Renovate bot is a popular open-source tool used to automate dependency updates in software projects. It scans the project’s dependencies and automatically creates pull requests to update them to the latest version, based on configurable rules and schedules. This helps to keep the project up-to-date with the latest security patches and bug fixes, while reducing the manual effort required to manage dependencies. Renovate bot supports a wide range of programming languages and package managers, including Java and Maven.
Why Use Renovate?
- Get automated Pull Requests to update your dependencies
- Reduce noise by running Renovate on a schedule, for example:on weekends outside of working hours each week each month
- Relevant package files are discovered automatically
- Supports monorepo architectures like Lerna or Yarn workspaces with no extra configuration
- Bot behavior is customizable via configuration files (config as code)
- Use ESLint-like shared config presets for ease of use and simplifying configuration (JSON format only)
- Lock files are supported and updated in the same commit, including immediately resolving conflicts whenever PRs are merged
- Get replacement PRs to migrate from a deprecated dependency to the community suggested replacement (npm packages only)
- Open source (installable via npm/Yarn or Docker Hub) so can be self-hosted or used via GitHub App
Renovate bot: https://docs.renovatebot.com/