- Added custom manager in renovate.json to track Go dependencies patched in Dockerfile for Caddy CVE fixes. - Updated Dockerfile to pre-fetch and override vulnerable module versions for dependencies (expr, quic-go, smallstep/certificates) during the build process. - Improved build resilience by implementing a fallback mechanism for Caddy versioning. - Introduced tests for user SMTP audit, covering invite token security, input validation, authorization, and SMTP config security. - Enhanced user invite functionality with duplicate email protection and case-insensitive checks. - Updated go.work.sum to include new dependencies and ensure compatibility.
109 lines
3.4 KiB
JSON
109 lines
3.4 KiB
JSON
{
|
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
"extends": [
|
|
"config:recommended",
|
|
":semanticCommits",
|
|
":separateMultipleMajorReleases",
|
|
"helpers:pinGitHubActionDigests"
|
|
],
|
|
"baseBranches": ["development"],
|
|
"timezone": "UTC",
|
|
"dependencyDashboard": true,
|
|
"prConcurrentLimit": 10,
|
|
"prHourlyLimit": 5,
|
|
"labels": ["dependencies"],
|
|
"rebaseWhen": "conflicted",
|
|
"vulnerabilityAlerts": { "enabled": true },
|
|
"schedule": ["every weekday"],
|
|
"rangeStrategy": "bump",
|
|
"customManagers": [
|
|
{
|
|
"customType": "regex",
|
|
"description": "Track Go dependencies patched in Dockerfile for Caddy CVE fixes",
|
|
"fileMatch": ["^Dockerfile$"],
|
|
"matchStrings": [
|
|
"#\\s*renovate:\\s*datasource=go\\s+depName=(?<depName>[^\\s]+)\\s*\\n\\s*go get (?<depName2>[^@]+)@v(?<currentValue>[^\\s|]+)"
|
|
],
|
|
"datasourceTemplate": "go",
|
|
"versioningTemplate": "semver"
|
|
}
|
|
],
|
|
"packageRules": [
|
|
{
|
|
"description": "Caddy transitive dependency patches in Dockerfile",
|
|
"matchManagers": ["regex"],
|
|
"matchFileNames": ["Dockerfile"],
|
|
"matchPackagePatterns": ["expr-lang/expr", "quic-go/quic-go", "smallstep/certificates"],
|
|
"labels": ["dependencies", "caddy-patch", "security"],
|
|
"automerge": true
|
|
},
|
|
{
|
|
"description": "Automerge safe patch updates",
|
|
"matchUpdateTypes": ["patch"],
|
|
"automerge": true
|
|
},
|
|
{
|
|
"description": "Frontend npm: automerge minor for devDependencies",
|
|
"matchManagers": ["npm"],
|
|
"matchDepTypes": ["devDependencies"],
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"automerge": true,
|
|
"labels": ["dependencies", "npm"]
|
|
},
|
|
{
|
|
"description": "Backend Go modules",
|
|
"matchManagers": ["gomod"],
|
|
"labels": ["dependencies", "go"],
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"automerge": false
|
|
},
|
|
{
|
|
"description": "GitHub Actions updates",
|
|
"matchManagers": ["github-actions"],
|
|
"labels": ["dependencies", "github-actions"],
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"automerge": true
|
|
},
|
|
{
|
|
"description": "actions/checkout",
|
|
"matchManagers": ["github-actions"],
|
|
"matchPackageNames": ["actions/checkout"],
|
|
"automerge": false,
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"labels": ["dependencies", "github-actions", "manual-review"]
|
|
},
|
|
{
|
|
"description": "Do not auto-upgrade other github-actions majors without review",
|
|
"matchManagers": ["github-actions"],
|
|
"matchUpdateTypes": ["major"],
|
|
"automerge": false,
|
|
"labels": ["dependencies", "github-actions", "manual-review"],
|
|
"prPriority": 0
|
|
},
|
|
{
|
|
"description": "Docker: keep Caddy within v2 (no automatic jump to v3)",
|
|
"matchManagers": ["dockerfile"],
|
|
"matchPackageNames": ["caddy"],
|
|
"allowedVersions": "<3.0.0",
|
|
"labels": ["dependencies", "docker"],
|
|
"automerge": true,
|
|
"extractVersion": "^(?<version>\\d+\\.\\d+\\.\\d+)",
|
|
"versioning": "semver"
|
|
},
|
|
{
|
|
"description": "Group non-breaking npm minor/patch",
|
|
"matchManagers": ["npm"],
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"groupName": "npm minor/patch",
|
|
"prPriority": -1
|
|
},
|
|
{
|
|
"description": "Group docker base minor/patch",
|
|
"matchManagers": ["dockerfile"],
|
|
"matchUpdateTypes": ["minor", "patch"],
|
|
"groupName": "docker base updates",
|
|
"prPriority": -1
|
|
}
|
|
]
|
|
}
|