Merge branch 'main' into feat/autoreplace-replacements

.devcontainer/Dockerfile

@@ -1,6 +1,6 @@
-FROM containerbase/node:14.19.3@sha256:d2020d09554fff425904cb6165271b7411cfe2cf39b7b3509ba395e8dd8b6e85
+FROM containerbase/node:14.19.3@sha256:f574d3061fc651873b8693a22a30f399babea4ec5d3331aa500fa59ac501f3ed
 
 USER root
 
 # renovate: datasource=npm
-RUN install-tool yarn 1.22.18
+RUN install-tool yarn 1.22.19

.eslintrc.js

@@ -71,11 +71,17 @@ module.exports = {
 
     // disallow direct `nock` module usage as it causes memory issues.
     // disallow `parse-link-header` to allow override ENV https://github.com/thlorenz/parse-link-header#environmental-variables
+    // disallow `path` in favor of `upath`
     'no-restricted-imports': [
       2,
       { paths: ['nock', 'parse-link-header', 'path'] },
     ],
 
+    '@typescript-eslint/consistent-type-assertions': [
+      'error',
+      { assertionStyle: 'as', objectLiteralTypeAssertions: 'allow' },
+    ],
+
     // Makes no sense to allow type inference for expression parameters, but require typing the response
     '@typescript-eslint/explicit-function-return-type': [
       'error',

.github/semantic.yml

@@ -1,4 +1,4 @@
-# Semantic Commit bot: https://github.com/zeke/semantic-pull-requests
+# Semantic Commit bot: https://github.com/Ezard/semantic-prs
 
 # Always validate the PR title, and ignore the commits
 titleOnly: true

.github/workflows/build.yml

@@ -42,24 +42,23 @@ jobs:
         include: >-
           ${{ fromJSON((github.event_name != 'pull_request' || contains(github.event.pull_request.labels.*.name, 'ci:fulltest')) && '[{
             "os": "macos-latest",
-            "node-version": 14
+            "node-version": 16
           }, {
             "os": "windows-latest",
-            "node-version": 14
+            "node-version": 16
           }]' || '[]') }}
 
     env:
       coverage: ${{ matrix.os == 'ubuntu-latest' && (matrix.node-version == 14 || matrix.node-version == 16) }}
       NODE_VERSION: ${{ matrix.node-version }}
-      JAVA_VERSION: ${{ matrix.java-version }}
 
     steps:
       - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
         with:
           fetch-depth: 2
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 # tag=v3.2.0
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
@@ -105,7 +104,7 @@ jobs:
           fetch-depth: 2
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 # tag=v3.2.0
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn
@@ -138,8 +137,8 @@ jobs:
       - name: Type check
         run: yarn type-check
 
-      - name: Null check
-        run: yarn null-check
+      - name: Strict check
+        run: yarn strict-check
 
   release:
     needs: [lint, test]
@@ -155,7 +154,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 # tag=v3.2.0
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn

.github/workflows/codeql-analysis.yml

@@ -30,7 +30,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
+        uses: github/codeql-action/init@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2.1.15
         with:
           languages: javascript
 
@@ -40,7 +40,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
+        uses: github/codeql-action/autobuild@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2.1.15
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -54,4 +54,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@27ea8f8fe5977c00f5b37e076ab846c5bd783b96 # tag=v2.1.12
+        uses: github/codeql-action/analyze@3f62b754e23e0dd60f91b744033e1dc1654c0ec6 # tag=v2.1.15

.github/workflows/dependency-review.yml

@@ -12,4 +12,4 @@ jobs:
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@a9c83d3af6b9031e20feba03b904645bb23d1dab # tag=v1.0.2
+        uses: actions/dependency-review-action@1c59cdf2a9c7f29c90e8da32237eb04b81bad9f0 # tag=v2.0.2

.github/workflows/release-npm.yml

@@ -40,7 +40,7 @@ jobs:
           ref: ${{ env.GIT_SHA }}
 
       - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@17f8bd926464a1afa4c6a11669539e9c1ba77048 # tag=v3.2.0
+        uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd # tag=v3.3.0
         with:
           node-version: ${{ env.NODE_VERSION }}
           cache: yarn

.gitignore

@@ -10,6 +10,7 @@
 /package-lock.json
 *.pyc
 renovate-0.0.0-semantic-release.tgz
+renovate-v0.0.0-semantic-release.tgz
 /test/e2e/node_modules
 .eslintcache
 junit.xml

.prettierignore

@@ -13,6 +13,7 @@ package.json
 **/__mocks__/
 bin/yarn*
 .clinic/
+.eslintcache
 
 # generated code
 **/*.generated.ts

data/node-js-schedule.json

@@ -87,7 +87,7 @@
     "start": "2021-04-20",
     "lts": "2021-10-26",
     "maintenance": "2022-10-18",
-    "end": "2024-04-30",
+    "end": "2023-09-11",
     "codename": "Gallium"
   },
   "v17": {

docs/development/behavior.md

@@ -69,3 +69,12 @@ A full log dump takes a lot of time to scroll through, and it is next to impossi
 
 Instead, please select the logs relevant to your problem and paste just those.
 If it turns out there's a need for the full dump, someone can ask you for it later.
+
+## Avoid unjustified bug reports
+
+Don't raise a bug report unless it's definitely a bug.
+"I don't like this" or "I didn't expect this to happen" is not the same thing as a bug.
+
+Many unjustified bug reports are filed because people they think it will get them more attention.
+Instead, you may be just wasting maintainer time because we have to reclassify your invalid bug report or convert it to a discussion, and you are much less likely to get the attention you're hoping for.
+If in doubt, start a discussion instead.

docs/development/best-practices.md

@@ -6,10 +6,12 @@ Follow these best practices when you're working on our code.
 ## General
 
 - Prefer full function declarations for readability and better stack traces, so avoid `const func = ():void => {}`
+- Prefer `interface` over `type` for TypeScript type declarations
 - Avoid [Enums](https://github.com/renovatebot/renovate/issues/13743), use union or [immutable objects](https://github.com/renovatebot/renovate/blob/5043379847818ac1fa71ff69c098451975e95710/lib/modules/versioning/pep440/range.ts#L8-L20) instead
 - Always add unit tests for full code coverage
   - Only use `istanbul` comments for unreachable code coverage that is needed for `codecov` completion
   - Use descriptive `istanbul` comments
+- Avoid cast or prefer `x as T` instead of `<T>x` cast.
 
 ```ts
 // istanbul ignore next: can never happen
@@ -129,11 +131,12 @@ Use `UTC` to be time zone independent.
   - For `Luxon` mocking see [Example](https://github.com/renovatebot/renovate/blob/5043379847818ac1fa71ff69c098451975e95710/lib/modules/versioning/distro.spec.ts#L7-L10)
 - Prefer `jest.spyOn` for mocking single functions, or mock entire modules
   - Avoid overwriting functions, for example: (`func = jest.fn();`)
-- Prefer `toEqual` or `toDeepEqual`
+- Prefer `toEqual`
 - Use `toMatchObject` for huge objects when only parts need to be tested
 - Avoid `toMatchSnapshot`, only use it for:
   - huge strings like the Renovate PR body text
   - huge complex objects where you only need to test parts
+- Avoid exporting functions purely for the purpose of testing unless you really need to
 
 ### Fixtures
 
@@ -163,3 +166,12 @@ Use [JSDoc](https://jsdoc.app/index.html) to declare types and function prototyp
 - Omit constructors when defining Static classes
 - [No `#private` fields](https://google.github.io/styleguide/tsguide.html#private-fields). instead, use TypeScript's visibility annotations
 - Avoid underscore suffixes or prefixes, for example: `_prop`, use [whole words](https://google.github.io/styleguide/tsguide.html#properties-used-outside-of-class-lexical-scope) as suffix/prefix i.e. `internalProp`
+
+### regex
+
+Use [Named Capturing Groups](https://www.regular-expressions.info/named.html) when capturing multiple groups, for example: `(?<groupName>CapturedGroup)`.
+
+### Windows
+
+We recommend you set [`core.autocrlf = input`](https://git-scm.com/docs/gitattributes#_text) in your `gitConfig`, or the carriage return `\r\n` might confuse Renovate bot.
+You can also set the line endings in your repository by adding `* text=auto eol=lf` to your `.gitattributes` file.