Merge branch 'main' into feat/datasource-release-interception

.devcontainer/Dockerfile

@@ -1 +1 @@
-FROM ghcr.io/containerbase/devcontainer:11.11.12
+FROM ghcr.io/containerbase/devcontainer:11.11.14

.github/label-actions.yml

@@ -20,6 +20,7 @@
      5. Fill out the information in your repository's `README.md`.
      6. Add the link to your reproduction to the first post of your Discussion. If you are not the original author, you can post a new comment with the link.
 
+    If you need help with running renovate on your minimal reproduction repository, please refer to our [Running Renovate guide](https://docs.renovatebot.com/getting-started/running/).
 
     Good luck,
 
@@ -124,6 +125,22 @@
     Read the [Renovate docs, Troubleshooting](https://docs.renovatebot.com/troubleshooting/) to learn more about getting the docs, and getting the correct type of logs.
 
 
+    Thanks, the Renovate team
+
+'auto:logs-reduction':
+  comment: >
+    Hi there,
+
+
+    Please limit the amount of logs you're pasting into this discussion. The maintainers have a limited amount of time to help you, and often do so from mobile devices. It's easier for us if you only paste the relevant parts of the logs, and point us to the lines you think are relevant.
+
+
+    For example, if your problem is about a certain dependency, find the log sections which apply to that dependency and paste only those sections. Similarly, if your problem is about a particular branch/PR, find the log sections which apply to that branch/PR and paste only those sections.
+
+
+    If you're not sure, it's acceptable to paste the full logs, including into a gist. Please try to explain the problem in enough detail to give us starting points to debug. If you only paste the full log, and do nothing else, it is likely that we will take longer to help you, or we may not start to help you at all.
+
+
     Thanks, the Renovate team
 
 'new package manager':
@@ -438,4 +455,23 @@
     If you are a paying Mend.io customer, please tell your support or customer contact that this issue is important to you.
 
 
+    Thanks, the Renovate team
+
+'auto:reduce-complexity':
+  comment: >
+    Hi there,
+
+
+    This discussion is too complex, and we want you to simplify. This way you are more likely to get help or a solution.
+
+
+    For example, if you've pasted your _whole_ complex config, while your problem is about just one part, consider removing the parts that are not relevant to your problem. The best way to do this is to create a [minimal reproduction](https://github.com/renovatebot/renovate/blob/main/docs/development/minimal-reproductions.md).
+
+
+    You may have tried many ways to do something, and described all the methods you tried. If none of the methods worked, please focus on the most promising method, or the ideal solution. Avoid complicating the description (or logs) with the failed attempts.
+
+
+    To summarize: please reduce the complexity of your discussion, to increase the chances of getting help.
+
+
     Thanks, the Renovate team

.github/workflows/build.yml

@@ -31,7 +31,7 @@ concurrency:
 env:
   DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
   NODE_VERSION: 20
-  PDM_VERSION: 2.18.1 # renovate: datasource=pypi depName=pdm
+  PDM_VERSION: 2.18.2 # renovate: datasource=pypi depName=pdm
   DRY_RUN: true
   TEST_LEGACY_DECRYPTION: true
   SPARSE_CHECKOUT: |-
@@ -683,7 +683,7 @@ jobs:
           show-progress: false
 
       - name: docker-config
-        uses: containerbase/internal-tools@4d625a3422e21862501a9abbf1dcab4e07103ec3 # v3.4.14
+        uses: containerbase/internal-tools@7967a205f4acf76ad2d414d6a074b58a52739986 # v3.4.15
         with:
           command: docker-config
 

.python-version

@@ -1 +1 @@
-3.12.5
+3.12.6

CODE_OF_CONDUCT.md

@@ -62,7 +62,7 @@ We get many questions each week and do our best to answer each one.
 To get the help you need, please be prepared to give detailed logs or descriptions of your issues.
 If you do not want to spend the effort giving us enough information, it's likely you will not get the help you need.
 
-### Wy we sometimes give short answers
+### Why we sometimes give short answers
 
 We have limited time, which means we may:
 

docs/usage/examples/opentelemetry.md

@@ -19,7 +19,7 @@ services:
       - '4317'
 
   otel-collector:
-    image: otel/opentelemetry-collector-contrib:0.108.0
+    image: otel/opentelemetry-collector-contrib:0.109.0
     command: ['--config=/etc/otel-collector-config.yml']
     volumes:
       - ./otel-collector-config.yml:/etc/otel-collector-config.yml

docs/usage/key-concepts/presets.md

@@ -12,51 +12,58 @@ To learn how to create your own presets, how to host them, and how to extend fro
 Use presets to:
 
 - Set up the bot with good default settings
-- Reduce duplication of your configuration
+- Avoid duplicating your configuration
 - Share your configuration with others
-- Use somebody else's configuration and extend it with your own rules
+- Use somebody else's configuration as-is, or extend it with your own rules
 
 ## How to use presets
 
-Let's say you're using the `config:recommended` preset, and want to pin your GitHub Action digests.
-Instead of writing your own Renovate config, you search through Renovate's built-in presets.
-You find the the `helpers:pinGitHubActionDigests` preset and add it to the `extends` array:
+Say you're using the `config:recommended` preset, and want to pin your GitHub Action digests.
+Instead of writing your own Renovate config, you search the docs, and find the `helpers:pinGitHubActionDigests` preset.
+Then you add the preset to the `"extends"` array in your Renovate configuration file:
 
 ```json
 {
   "extends": ["config:recommended", "helpers:pinGitHubActionDigests"]
 }
 ```
 
-Renovate now follows the rules for `config:recommended` plus the rules for `helpers:pinGitHubActionDigests`.
-If there is a logical conflict between presets, then the last preset in the array wins.
+In the example above, Renovate follows the rules from the `config:recommended` preset, plus the rules for `helpers:pinGitHubActionDigests`.
+
+<!-- prettier-ignore -->
+!!! tip
+    If there is a logical conflict between presets, then the _last_ preset in the `"extends"` array "wins".
 
 ## Managing config for many repositories
 
-If you manage Renovate for many repositories, then you should create a global preset configuration.
-Then you extend the global preset in each repository.
-This way you have all global configuration in a single file, in a single repository.
+If you manage the Renovate configuration for many repositories, we recommend that you:
+
+1. Create a global preset configuration
+1. Extend from the global preset in all of the repositories that should use your global preset as base
+
+This way, when you want to change your global Renovate configuration, you only need to edit the global preset file.
 
 ## Presets are modular
 
-Preset configs are modular, they can be as small as a single package rule or as large as an entire configuration.
-This is similar to the way you can share ESLint configurations.
+Preset configs are modular: a preset can be as small or large as you need.
+A preset can even extend from _other_ presets.
 
 ## Built-in presets
 
-Renovate comes with a lot of built-in presets that you can use.
-Browse [Renovate's default presets](../presets-default.md) to find any that are useful to you.
-Once you find a preset you like, put it in an `extends` array in your config file.
+Renovate comes with many built-in presets.
+We recommend you browse [Renovate's default presets](../presets-default.md).
+Again, to use the preset: add it to the `"extends"` array in your Renovate config file.
 
 ### Contributing a new built-in preset
 
 If you have a Renovate config that may help others, you can put it into Renovate's built-in presets.
-
 Read [Contributing to presets](../config-presets.md#contributing-to-presets) to learn how.
 
 ## Summary
 
 In short:
 
-- Browse [Renovate's default presets](../presets-default.md) to find any that are useful to you
-- Publish your own if you wish to reuse them across repositories
+- Browse [Renovate's default presets](../presets-default.md), or our other presets, to find helpful presets
+- Use presets by putting them in the `"extends"` array in your Renovate config file
+- To manage the Renovate configuration for many repositories at once, create a global preset config file
+- The order of presets matters: in a logical conflict, the last preset in the `"extends"` array "wins"

lib/config/options/index.ts

@@ -515,7 +515,7 @@ const options: RenovateOptions[] = [
     description:
       'Change this value to override the default Renovate sidecar image.',
     type: 'string',
-    default: 'ghcr.io/containerbase/sidecar:11.11.12',
+    default: 'ghcr.io/containerbase/sidecar:11.11.14',
     globalOnly: true,
   },
   {

lib/config/presets/internal/workarounds.ts

@@ -269,9 +269,7 @@ export const presets: Record<string, Preset> = {
           'registry.access.redhat.com/rhel8/**',
           'registry.access.redhat.com/rhel9/**',
           'registry.access.redhat.com/rhscl/**',
-          'registry.access.redhat.com/ubi7**',
-          'registry.access.redhat.com/ubi8**',
-          'registry.access.redhat.com/ubi9**',
+          'registry.access.redhat.com/ubi*{,/}**',
           'redhat/**',
         ],
         versioning: 'redhat',

lib/data/monorepo.json

@@ -389,6 +389,7 @@
     "nivo": "https://github.com/plouc/nivo",
     "nswag": "https://github.com/RicoSuter/NSwag",
     "nuget": "https://github.com/NuGet/NuGet.Client",
+    "nuke-build": "https://github.com/nuke-build/nuke",
     "nuxtjs": [
       "https://github.com/nuxt/nuxt.js",
       "https://github.com/nuxt/nuxt"

lib/modules/manager/azure-pipelines/readme.md

@@ -44,7 +44,7 @@ resources:
     - container: linux
       image: ubuntu:24.04
     - container: python
-      image: python:3.12@sha256:11aa4b620c15f855f66f02a7f3c1cd9cf843cc10f3edbcf158e5ebcd98d1f549
+      image: python:3.12@sha256:73840b2eacd375e9ab38d65c5ccca1f98524cabccbdc4f9d0932a55d1967a1ab
 
 stages:
   - stage: StageOne

lib/modules/manager/bundler/readme.md

@@ -1,8 +1,14 @@
-The `bundler` manager is used to extract dependencies from `Gemfile` and `Gemfile.lock` files.
+Renovate uses the `bundler` manager to extract dependencies from `Gemfile` and `Gemfile.lock` files.
 
 ### Authenticating private registry
 
-If you need Bundler to authenticate with a private registry - and it's not the same host as your GitHub/GitLab/etc - then you should do so with `hostRules` and be sure to set the `hostType`. e.g.
+If:
+
+- you need Bundler to authenticate to a private registry
+- _and_ that private registry is _not_ on the same host as Renovate (your GitHub/GitLab/etc)
+
+Then you should authenticate Renovate with `hostRules`.
+For example:
 
 ```json
 {
@@ -16,17 +22,13 @@ If you need Bundler to authenticate with a private registry - and it's not the s
 }
 ```
 
-Important notes regarding the above:
-
-`hostType` is a required field, and you must provide a value.
-If you use Renovate `v26` or higher, set `hostType=rubygems`.
-If you use Renovate `v25` or lower, set `hostType=bundler`.
-
-If the registry is used for multiple package types then you may need multiple `hostRules`.
+Important notes:
 
-Instead of `token`, you may also supply `username` and `password` instead.
+- `hostType` is a required field, set `hostType=rubygems`
+- If you use the same registry for more than one package type, you may need more than one `hostRules` entry
+- Instead of `token`, you can use a `username` and `password`
 
-If you don't want to commit raw secrets to your repository, either:
+To avoid committing raw secrets to your repository, either:
 
-- If self hosting, add the `hostRules` to your bot's configuration file rather than the repository's configuration file, or
-- If using the Mend Renovate App, make use of the [`encrypted`](../../../configuration-options.md#encrypted) capability
+- If self-hosting: add the `hostRules` to your bot config file, instead of the repository configuration file, or
+- If using the Mend Renovate App: use the [`encrypted`](../../../configuration-options.md#encrypted) config option

lib/modules/manager/cargo/artifacts.spec.ts

@@ -7,7 +7,7 @@ import {
 } from '../../../../test/exec-util';
 import { env, fs, git, mocked } from '../../../../test/util';
 import { GlobalConfig } from '../../../config/global';
-import type { RepoGlobalConfig, UpdateType } from '../../../config/types';
+import type { RepoGlobalConfig } from '../../../config/types';
 import * as docker from '../../../util/exec/docker';
 import { ExecError } from '../../../util/exec/exec-error';
 import * as _hostRules from '../../../util/host-rules';
@@ -132,7 +132,6 @@ describe('modules/manager/cargo/artifacts', () => {
         packageName: 'dep1',
         lockedVersion: '1.0.0',
         newVersion: '1.0.1',
-        updateType: 'lockfileUpdate' satisfies UpdateType as UpdateType,
       },
     ];
     expect(
@@ -291,21 +290,18 @@ describe('modules/manager/cargo/artifacts', () => {
         packageName: 'dep1',
         lockedVersion: '1.0.0',
         newVersion: '1.0.1',
-        updateType: 'lockfileUpdate' satisfies UpdateType as UpdateType,
       },
       {
         depName: 'dep2',
         packageName: 'dep2',
         lockedVersion: '1.0.0',
         newVersion: '1.0.2',
-        updateType: 'lockfileUpdate' satisfies UpdateType as UpdateType,
       },
       {
         depName: 'dep3',
         packageName: 'dep3',
         lockedVersion: '1.0.0',
         newVersion: '1.0.3',
-        updateType: 'lockfileUpdate' satisfies UpdateType as UpdateType,
       },
     ];
 
@@ -332,62 +328,6 @@ describe('modules/manager/cargo/artifacts', () => {
     ]);
   });
 
-  it('runs cargo update precise only for lockfile update', async () => {
-    fs.statLocalFile.mockResolvedValueOnce({ name: 'Cargo.lock' } as any);
-    fs.findLocalSiblingOrParent.mockResolvedValueOnce('Cargo.lock');
-    git.getFile.mockResolvedValueOnce('Old Cargo.lock');
-    const execSnapshots = mockExecAll();
-    fs.findLocalSiblingOrParent.mockResolvedValueOnce('Cargo.lock');
-    fs.readLocalFile.mockResolvedValueOnce('New Cargo.lock');
-    const updatedDeps = [
-      {
-        depName: 'dep1',
-        packageName: 'dep1',
-        updateType: 'minor' satisfies UpdateType as UpdateType,
-        lockedVersion: '1.0.0',
-        newVersion: '1.0.1',
-      },
-      {
-        depName: 'dep2',
-        packageName: 'dep2',
-        updateType: 'minor' satisfies UpdateType as UpdateType,
-        lockedVersion: '1.0.0',
-        newVersion: '1.0.2',
-      },
-      {
-        depName: 'dep3',
-        packageName: 'dep3',
-        updateType: 'lockfileUpdate' satisfies UpdateType as UpdateType,
-        lockedVersion: '1.0.0',
-        newVersion: '1.0.3',
-      },
-    ];
-    expect(
-      await cargo.updateArtifacts({
-        packageFileName: 'Cargo.toml',
-        updatedDeps,
-        newPackageFileContent: '{}',
-        config,
-      }),
-    ).toEqual([
-      { file: { contents: undefined, path: 'Cargo.lock', type: 'addition' } },
-    ]);
-    expect(execSnapshots).toMatchObject([
-      {
-        cmd:
-          'cargo update --config net.git-fetch-with-cli=true' +
-          ' --manifest-path Cargo.toml' +
-          ' --workspace',
-      },
-      {
-        cmd:
-          'cargo update --config net.git-fetch-with-cli=true' +
-          ' --manifest-path Cargo.toml' +
-          ' --package [email protected] --precise 1.0.3',
-      },
-    ]);
-  });
-
   it('returns updated Cargo.lock when there are no more dependencies to update', async () => {
     fs.findLocalSiblingOrParent.mockResolvedValueOnce('Cargo.lock');
     fs.readLocalFile.mockResolvedValueOnce('New Cargo.lock');

lib/modules/manager/cargo/artifacts.ts

@@ -54,10 +54,6 @@ async function cargoUpdatePrecise(
   // Update individual dependencies to their `newVersion`. Necessary when
   // using the `update-lockfile` rangeStrategy which doesn't touch Cargo.toml.
   for (const dep of updatedDeps) {
-    // Cargo update should already have handled any non-lockfile updates
-    if (dep.updateType !== 'lockfileUpdate') {
-      continue;
-    }
     cmds.push(
       `cargo update --config net.git-fetch-with-cli=true` +
         ` --manifest-path ${quote(manifestPath)}` +
@@ -148,6 +144,7 @@ async function updateArtifactsImpl(
           config.constraints?.rust,
         );
       } else {
+        // If all dependencies have locked versions then update them precisely.
         await cargoUpdatePrecise(
           packageFileName,
           updatedDeps,