`renovate`

Ecosystem:
npm

Package URL:
pkg:npm/renovate

Total PRs:
319 Dependabot PRs

Latest PR:
3 days ago

Unique Repositories:
44 repositories

Unique Repos (30 days):
2 repositories

Security Advisories

Renovate vulnerable to Azure DevOps token leakage in logs

GHSA-36rh-ggpr-j3gj MODERATE published almost 6 years ago • updated 14 days ago

### Impact Applies to Azure DevOps users only. The bot's token may be exposed in server or pipeline logs due to the `http.extraheader=AUTHORIZATIO...

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

GHSA-xjr7-3c3g-m763 MODERATE published 5 months ago • updated 2 months ago

### Summary The user-provided string `depName` in the `gleam` manager is appended to the `gleam deps update` command without proper sanitization. ...

Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance

GHSA-5vjq-5jmg-39xq MODERATE published 2 months ago • updated 2 months ago

When using [`lockFileMaintenance`](https://docs.renovatebot.com/configuration-options/#lockfilemaintenance) using the [bazel-module](https://docs.r...

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

GHSA-xv56-3wq5-9997 MODERATE published 5 months ago • updated 2 months ago

### Summary The user-provided chart name in the `kustomize` manager is appended to the `helm pull --untar` command without proper sanitization. ##...

Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`

GHSA-pfq2-hh62-7m96 MODERATE published 5 months ago • updated 2 months ago

### Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious `distributionUrl` in `gradle/wrapper/g...

View all 11 advisories

Recent PRs

Bump the dev group across 1 directory with 5 updates

DEFRA/epr-re-ex-service #258

43.206.0 → 43.220.0 Minor PR

Open 3 days ago 1 comment

Bump the dev group across 1 directory with 5 updates

DEFRA/epr-re-ex-service #255

43.206.0 → 43.217.0 Minor PR

Closed 5 days ago 2 comments

deps: bump renovate from 42.81.1 to 43.212.4

frjcomp/renovate-config-resolver #258

42.81.1 → 43.212.4 Major PR

Closed 6 days ago 2 comments

deps: bump renovate from 42.81.1 to 43.209.1

frjcomp/renovate-config-resolver #256

42.81.1 → 43.209.1 Major PR

Closed 8 days ago 2 comments

Bump the dev group across 1 directory with 5 updates

DEFRA/epr-re-ex-service #244

43.206.0 → 43.210.2 Minor PR

Open 11 days ago 1 comment

deps: bump renovate from 42.81.1 to 43.201.2

frjcomp/renovate-config-resolver #250

42.81.1 → 43.201.2 Major PR

Open 13 days ago 2 comments

Bump simple-git and renovate

hashintel/.github #60

43.104.1 → 43.130.0 Minor PR

Open about 1 month ago 2 comments

chore(deps): bump the npm-packages group across 1 directory with 5 updates

ministryofjustice/devsecops-actions #253

43.120.2 → 43.150.0 Minor PR

Open about 1 month ago 3 comments

chore(deps): bump the npm-packages group with 4 updates

ministryofjustice/devsecops-actions #246

43.120.2 → 43.150.0 Minor PR

Open about 1 month ago 1 comment

chore(deps): bump uuid and renovate

Dustin4444/slsa-github-generator #53

39.174.3 → 43.150.0 Major PR

Open about 2 months ago 2 comments

deps(npm): bump renovate from 38.55.1 to 43.139.6 in /dependencies

actions-marketplace-validations/github_super-linter #585

38.55.1 → 43.139.6 Major PR

Closed about 2 months ago 1 comment

chore(deps-dev): bump renovate from 43.113.0 to 43.120.1 in the npm-packages group

ministryofjustice/devsecops-actions #229

43.113.0 → 43.120.1 Minor PR

Open about 2 months ago 2 comments

chore(deps-dev): bump the npm-packages group with 2 updates

ministryofjustice/devsecops-actions #222

43.102.11 → 43.111.0 Minor PR

Open about 2 months ago 2 comments

chore(deps): bump protobufjs and renovate

Dustin4444/slsa-github-generator #52

39.174.3 → 43.127.0 Major PR

Open 2 months ago 1 comment

chore(deps-dev): bump renovate from 43.102.1 to 43.102.11

ministryofjustice/devsecops-actions #213

43.102.1 → 43.102.11 Patch PR

Open 2 months ago 3 comments

deps: bump renovate from 42.81.1 to 43.110.5

frjcomp/renovate-config-resolver #217

42.81.1 → 43.110.5 Major PR

Open 2 months ago 1 comment

deps(npm): bump the npm group across 1 directory with 14 updates

super-linter/super-linter #7749

43.110.3 → 43.121.0 Minor PR

Open 2 months ago 4 comments

deps(npm): bump the npm group across 1 directory with 14 updates

super-linter/super-linter #7748

43.110.3 → 43.116.0 Minor PR

Closed 2 months ago 3 comments

chore(deps-dev): bump the npm-packages group with 2 updates

ministryofjustice/devsecops-actions #207

43.102.1 → 43.104.8 Minor PR

Open 2 months ago 2 comments

deps: bump renovate from 42.81.1 to 43.104.2

frjcomp/renovate-config-resolver #213

42.81.1 → 43.104.2 Major PR

Closed 2 months ago 2 comments

deps(npm): bump renovate from 43.104.5 to 43.104.8 in /dependencies in the npm group across 1 directory

nhuthua/super-linter #154

43.104.5 → 43.104.8 Patch PR

Closed 2 months ago 1 comment

deps(npm): bump the npm group across 1 directory with 3 updates

sede-open/super-linter #4

43.101.3 → 43.104.6 Minor PR

Closed 2 months ago 4 comments

deps(npm): bump the npm group across 1 directory with 3 updates

super-linter/super-linter #7712

43.101.3 → 43.104.1 Minor PR

Open 3 months ago 9 comments

deps: bump renovate from 42.81.1 to 43.91.6

frjcomp/renovate-config-resolver #205

42.81.1 → 43.91.6 Major PR

Open 3 months ago 2 comments

deps: bump renovate from 42.81.1 to 43.91.4

frjcomp/renovate-config-resolver #202

42.81.1 → 43.91.4 Major PR

Open 3 months ago 1 comment

deps: bump renovate from 42.81.1 to 43.89.4

frjcomp/renovate-config-resolver #201

42.81.1 → 43.89.4 Major PR

Open 3 months ago 1 comment

deps: bump renovate from 42.81.1 to 43.84.1

frjcomp/renovate-config-resolver #196

42.81.1 → 43.84.1 Major PR

Closed 3 months ago 2 comments

chore(deps): bump yaml and renovate in /dependencies

harryzcy/super-linter #452

42.26.11 → 43.92.0 Major PR

Open 3 months ago 1 comment

deps: bump renovate from 42.81.1 to 43.77.8

frjcomp/renovate-config-resolver #194

42.81.1 → 43.77.8 Major PR

Open 3 months ago 1 comment

chore(deps-dev): bump renovate from 43.84.1 to 43.84.2 in the npm-packages group

ministryofjustice/devsecops-actions #168

43.84.1 → 43.84.2 Patch PR

Open 3 months ago 2 comments

deps: bump renovate from 42.81.1 to 43.61.5

frjcomp/renovate-config-resolver #187

42.81.1 → 43.61.5 Major PR

Open 3 months ago 1 comment

chore(deps-dev): bump renovate from 37.440.7 to 42.96.3

khill1269/servalsheets #31

37.440.7 → 42.96.3 Major PR

Open 3 months ago 5 comments

chore(deps): bump the npm-packages group with 3 updates

ministryofjustice/devsecops-actions #154

43.57.0 → 43.59.4 Minor PR

Open 3 months ago 2 comments

deps: bump renovate from 42.81.1 to 43.55.0

frjcomp/renovate-config-resolver #179

42.81.1 → 43.55.0 Major PR

Open 3 months ago 1 comment

deps(npm): bump renovate from 43.61.0 to 43.62.0 in /dependencies in the npm group across 1 directory

super-linter/super-linter #7628

43.61.0 → 43.62.0 Minor PR

Open 3 months ago 4 comments

chore(deps): bump simple-git and renovate in /dependencies

Dustin4444/super-linter #5

42.76.0 → 43.61.2 Major PR

Open 3 months ago 1 comment

chore(deps): bump simple-git and renovate in /dependencies

harryzcy/super-linter #444

42.26.11 → 43.61.2 Major PR

Closed 3 months ago 2 comments

deps: bump renovate from 42.81.1 to 43.39.2

frjcomp/renovate-config-resolver #173

42.81.1 → 43.39.2 Major PR

Open 4 months ago 2 comments

deps(npm): bump the npm group across 1 directory with 15 updates

super-linter/super-linter #7595

43.52.0 → 43.52.1 Patch PR

Open 4 months ago 3 comments

deps(npm): bump the npm group across 1 directory with 15 updates

super-linter/super-linter #7583

43.14.1 → 43.49.0 Minor PR

Closed 4 months ago 4 comments

deps: bump renovate from 42.81.1 to 43.31.7

frjcomp/renovate-config-resolver #170

42.81.1 → 43.31.7 Major PR

Open 4 months ago 1 comment

Bump renovate from 43.46.6 to 43.46.7

reishoku/rpmbuild.renovate-cli-latest #2

43.46.6 → 43.46.7 Patch PR

Open 4 months ago 6 comments

deps: bump renovate from 42.81.1 to 43.26.2

frjcomp/renovate-config-resolver #165

42.81.1 → 43.26.2 Major PR

Open 4 months ago 1 comment

Bump minimatch and renovate

intelops/scsctl #142

36.78.8 → 43.35.1 Major PR

Closed 4 months ago 1 comment

deps: bump renovate from 42.81.1 to 43.24.1

frjcomp/renovate-config-resolver #163

42.81.1 → 43.24.1 Major PR

Open 4 months ago 1 comment

deps(npm): bump the npm group across 1 directory with 13 updates

super-linter/super-linter #7557

43.14.1 → 43.32.1 Minor PR

Open 4 months ago 4 comments

deps(npm): bump the npm group across 1 directory with 12 updates

super-linter/super-linter #7553

43.14.1 → 43.31.3 Minor PR

Closed 4 months ago 2 comments

deps: bump renovate from 42.81.1 to 43.14.0

frjcomp/renovate-config-resolver #161

42.81.1 → 43.14.0 Major PR

Open 4 months ago 1 comment

deps: bump renovate from 42.81.1 to 43.8.5

frjcomp/renovate-config-resolver #159

42.81.1 → 43.8.5 Major PR

Closed 4 months ago 2 comments

build(deps): bump markdown-it and renovate

brave/renovate-config #138

43.8.2 → 43.19.2 Minor PR

Open 4 months ago 1 comment

Package Details

Name:	`renovate`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/renovate`
JSON API:	View JSON

Security Advisories

11

Active advisories

MODERATE 11

View All npm Advisories

Package Information

Description:

Automated dependency updates. Flexible so you don't need to be.

Repository:	https://github.com/renovatebot/renovate
Homepage:	https://renovatebot.com
Latest Release:	`39.41.0` over 1 year ago
Dependent Repos:	308
Dependent Packages:	116
Downloads:	697,219
Ranking:	Top 0.9546% by dependent repos Top 0.4064% by downloads Top 0.3466% by dependent pkgs

PR Status

Open 116 (36.4%)

Merged 123 (38.6%)

Closed 73 (22.9%)

PR Types

Major 62 (19.4%)

Minor 222 (69.6%)

Patch 28 (8.8%)