renovate

What is renovate?

Renovate is a powerful tool for automating dependency updates in your projects. It helps keep your dependencies up-to-date, ensuring that your project remains secure and compatible with the latest versions of libraries and tools.

What are renovate's main functionalities?

Automated Dependency Updates

Renovate can automatically update your dependencies by creating pull requests for new versions. The configuration above extends the base configuration, which includes sensible defaults for most projects.

{
  "extends": ["config:base"]
}

Customizable Configuration

You can customize Renovate's behavior using a configuration file. In this example, packages that match the pattern '^@my-org/' are grouped together in a single pull request.

{
  "extends": ["config:base"],
  "packageRules": [
    {
      "packagePatterns": ["^@my-org/"],
      "groupName": "my-org packages"
    }
  ]
}

Scheduling Updates

Renovate allows you to schedule when updates should be created. The configuration above schedules updates to be created before 5 AM on Mondays.

{
  "extends": ["config:base"],
  "schedule": ["before 5am on monday"]
}

Other packages similar to renovate

dependabot

Dependabot is a GitHub-native tool for automating dependency updates. It is similar to Renovate in that it creates pull requests for new versions of dependencies. However, Dependabot is more tightly integrated with GitHub and may be easier to set up for users already using GitHub.

greenkeeper

Greenkeeper is another tool for automating dependency updates. It was one of the first tools in this space and offers similar functionality to Renovate. However, Greenkeeper has been deprecated in favor of Snyk, which now includes similar features.

snyk

Snyk is a comprehensive security tool that includes features for automating dependency updates. While it offers similar functionality to Renovate, Snyk also provides additional security features such as vulnerability scanning and remediation.

README

renovate

Keep npm dependencies up-to-date

Why

• Creates or updates Pull Requests for each dependency that needs updating
• Discovers and processes all package.json files in repository (supports monorepo architecture)
• Supports multiple major versions per-dependency at once
• Configurable via file, environment, CLI, and package.json
• Supports yarn.lock and package-lock.json files
• Supports GitHub and GitLab
• Open source and can be self-hosted

GitHub App

Renovate is now available as a free GitHub "App". Go to https://github.com/apps/renovate to enable it now.

Install

$ npm install -g renovate

Authentication

You need to select a repository user for renovate to assume the identity of, and generate a Personal Access Token. It's recommended that you use a dedicated "bot" account for this to avoid user confusion.

You can find instructions for GitHub here (select "repo" permissions)

You can find instructions for GitLab here.

This token needs to be configured via file, environment variable, or CLI. See docs/configuration.md for details. The simplest way is to expose it as GITHUB_TOKEN or GITLAB_TOKEN.

Usage

Run renovate --help for usage details.

Note: The first time you run renovate on a repository, it will not upgrade any dependencies. Instead, it will create a Pull Request (Merge Request if GitLab) called 'Configure Renovate' and commit a default renovate.json file to the repository. This PR can be close unmerged if the default settings are fine for you. Also, this behaviour can be disabled if you set the onboarding configuration option to false before running.

Deployment

See deployment docs for details.

Configuration

The Configuration and Configuration FAQ documents should be helpful.

Design Decisions

See design decisions doc for details.