Merge branch 'main' into feat/python-version

.devcontainer/Dockerfile

@@ -1 +1 @@
-FROM ghcr.io/containerbase/devcontainer:10.5.2
+FROM ghcr.io/containerbase/devcontainer:10.6.10

.github/contributing.md

@@ -21,15 +21,6 @@ If you want help with your Renovate configuration, go to the [discussions tab in
 
 For **feature requests**: first search for related requests in the issues and discussions, if you don't find anything: create a _discussion_.
 
-## Rate Limiting of Support Requests through Temporary Blocking
-
-To ensure that the Renovate maintainers don't burn out from dealing with unfriendly behavior, those who display a bad attitude when asking for or receiving support in the repo will be rate limited from further requests through the use of temporary blocking.
-The duration of the temporary block depends on how rude or inconsiderate the behavior is perceived to be, and can be from 1-30 days.
-
-If you have been blocked temporarily and believe that it is due to a misunderstanding, or you regret your comments and wish to make amends, please reach out to the lead maintainer Rhys Arkins by email with any request for early unblocking.
-If/once you are unblocked, you should edit or delete whatever comment lead to the blocking, even if you did not intend it to be rude or inconsiderate.
-Long emails or apologies are undesirable - the maintainers are busy and want to be able to help as many users as possible with the time they have available.
-
 ## Code
 
 If you would like to fix a bug or work on a feature, please fork the repository and create a Pull Request.

.github/label-actions.yml

@@ -225,6 +225,21 @@
     This Issue will now be closed and locked. We may later batch-delete this issue. This way we keep Issues actionable, and free of duplicates or wrong bug reports.
 
 
+    Thanks, the Renovate team
+  close: true
+  close-reason: 'not planned'
+
+'auto:inactivity-pr-close':
+  comment: >
+    **We're closing this PR due to inactivity, but we are happy for you, or others, to finish the PR.**
+
+
+    We limit the number of open PRs, so we close stale PRs, or PRs that are not getting ready to merge.
+
+
+    If you, or someone else, want to continue working on this PR, then please reopen this PR and let us know.
+
+
     Thanks, the Renovate team
   close: true
   close-reason: 'not planned'

.github/workflows/build.yml

@@ -93,7 +93,7 @@ jobs:
         run: gh api ${{ env.PR_URL }} | jq -rc '${{ env.JQ_FILTER }}' >> "$GITHUB_OUTPUT"
 
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           filter: blob:none # we don't need all blobs
           sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
@@ -151,7 +151,7 @@ jobs:
     steps:
       - name: Checkout code
         if: needs.setup.outputs.os-matrix-is-full && runner.os != 'Linux'
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           filter: blob:none # we don't need all blobs
           sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
@@ -175,7 +175,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -220,7 +220,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -262,7 +262,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -291,7 +291,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -330,7 +330,7 @@ jobs:
         include: ${{ fromJSON(needs.setup.outputs.test-shard-matrix) }}
 
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -393,7 +393,7 @@ jobs:
     if: (success() || failure()) && github.event_name != 'merge_group' && github.event.pull_request.draft != true
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           filter: blob:none # we don't need all blobs
           show-progress: false
@@ -406,7 +406,7 @@ jobs:
           merge-multiple: true
 
       - name: Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
+        uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           directory: coverage/lcov
@@ -421,7 +421,7 @@ jobs:
     if: (success() || failure()) && github.event.pull_request.draft != true
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           filter: blob:none # we don't need all blobs
           sparse-checkout: ${{ env.SPARSE_CHECKOUT }}
@@ -511,7 +511,7 @@ jobs:
     if: github.event.pull_request.draft != true
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -545,7 +545,7 @@ jobs:
     if: github.event.pull_request.draft != true
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -576,7 +576,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -625,14 +625,14 @@ jobs:
       packages: write
 
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           fetch-depth: 0 # zero stands for full checkout, which is required for semantic-release
           filter: blob:none # we don't need all blobs, only the full tree
           show-progress: false
 
       - name: docker-config
-        uses: containerbase/internal-tools@955ceac764c7b5d3bdf644591152412dd97e3dc9 # v3.0.80
+        uses: containerbase/internal-tools@7e72a69bea17a290f4fb09e2844311d62147c75a # v3.0.87
         with:
           command: docker-config
 

.github/workflows/codeql-analysis.yml

@@ -31,7 +31,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -41,7 +41,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           languages: javascript
 
@@ -51,7 +51,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -65,4 +65,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5

.github/workflows/dependency-review.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 

.github/workflows/devcontainer.yml

@@ -18,7 +18,7 @@ jobs:
     if: github.event.pull_request.draft != true
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 

.github/workflows/scorecard.yml

@@ -20,13 +20,13 @@ jobs:
 
     steps:
       - name: 'Checkout code'
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           persist-credentials: false
           show-progress: false
 
       - name: 'Run analysis'
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -51,6 +51,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: results.sarif

.github/workflows/trivy.yml

@@ -21,7 +21,7 @@ jobs:
           - full
 
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 
@@ -31,7 +31,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
-      - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+      - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: trivy-results.sarif
           category: 'docker-image-${{ matrix.tag }}'

.github/workflows/update-data.yml

@@ -17,7 +17,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 

.github/workflows/ws_scan.yaml

@@ -11,7 +11,7 @@ jobs:
   WS_SCAN:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           show-progress: false
 

.ls-lint.yml

@@ -12,6 +12,7 @@ ignore:
   - .git
   - .github/ISSUE_TEMPLATE
   - .github/pull_request_template.md
+  - CODE_OF_CONDUCT.md
   - dist
   - jest.config.ts
   - node_modules

CODE_OF_CONDUCT.md

@@ -0,0 +1,105 @@
+# Code of Conduct
+
+To help us deliver great features and support the Renovate Open Source project we ask that you:
+
+- are polite
+- pay attention to details
+- keep in mind that most maintainers are volunteers
+- are respectful of the time and effort of the maintainers
+
+## Our priorities
+
+We want to keep this project sustainable.
+This means we support our maintainers and contributors, who spend their free time to help others.
+
+Maintainers getting stressed is a big threat to Open Source projects, like ours.
+Stressed maintainers quit, or reduce their time spent on the project.
+Often a few users behave badly, where most users are nice.
+
+We want to avoid maintainers getting stressed out by bad behavior from contributors.
+That's why we have these rules.
+
+## Politeness
+
+Sadly, it's common in Open Source projects for a few users to behave in an aggressive and rude way.
+A user might say something like: "You should have fixed this bug already!", or "Why am I still waiting for this feature?".
+We do not allow this kind of behavior.
+
+We expect basic politeness, do not act rude.
+For example: it is okay if you ask a question and do not thank us afterwards.
+But avoid writing mean comments like: "Pity the documentation didn’t say that." or "Thanks for nothing.".
+
+## Respect the time of those who help you
+
+Respect goes both ways, but time is limited.
+When you ask for help, please remember that the maintainer's time is valuable.
+We get many questions each week and do our best to answer each one.
+To get the help you need, please be prepared to give detailed logs or descriptions of your issues.
+If you do not want to spend the effort giving us enough information, it's likely you will not get the help you need.
+
+Remember, most of the support provided by our team, including the Mend.io staff, is _unpaid_.
+
+## Blocking and unblocking
+
+We quickly deal with rudeness in the community with:
+
+- automated comments
+- temporary blocks
+- permanent bans
+
+If you keep breaking the rules or challenge our guidelines openly, you will be blocked.
+For example: if you keep spamming the maintainers with `@mentions` or challenge our rules openly, you will be blocked.
+
+We generally do not argue about these decisions, but we are willing to reverse a block if you show that you understand and respect the rules, or if there was a misunderstanding.
+To reverse a block, or to clear up a misunderstanding, write a _short_ email to Renovate's lead maintainer Rhys Arkins.
+
+Simply put: we block and unblock swiftly, what matters is how you follow the rules going forward.
+
+## How we prioritize work
+
+Renovate's core contributors and maintainers focus on work that:
+
+- Helps a lot of users, or
+- Fixes regressions (errors introduced by recent changes), or
+- Is required by a customer of Mend.io, or
+- Is sponsored by third parties after independent validation, or
+- We personally need or want to implement
+
+You may be disappointed when we focus on other work ahead of your feature or bug, but you should understand and accept this.
+
+## Maintaining Issue and Code quality
+
+We use GitHub Discussions to start and sort issues.
+Only maintainers are allowed to create new issues.
+If we confirm a bug or agree with a feature idea, and if it's well-documented, we will turn it into an official issue.
+This way most issues are ready to work on, either by us or the community.
+
+We may reject ideas that are too specialized, or that would make the project too hard to maintain.
+
+We have strict coding standards and reviews to keep our code in good shape.
+A feature or fix must of course work, but it must also be well designed to stay maintainable.
+We may ask you to improve your code several times in a row, which can be difficult for you.
+We only do this to keep the project sustainable.
+
+## If you have urgent work
+
+People working for big companies might push too hard in Open Source projects.
+It’s often hard for them to understand that our maintainers cannot spend much time to solve their issues quickly.
+Frequent requests for updates like "@rarkins how can we move this forward?" are _not_ helpful.
+
+Please remember, unless you are a Mend.io customer, this project does not owe you the level of response or support you might expect.
+Mend.io customers should use their designated support channels for urgent needs.
+
+## Getting more help
+
+If you need more assistance than what this project offers, you have two options:
+
+1. Become a Mend.io customer, such as by buying Renovate Enterprise, or
+1. Hire an experienced Renovate contributor privately for consulting. Mend.io staff do _not_ offer this service, but one of our volunteer maintainers, [`@secustor`](https://github.com/secustor), does
+
+## Feedback
+
+We welcome respectful discussions about these rules and accept suggestions that improve this text.
+We avoid debates on social media or going off-topic in GitHub Discussions.
+
+Because we enforce all these rules, we can deliver new features and give excellent support to the community.