Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

renovate

Ecosystem:
npm
Package URL:
pkg:npm/renovate
Total PRs:
319 Dependabot PRs
Latest PR:
4 days ago
Unique Repositories:
44 repositories
Unique Repos (30 days):
2 repositories
Security Advisories
Renovate vulnerable to Azure DevOps token leakage in logs
GHSA-36rh-ggpr-j3gj MODERATE published almost 6 years ago • updated 15 days ago
### Impact Applies to Azure DevOps users only. The bot's token may be exposed in server or pipeline logs due to the `http.extraheader=AUTHORIZATIO...
Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file
GHSA-xjr7-3c3g-m763 MODERATE published 5 months ago • updated 3 months ago
### Summary The user-provided string `depName` in the `gleam` manager is appended to the `gleam deps update` command without proper sanitization. ...
Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance
GHSA-5vjq-5jmg-39xq MODERATE published 2 months ago • updated 2 months ago
When using [`lockFileMaintenance`](https://docs.renovatebot.com/configuration-options/#lockfilemaintenance) using the [bazel-module](https://docs.r...
Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository
GHSA-xv56-3wq5-9997 MODERATE published 5 months ago • updated 3 months ago
### Summary The user-provided chart name in the `kustomize` manager is appended to the `helm pull --untar` command without proper sanitization. ##...
Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`
GHSA-pfq2-hh62-7m96 MODERATE published 5 months ago • updated 3 months ago
### Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious `distributionUrl` in `gradle/wrapper/g...
View all 11 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps-dev): bump renovate from 43.102.1 to 43.102.11

ministryofjustice/devsecops-actions #213

43.102.1 → 43.102.11 Patch PR
Open 2 months ago 3 comments
ministryofjustice
deps(npm): bump renovate from 43.104.5 to 43.104.8 in /dependencies in the npm group across 1 directory

nhuthua/super-linter #154

43.104.5 → 43.104.8 Patch PR
Closed 2 months ago 1 comment
nhuthua
chore(deps-dev): bump renovate from 43.84.1 to 43.84.2 in the npm-packages group

ministryofjustice/devsecops-actions #168

43.84.1 → 43.84.2 Patch PR
Open 3 months ago 2 comments
ministryofjustice
deps(npm): bump the npm group across 1 directory with 15 updates

super-linter/super-linter #7595

43.52.0 → 43.52.1 Patch PR
Open 4 months ago 3 comments
super-linter
Bump renovate from 43.46.6 to 43.46.7

reishoku/rpmbuild.renovate-cli-latest #2

43.46.6 → 43.46.7 Patch PR
Open 4 months ago 6 comments
reishoku
deps(npm): bump renovate from 43.4.0 to 43.4.4 in /dependencies

super-linter/super-linter #7524

43.4.0 → 43.4.4 Patch PR
Open 4 months ago 4 comments
super-linter
deps: bump renovate from 42.81.1 to 42.81.6

frjcomp/renovate-config-resolver #123

42.81.1 → 42.81.6 Patch PR
Open 5 months ago 2 comments
frjcomp
deps: bump renovate from 42.66.1 to 42.66.3

frjcomp/renovate-config-resolver #104

42.66.1 → 42.66.3 Patch PR
Closed 6 months ago 1 comment
frjcomp
deps: bump renovate from 42.66.0 to 42.66.1

frjcomp/renovate-config-resolver #103

42.66.0 → 42.66.1 Patch PR
Closed 6 months ago 1 comment
frjcomp
chore(deps-dev): bump renovate from 41.148.1 to 41.148.6

felix-kaestner/renovate-config #833

41.148.1 → 41.148.6 Patch PR
Merged 8 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.132.1 to 41.132.5

felix-kaestner/renovate-config #826

41.132.1 → 41.132.5 Patch PR
Merged 9 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.131.1 to 41.131.9

felix-kaestner/renovate-config #824

41.131.1 → 41.131.9 Patch PR
Merged 9 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.99.3 to 41.99.8

felix-kaestner/renovate-config #810

41.99.3 → 41.99.8 Patch PR
Merged 9 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.97.4 to 41.97.9

felix-kaestner/renovate-config #807

41.97.4 → 41.97.9 Patch PR
Open 9 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.82.3 to 41.82.10

felix-kaestner/renovate-config #797

41.82.3 → 41.82.10 Patch PR
Merged 10 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.82.1 to 41.82.3

felix-kaestner/renovate-config #796

41.82.1 → 41.82.3 Patch PR
Open 10 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.81.0 to 41.81.5

felix-kaestner/renovate-config #794

41.81.0 → 41.81.5 Patch PR
Merged 10 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.46.3 to 41.46.6

felix-kaestner/renovate-config #779

41.46.3 → 41.46.6 Patch PR
Merged 11 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.43.5 to 41.43.7

felix-kaestner/renovate-config #776

41.43.5 → 41.43.7 Patch PR
Open 11 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.43.2 to 41.43.5

felix-kaestner/renovate-config #775

41.43.2 → 41.43.5 Patch PR
Merged 11 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.43.0 to 41.43.2

felix-kaestner/renovate-config #774

41.43.0 → 41.43.2 Patch PR
Merged 11 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.42.2 to 41.42.9

felix-kaestner/renovate-config #772

41.42.2 → 41.42.9 Patch PR
Merged 11 months ago
felix-kaestner
chore(deps-dev): bump renovate from 41.1.1 to 41.1.4

felix-kaestner/renovate-config #753

41.1.1 → 41.1.4 Patch PR
Merged 12 months ago
felix-kaestner
chore(deps-dev): bump renovate from 40.48.4 to 40.48.10

felix-kaestner/renovate-config #744

40.48.4 → 40.48.10 Patch PR
Open about 1 year ago
felix-kaestner
chore(deps-dev): bump renovate from 40.21.0 to 40.21.6

felix-kaestner/renovate-config #730

40.21.0 → 40.21.6 Patch PR
Merged about 1 year ago
felix-kaestner
chore(deps-dev): bump renovate from 40.11.13 to 40.11.17

felix-kaestner/renovate-config #724

40.11.13 → 40.11.17 Patch PR
Merged about 1 year ago
felix-kaestner
chore(deps-dev): bump renovate from 40.11.8 to 40.11.13

felix-kaestner/renovate-config #723

40.11.8 → 40.11.13 Patch PR
Merged about 1 year ago
felix-kaestner
chore(deps-dev): bump renovate from 40.11.6 to 40.11.8

felix-kaestner/renovate-config #722

40.11.6 → 40.11.8 Patch PR
Merged about 1 year ago
felix-kaestner
Package Details
Name: renovate
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/renovate
JSON API: View JSON
Security Advisories

11

Active advisories
MODERATE 11
View All npm Advisories
Package Information
Description:

Automated dependency updates. Flexible so you don't need to be.

Repository: https://github.com/renovatebot/renovate
Homepage: https://renovatebot.com
Latest Release: 39.41.0
over 1 year ago
Dependent Repos: 308
Dependent Packages: 116
Downloads: 697,219
Ranking: Top 0.9546% by dependent repos Top 0.4064% by downloads Top 0.3466% by dependent pkgs
PR Status
Open 116 (36.4%)
Merged 123 (38.6%)
Closed 73 (22.9%)
PR Types
Major 62 (19.4%)
Minor 222 (69.6%)
Patch 28 (8.8%)