Automated dependency updates. Flexible, so you don't need to be.
- Receive automated Pull Requests whenever dependencies need updating. Or whenever you schedule it for.
- Renovate discovers and processes all dependency files in a repository (e.g. supports monorepo architecture such as lerna or yarn workspaces)
- Extremely customisable behaviour via configuration files or within your
package.json
- Use eslint-like shared config presets for ease of use and simplifying configuration
- Update lock files natively in the same commit, including immediately resolving conflicts whenever PRs are merged
- Supports GitHub, GitLab (APIv4) and VSTS. BitBucket is a WIP.
- Open source (installable via npm/yarn) so can be self-hosted or used for free via GitHub App
Renovate was released in 2017 and is now widely used in the developer community. Example users include the following GitHub organisations:
- Everyone can benefit from automation, whether it's a little or a lot
- Renovate should not cause you to change your workflow against your wishes - don't enforce opinions on users
- All behaviour should be configurable, down to a ridiculous level if desired
- Autodetect settings wherever possible (to minimise configuration) but always allow overrides
The easiest way to use Renovate if you are on GitHub is to use the Renovate app. Go to https://github.com/apps/renovate to install it now.
The Configuration and Configuration FAQ documents should be helpful.
You can also raise an issue in https://github.com/renovateapp/config-help if you'd like to get your config reviewed or ask any questions.
If you are not on GitHub or you prefer to run your own copy of Renovate, then it takes only seconds to set up. Please see docs/self-hosting.md for instructions.
If you would like to contribute to Renovate or get a local copy running for some other reason, please see the instructions in contributing.md.
If you discover any important bug with Renovate that may pose a security problem, please disclose it confidentially to security@renovateapp.com first, so that it can be assessed and hopefully fixed prior to being exploited. Please do not raise GitHub issues for security-related doubts or problems.