Last month we were made aware of an occurrence of GitHub.com token leakage. It affected only users who had also experienced Go Modules checksum update failures prior to September 6th, which was less than 0.1% of accounts. We resolved the problem within an hour but have spent the last month code reviewing and improving security in Renovate in general, and now present our findings and plans.
October 18, 2019
Go’s new “Minimal Version Selection” approach to modules provides consistency of versions, but projects can remain stuck on outdated dependencies without maintainer conscientiousness or automation. This article discusses how to automate dependency updates to free up module maintainer time for other tasks.
October 02, 2018
Renovate now supports keeping Docker dependencies up-to-date in Kubernetes manifests. Read on to learn how to configure file matching to get it started.
August 04, 2018