Automated dependency updates. Multi-platform and multi-language.
Renovate works on the following platforms:
Renovate is widely used in the developer community:
We believe everyone benefits from automation, whether it's a little or a lot. This means that Renovate:
It's easiest to use the hosted Renovate app. Install the Renovate app now.
More details on the GitHub App installation.
There are two ways to run Renovate on Azure DevOps:
Go to the Visual Studio Marketplace and install the Renovate Me extension in your organization.
From there you can create a pipeline with the
RenovateMe task.
More details on how to configure the pipeline.
Note: This extension is created and maintained personally by a Renovate developer/user so support requests relating to the extension itself cannot be answered directly in the main Renovate repository.
You can create a custom pipeline with a
yml definition that triggers
npx renovate.
More details on how to configure the pipeline.
For Bitbucket Cloud, Bitbucket Server, Gitea and GitLab, use our self-hosting option.
Go to our documentation website to learn how to configure Renovate. We have a full list of configuration options.
To get help with your configuration, go to the discussions tab in the Renovate repository and open a new "config help" discussion post.
To run your own instance of Renovate you have several options:
renovate CLI tool from npmjs, run it on a schedule (e.g. using
cron)
renovate/renovate Docker Hub image (same content/versions as the CLI tool), run it on a schedule
renovate/renovate:slim Docker Hub image if you only use package managers that don't need third-party binaries (e.g. JavaScript, Docker, NuGet, pip)
More details on the self-hosting development.
If you want to contribute to Renovate or get a local copy running, please read the instructions in .github/contributing.md.
If you discover any important bug with Renovate that may pose a security problem, please disclose it confidentially to renovate-disclosure@whitesourcesoftware.com first, so that it can be assessed and hopefully fixed prior to being exploited. Please do not raise GitHub issues for security-related doubts or problems.
A highly useful and configurable tool that I use for almost all of projects to ensure that all the dependencies are always updated. However, at times the renovate bot can also be a tad overwhelming, especially in large projects. A rule of thumb that I have come to follow over the years is to have automerge disabled to avoid any sudden surprises where the build suddenly starts to fail due to an unexpected dependency update. However, aside from a few perks here and there, which can mostly be dealt with by playing around the configurations, Renovate is a must have tool that I would highly recommend.
Renovate helps to rollout updated in a managed way by providing the updates with changelog to the software. THis is a best way for maintaining and managing the package. Only thing while working with the renovate is we work on certain assumptions about the success of the update we rollout via renovate PRs. It will be great if we get some sandboxing environment to test the updates with the renovate. The Conflict management is another hat of the renovate. It always resolve conflicts effectively based on the changes in upstream. no manual intevention is required for it which makes developer life easier also
I have a love-hate relationship with Renovate. However, it is a elationship that I cannot live without. Renovate forces me to make sure that my code is always up-to-date with the latest dependencies which in turn results in my applications being always updated to deal with the latest vulnerabilities. I have recently started using it across most of my production repositories and I must say it has been a blessing. I no longer have to worry about updating my package dependencies manually and my application code is always state-of-the-art as a direct result. Highly recommended!