Convert Figma logo to code with AI

renovatebot logorenovate

Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

17,095
2,220
17,095
722
View on GitHubView on NPM

Top Related Projects

dependabot's avatar

dependabot-core

4,610

🤖 Dependabot's core logic for creating update PRs.

Quick Overview

Renovate is an open-source tool that automatically updates dependencies in software projects. It scans a project's dependencies and creates pull requests to update them to the latest versions, helping to keep the project up-to-date and secure.

Pros

  • Automated Dependency Updates: Renovate automatically scans a project's dependencies and creates pull requests to update them, reducing the manual effort required to keep a project's dependencies current.
  • Customizable Configuration: Renovate allows for extensive configuration, enabling users to customize the update process to fit their specific needs, such as scheduling updates, ignoring certain dependencies, or setting update strategies.
  • Broad Language Support: Renovate supports a wide range of programming languages and package managers, including JavaScript, Python, Go, Ruby, and more.
  • Improved Security: By keeping dependencies up-to-date, Renovate helps to mitigate security vulnerabilities and ensure that the project is using the latest, most secure versions of its dependencies.

Cons

  • Complexity: Renovate's extensive configuration options can make it challenging to set up, especially for users who are new to the tool.
  • Potential Breakages: Automatically updating dependencies can sometimes lead to breaking changes, which may require manual intervention to resolve.
  • Dependency Conflicts: Renovate may encounter conflicts when updating dependencies, which can require manual resolution.
  • Potential Performance Impact: Depending on the size and complexity of a project, the frequent pull requests created by Renovate may have a noticeable impact on the project's build and deployment processes.

Getting Started

To get started with Renovate, follow these steps:

  1. Install the Renovate bot in your GitHub repository:
    • Go to the Renovate GitHub App and click "Install".
    • Select the repository you want to enable Renovate for and click "Install".
  2. Configure Renovate by creating a renovate.json file in the root of your project. Here's an example configuration:
{
  "extends": [
    "config:base"
  ],
  "schedule": [
    "every weekend"
  ],
  "timezone": "America/New_York",
  "labels": [
    "dependencies"
  ]
}

This configuration will run Renovate every weekend and apply the "dependencies" label to the created pull requests.

  1. Commit the renovate.json file to your repository, and Renovate will start scanning your dependencies and creating pull requests.

  2. Optionally, you can customize the Renovate configuration further by adding more options to the renovate.json file. The Renovate documentation provides a comprehensive list of available configuration options.

Competitor Comparisons

dependabot logo

dependabot-core

4,610

🤖 Dependabot's core logic for creating update PRs.

Pros of Dependabot Core

  • Dependabot Core is a more lightweight and focused solution, primarily designed for dependency management.
  • It has a simpler and more streamlined configuration, making it easier to set up and maintain.
  • Dependabot Core is actively maintained and supported by the GitHub team, ensuring reliable and up-to-date functionality.

Cons of Dependabot Core

  • Renovate offers a more comprehensive set of features, including support for a wider range of package managers and additional security and automation capabilities.
  • Dependabot Core may have a more limited set of configuration options compared to Renovate, which can be a drawback for users with more complex dependency management requirements.
  • The Dependabot Core community is smaller compared to Renovate, which may result in fewer third-party integrations and a slower pace of feature development.

Code Comparison

Renovate:

module.exports = {
  extends: ['config:base'],
  packageRules: [
    {
      matchPackagePatterns: ['*'],
      automerge: true,
      automergeType: 'branch',
      automergeStrategy: 'squash',
    },
  ],
};

Dependabot Core:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Renovate banner

Renovate

Automated dependency updates. Multi-platform and multi-language.

License: AGPL-3.0-only codecov Renovate enabled Build status Docker Pulls OpenSSF Scorecard

Why Use Renovate?

  • Get automated Pull Requests to update your dependencies
  • Reduce noise by running Renovate on a schedule, for example:
    • on weekends
    • outside of working hours
    • each week
    • each month
  • Relevant package files are discovered automatically
  • Supports monorepo architectures with workspaces with no extra configuration
  • Bot behavior is customizable via configuration files (config as code)
  • Use ESLint-like shared config presets for ease of use and simplifying configuration (JSON format only)
  • Lock files are supported and updated in the same commit, including immediately resolving conflicts whenever PRs are merged
  • Get replacement PRs to migrate from a deprecated dependency to the community suggested replacement, works with most managers, see issue 14149 for exceptions
  • Open source (installable via npm/Yarn or Docker Hub) so can be self-hosted or used via the Mend Renovate App

Supported Platforms

Renovate works on these platforms:

Who Uses Renovate?

Renovate is widely used in the developer community:

Logos of companies and projects that use Renovate

List of companies and projects that use Renovate
  • Prisma
  • Netlify
  • Envoy
  • Condé Nast
  • Microsoft
  • Atlassian
  • Sourcegraph
  • Mozilla
  • Deloitte
  • Telus
  • Yarn
  • HashiCorp
  • Automattic
  • Algolia
  • eBay
  • Cypress
  • Red Hat
  • Financial Times
  • Uber
  • Buildkite

Renovate OSS Insights

Renovate is built on a big community and actively invites and supports contributions. Information about our contributors and community can be found on OSS Insight.

Star History

Star History Chart

The Renovate Approach

We believe everyone benefits from automation, whether it's a little or a lot. This means that Renovate:

  • Adapts to your workflow
  • Allows you to configure its behavior
  • Will autodetect settings where possible

Using Renovate

Get started with Renovate by checking out our tutorial.

GitHub

We recommend that you use the Mend Renovate App. Install the Mend Renovate App now. More details on the Mend Renovate App installation.

Azure DevOps

There are two ways to run Renovate on Azure DevOps:

  • Renovate Me extension
  • Custom pipeline

Renovate Me extension

Go to the Visual Studio Marketplace and install the Renovate Me extension in your organization. From there you can create a pipeline with the RenovateMe task.

[!NOTE] This extension is created and maintained personally by a Renovate developer/user so support requests relating to the extension itself cannot be answered directly in the main Renovate repository.

Custom pipeline

You can create a custom pipeline with a yml definition that triggers npx renovate. More details on how to configure the pipeline.

Bitbucket Cloud/Server, Forgejo, Gitea, GitLab

For Bitbucket Cloud, Bitbucket Server, Forgejo, Gitea and GitLab, use our self-hosting option.

Configuration

Go to our documentation website to learn how to configure Renovate. We have a full list of configuration options.

To get help with your configuration, go to the discussions tab in the Renovate repository and open a new "config help" discussion post.

Self-Hosting

To run your own instance of Renovate you have several options:

  • Install the renovate CLI tool from npmjs, run it on a schedule (e.g. using cron)
  • Run the renovate/renovate:full Docker Hub image (same content/versions as the CLI tool), run it on a schedule
  • Run the renovate/renovate:latest Docker Hub image if you only use package managers that don't need third-party binaries (e.g. JavaScript, Docker, NuGet, pip)

More details on the self-hosting development.

Contributing

If you want to contribute to Renovate or get a local copy running, please read the instructions in contributing guidelines. To get started look at the list of good first issues.

Security / Disclosure

If you find any bug with Renovate that may be a security problem, then e-mail us at: renovate-disclosure@mend.io. This way we can evaluate the bug and hopefully fix it before it gets abused. Please give us enough time to investigate the bug before you report it anywhere else.

Please do not create GitHub issues for security-related doubts or problems.

NPM DownloadsLast 30 Days