archive/docker--clair
Archived
3
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Activity Actions

Configure Renovate #1

Open
renovate-bot wants to merge 1 commit from renovate/configure into master
pull from: renovate/configure
merge into: archive:master
Conversation 0 Commits 1 Files changed 1 +6
renovate-bot commented 2026-05-06 21:39:30 +02:00
First-time contributor
Copy link

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

📚 See our Reading List for relevant documentation you may be interested in reading.

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

Detected Package Files

  • Dockerfile (dockerfile)
  • .gitlab-ci.yml (gitlabci)
  • renovate.json (renovate-config)

Configuration Summary

Based on the default config's presets, Renovate will:

  • Start dependency updates only once this onboarding PR is merged
  • Enable Renovate Dependency Dashboard creation.
  • Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
  • Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
  • Group known monorepo packages together.
  • Use curated list of recommended non-monorepo package groupings.
  • Show only the Age and Confidence Merge Confidence badges for pull requests.
  • Apply crowd-sourced package replacement rules.
  • Apply crowd-sourced workarounds for known problems with packages.
  • Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff
  • Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff
  • Correctly link to the source code for golang.org/x packages
  • Link to pkg.go.dev/... for golang.org/x packages' title
  • Pin Docker digests.
  • Pin github-action digests.
  • Enable Renovate configuration migration PRs when needed.
  • Pin dependency versions for development dependencies.
  • Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides.
  • Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds.
  • Run lock file maintenance (updates) early Monday mornings.
  • Remove hourly and concurrent rate limits.

What to Expect

With your current configuration, Renovate will create 10 Pull Requests:

Pin dependencies
  • Schedule: ["at any time"]
  • Branch name: renovate/pin-dependencies
  • Merge into: master
  • Upgrade arminc/clair-db to sha256:bb80e756204a2ee65f2185555513a316b88fe71328db3bad9ce29433dc8910fa
  • Upgrade docker to sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
  • Upgrade golang to sha256:6d5e79878a3e4f1b30b7aa4d24fb6ee6184e905a9b172fc72593935633be4c46
  • Upgrade hadolint/hadolint to sha256:158cd0184dcaa18bd8ec20b61f4c1cabdf8b32a592d062f57bdcb8e4c1d312e2
Update golang Docker tag to v1.18
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.18.x
  • Merge into: master
  • Upgrade golang to sha256:50c889275d26f816b5314fc99f55425fa76b18fcaf16af255f5d57f09e1f48da
Update golang Docker tag to v1.19
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.19.x
  • Merge into: master
  • Upgrade golang to sha256:3025bf670b8363ec9f1b4c4f27348e6d9b7fec607c47e401e40df816853e743a
Update golang Docker tag to v1.20
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.20.x
  • Merge into: master
  • Upgrade golang to sha256:8f9af7094d0cb27cc783c697ac5ba25efdc4da35f8526db21f7aebb0b0b4f18a
Update golang Docker tag to v1.21
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.21.x
  • Merge into: master
  • Upgrade golang to sha256:4746d26432a9117a5f58e95cb9f954ddf0de128e9d5816886514199316e4a2fb
Update golang Docker tag to v1.22
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.22.x
  • Merge into: master
  • Upgrade golang to sha256:1cf6c45ba39db9fd6db16922041d074a63c935556a05c5ccb62d181034df7f02
Update golang Docker tag to v1.23
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.23.x
  • Merge into: master
  • Upgrade golang to sha256:60deed95d3888cc5e4d9ff8a10c54e5edc008c6ae3fba6187be6fb592e19e8c0
Update golang Docker tag to v1.24
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.24.x
  • Merge into: master
  • Upgrade golang to sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804
Update golang Docker tag to v1.25
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.25.x
  • Merge into: master
  • Upgrade golang to sha256:8a7adc288b77e9b787cd2695029eb54d10ae80571b21d44fed68d067ad0a9c96
Update golang Docker tag to v1.26
  • Schedule: ["at any time"]
  • Branch name: renovate/golang-1.26.x
  • Merge into: master
  • Upgrade golang to sha256:b54cbf583d390341599d7bcbc062425c081105cc5ef6d170ced98ef9d047c716

Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

This PR has been generated by Mend Renovate.

Welcome to [Renovate](https://github.com/renovatebot/renovate)! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin. 🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged. 📚 See our [Reading List](https://docs.renovatebot.com/reading-list/) for relevant documentation you may be interested in reading. 🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to `renovate.json` in this branch. Renovate will update the Pull Request description the next time it runs. --- ### Detected Package Files * `Dockerfile` (dockerfile) * `.gitlab-ci.yml` (gitlabci) * `renovate.json` (renovate-config) ### Configuration Summary Based on the default config's presets, Renovate will: - Start dependency updates only once this onboarding PR is merged - Enable Renovate Dependency Dashboard creation. - Use semantic commit type `fix` for dependencies and `chore` for all others if semantic commits are in use. - Ignore `node_modules`, `bower_components`, `vendor` and various test/tests (except for nuget) directories. - Group known monorepo packages together. - Use curated list of recommended non-monorepo package groupings. - Show only the Age and Confidence Merge Confidence badges for pull requests. - Apply crowd-sourced package replacement rules. - Apply crowd-sourced workarounds for known problems with packages. - Ensure that every dependency pinned by digest and sourced from Forgejo contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from Gitea contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitHub.com and Github enterprise contains a link to the commit-to-commit diff - Ensure that every dependency pinned by digest and sourced from GitLab.com contains a link to the commit-to-commit diff - Correctly link to the source code for golang.org/x packages - Link to pkg.go.dev/... for golang.org/x packages' title - Pin Docker digests. - Pin `github-action` digests. - Enable Renovate configuration migration PRs when needed. - Pin dependency versions for development dependencies. - Recommended configuration for abandoned packages, treating packages without a release for 1 year as abandoned, while taking into account community-sourced overrides. - Wait until the npm package is three days old before raising the update. This a) introduces a short delay to allow for malware researchers and scanners to (possibly) detect any malicious behaviour in packages, and b) prevents the maintainer and/or NPM from unpublishing a package you already upgraded to, breaking builds. - Run lock file maintenance (updates) early Monday mornings. - Remove hourly and concurrent rate limits. --- ### What to Expect With your current configuration, Renovate will create 10 Pull Requests: <details> <summary>Pin dependencies</summary> - Schedule: ["at any time"] - Branch name: `renovate/pin-dependencies` - Merge into: `master` - Upgrade arminc/clair-db to `sha256:bb80e756204a2ee65f2185555513a316b88fe71328db3bad9ce29433dc8910fa` - Upgrade docker to `sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940` - Upgrade golang to `sha256:6d5e79878a3e4f1b30b7aa4d24fb6ee6184e905a9b172fc72593935633be4c46` - Upgrade hadolint/hadolint to `sha256:158cd0184dcaa18bd8ec20b61f4c1cabdf8b32a592d062f57bdcb8e4c1d312e2` </details> <details> <summary>Update golang Docker tag to v1.18</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.18.x` - Merge into: `master` - Upgrade golang to `sha256:50c889275d26f816b5314fc99f55425fa76b18fcaf16af255f5d57f09e1f48da` </details> <details> <summary>Update golang Docker tag to v1.19</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.19.x` - Merge into: `master` - Upgrade golang to `sha256:3025bf670b8363ec9f1b4c4f27348e6d9b7fec607c47e401e40df816853e743a` </details> <details> <summary>Update golang Docker tag to v1.20</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.20.x` - Merge into: `master` - Upgrade golang to `sha256:8f9af7094d0cb27cc783c697ac5ba25efdc4da35f8526db21f7aebb0b0b4f18a` </details> <details> <summary>Update golang Docker tag to v1.21</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.21.x` - Merge into: `master` - Upgrade golang to `sha256:4746d26432a9117a5f58e95cb9f954ddf0de128e9d5816886514199316e4a2fb` </details> <details> <summary>Update golang Docker tag to v1.22</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.22.x` - Merge into: `master` - Upgrade golang to `sha256:1cf6c45ba39db9fd6db16922041d074a63c935556a05c5ccb62d181034df7f02` </details> <details> <summary>Update golang Docker tag to v1.23</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.23.x` - Merge into: `master` - Upgrade golang to `sha256:60deed95d3888cc5e4d9ff8a10c54e5edc008c6ae3fba6187be6fb592e19e8c0` </details> <details> <summary>Update golang Docker tag to v1.24</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.24.x` - Merge into: `master` - Upgrade golang to `sha256:d2d2bc1c84f7e60d7d2438a3836ae7d0c847f4888464e7ec9ba3a1339a1ee804` </details> <details> <summary>Update golang Docker tag to v1.25</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.25.x` - Merge into: `master` - Upgrade golang to `sha256:8a7adc288b77e9b787cd2695029eb54d10ae80571b21d44fed68d067ad0a9c96` </details> <details> <summary>Update golang Docker tag to v1.26</summary> - Schedule: ["at any time"] - Branch name: `renovate/golang-1.26.x` - Merge into: `master` - Upgrade golang to `sha256:b54cbf583d390341599d7bcbc062425c081105cc5ef6d170ced98ef9d047c716` </details> --- ❓ Got questions? Check out Renovate's [Docs](https://docs.renovatebot.com/), particularly the Getting Started section. If you need any further assistance then you can also [request help here](https://github.com/renovatebot/renovate/discussions). --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-config-hash:777a6821bd6a2edf6707732166d06f74393b0bba573f1c1a83cd6b545f059568-->
Commenting is not possible because the repository is archived.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
archive/docker--clair!1
No description provided.