Convert Figma logo to code with AI

renovatebot logorenovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

18,201
2,439
18,201
788
View on GitHubView on NPM

Top Related Projects

dependabot's avatar

dependabot-core

4,818

🤖 Dependabot's core logic for creating update PRs.

Quick Overview

Renovate is an open-source tool that automatically updates dependencies in software projects. It scans a project's dependencies and creates pull requests to update them to the latest versions, helping to keep the project up-to-date and secure.

Pros

  • Automated Dependency Updates: Renovate automatically scans a project's dependencies and creates pull requests to update them, reducing the manual effort required to keep a project's dependencies current.
  • Customizable Configuration: Renovate allows for extensive configuration, enabling users to customize the update process to fit their specific needs, such as scheduling updates, ignoring certain dependencies, or setting update strategies.
  • Broad Language Support: Renovate supports a wide range of programming languages and package managers, including JavaScript, Python, Go, Ruby, and more.
  • Improved Security: By keeping dependencies up-to-date, Renovate helps to mitigate security vulnerabilities and ensure that the project is using the latest, most secure versions of its dependencies.

Cons

  • Complexity: Renovate's extensive configuration options can make it challenging to set up, especially for users who are new to the tool.
  • Potential Breakages: Automatically updating dependencies can sometimes lead to breaking changes, which may require manual intervention to resolve.
  • Dependency Conflicts: Renovate may encounter conflicts when updating dependencies, which can require manual resolution.
  • Potential Performance Impact: Depending on the size and complexity of a project, the frequent pull requests created by Renovate may have a noticeable impact on the project's build and deployment processes.

Getting Started

To get started with Renovate, follow these steps:

  1. Install the Renovate bot in your GitHub repository:
    • Go to the Renovate GitHub App and click "Install".
    • Select the repository you want to enable Renovate for and click "Install".
  2. Configure Renovate by creating a renovate.json file in the root of your project. Here's an example configuration:
{
  "extends": [
    "config:base"
  ],
  "schedule": [
    "every weekend"
  ],
  "timezone": "America/New_York",
  "labels": [
    "dependencies"
  ]
}

This configuration will run Renovate every weekend and apply the "dependencies" label to the created pull requests.

  1. Commit the renovate.json file to your repository, and Renovate will start scanning your dependencies and creating pull requests.

  2. Optionally, you can customize the Renovate configuration further by adding more options to the renovate.json file. The Renovate documentation provides a comprehensive list of available configuration options.

Competitor Comparisons

dependabot logo

dependabot-core

4,818

🤖 Dependabot's core logic for creating update PRs.

Pros of Dependabot Core

  • Dependabot Core is a more lightweight and focused solution, primarily designed for dependency management.
  • It has a simpler and more streamlined configuration, making it easier to set up and maintain.
  • Dependabot Core is actively maintained and supported by the GitHub team, ensuring reliable and up-to-date functionality.

Cons of Dependabot Core

  • Renovate offers a more comprehensive set of features, including support for a wider range of package managers and additional security and automation capabilities.
  • Dependabot Core may have a more limited set of configuration options compared to Renovate, which can be a drawback for users with more complex dependency management requirements.
  • The Dependabot Core community is smaller compared to Renovate, which may result in fewer third-party integrations and a slower pace of feature development.

Code Comparison

Renovate:

module.exports = {
  extends: ['config:base'],
  packageRules: [
    {
      matchPackagePatterns: ['*'],
      automerge: true,
      automergeType: 'branch',
      automergeStrategy: 'squash',
    },
  ],
};

Dependabot Core:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Mend Renovate CLI banner

License: AGPL-3.0-only codecov Renovate enabled Build status Docker Pulls OpenSSF Scorecard

What is the Mend Renovate CLI?

Renovate is an automated dependency update tool. It helps to update dependencies in your code without needing to do it manually. When Renovate runs on your repo, it looks for references to dependencies (both public and private) and, if there are newer versions available, Renovate can create pull requests to update your versions automatically.

Features

  • Delivers update PRs directly to your repo
    • Relevant package files are discovered automatically
    • Pull Requests automatically generated in your repo
  • Provides useful information to help you decide which updates to accept (age, adoption, pass rates, merge confidence)
  • Highly configurable and flexible to fit in with your needs and repository standards
  • Largest collection of languages and platforms (listed below)
  • Connects with private repositories and package registries

Languages

Renovate can provide updates for most popular languages, platforms, and registries including: npm, Java, Python, .NET, Scala, Ruby, Go, Docker and more. Supports over 90 different package managers.

Platforms

Renovate updates code repositories on the following platforms: GitHub, GitLab, Bitbucket, Azure DevOps, AWS Code Commit, Gitea, Forgejo, Gerrit (experimental)

Ways to run Renovate

The most effective way to run Renovate is to use an automated job scheduling system that regularly runs Renovate on all enabled repositories and responds with priority to user activity. Mend offers cloud-hosted and self-hosted solutions. See the options below.

Mend Renovate Community (Cloud-Hosted)

Supports: GitHub.com, Bitbucket Cloud

Hosted by Mend.io. No setup is needed. Community plan available (Free)

  • GitHub Cloud: Install the Renovate Cloud-Hosted App on your GitHub org, then select the repos to enable
  • Bitbucket Cloud: Add the Mend App to your Workspace, then add the Mend Renovate user to the projects you want to enable

Mend Renovate Community (Self-hosted)

Supports: GitHub, GitLab, Bitbucket Data Center

Install and run your own Renovate server. Access internal packages.

Other ways to run Renovate

If you can’t use a pre-built job scheduling system, or want to build your own, the following options are available:

Run Renovate on your Pipeline

Mend provides a GitHub Action or a GitLab Runner to help you run Renovate as a CI pipeline job.

Run Renovate CLI

There are several ways to run the Renovate CLI directly. See docs: Running Renovate for all options.

Supports: all platforms

Docs

More about Renovate

Renovate Docs

Comparisons

Get involved

Issues and Discussions

Please open a Discussion to get help, suggest a new feature, or to report a bug. We only want maintainers to open Issues.

Contributing

To contribute to Renovate, or run a local copy, please read the contributing guidelines.

Contact and Social Media

The Renovate project is proudly supported and actively maintained by Mend.io.

  • Contact Mend.io for commercial support questions.

Follow us on:

Security / Disclosure

If you find any bug with Renovate that may be a security problem, then e-mail us at: renovate-disclosure@mend.io. This way we can evaluate the bug and hopefully fix it before it gets abused. Please give us enough time to investigate the bug before you report it anywhere else.

Please do not create GitHub issues for security-related doubts or problems.

NPM DownloadsLast 30 Days