnerable version by GitHub’s Vulnerability Alerts.

July 29, 2018

New feature – Dependency Deprecation Warnings

Renovate now supports raising issues to warn a repository if it is using any deprecated npm packages. This feature can help prevent you being “in the dark” that a dependency you are using may never get updates again.

July 29, 2018

Overcoming Docker’s mutable image tags

Why Docker tags are mutable, how Node.js images broke yarn, and how to work with immutable Docker digests instead.

March 19, 2018

Renovate is Now Available on GitHub Marketplace

This week Renovate got accepted (launched!) into GitHub’s Marketplace with paid plans available.

March 15, 2018