#renovate — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #renovate, aggregated by home.social.
-
RE: https://mastodon.social/@hugovk/116399324188897230
Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.
But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.
I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉
Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/ -
RE: https://mastodon.social/@hugovk/116399324188897230
Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.
But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.
I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉
Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/ -
RE: https://mastodon.social/@hugovk/116399324188897230
Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.
But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.
I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉
Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/ -
RE: https://mastodon.social/@hugovk/116399324188897230
Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.
But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.
I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉
Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/ -
RE: https://mastodon.social/@hugovk/116399324188897230
Starting with v8.0.0, Astral switched setup-uv to immutable releases with no floating v8 tags. This is good for security.
But unfortunately #Dependabot and #Renovate couldn't upgrade from v7 to v8.0.0, and need a manual bump to get back on track. This is not so good for security.
I posted about this on the three social networks, someone tagged @www.jvt.me and soon after Renovate now supports this! 🎉
Here's his writeup into the world of #GitHubActions tags:
https://www.jvt.me/posts/2026/04/24/github-actions-tagging/ -
Configuring Renovate to only suggest updates that match your go directive.
How to make sure that Renovate's updates to Go modules keep you within the minor version of your `go` directive.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/05/02/renovate-only-go-directive/
-
Configuring Renovate to only suggest updates that match your go directive.
How to make sure that Renovate's updates to Go modules keep you within the minor version of your `go` directive.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/05/02/renovate-only-go-directive/
-
Configuring Renovate to only suggest updates that match your go directive.
How to make sure that Renovate's updates to Go modules keep you within the minor version of your `go` directive.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/05/02/renovate-only-go-directive/
-
Configuring Renovate to only suggest updates that match your go directive.
How to make sure that Renovate's updates to Go modules keep you within the minor version of your `go` directive.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/05/02/renovate-only-go-directive/
-
Configuring Renovate to only suggest updates that match your go directive.
How to make sure that Renovate's updates to Go modules keep you within the minor version of your `go` directive.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/05/02/renovate-only-go-directive/
-
I'm on Fallthrough: No Country for Old Maintainers
Announcing my appearance as a co-host on Fallthrough, talking about a mix of current affairs, including OAuth, maintainer burnout, of course some AI and more.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/25/fallthrough-supply-chain/
-
I'm on Fallthrough: No Country for Old Maintainers
Announcing my appearance as a co-host on Fallthrough, talking about a mix of current affairs, including OAuth, maintainer burnout, of course some AI and more.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/25/fallthrough-supply-chain/
-
I'm on Fallthrough: No Country for Old Maintainers
Announcing my appearance as a co-host on Fallthrough, talking about a mix of current affairs, including OAuth, maintainer burnout, of course some AI and more.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/25/fallthrough-supply-chain/
-
I'm on Fallthrough: No Country for Old Maintainers
Announcing my appearance as a co-host on Fallthrough, talking about a mix of current affairs, including OAuth, maintainer burnout, of course some AI and more.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/25/fallthrough-supply-chain/
-
I'm on Fallthrough: No Country for Old Maintainers
Announcing my appearance as a co-host on Fallthrough, talking about a mix of current affairs, including OAuth, maintainer burnout, of course some AI and more.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/25/fallthrough-supply-chain/
-
A deep dive into the wild world of GitHub Actions' tagging formats
Inside the ways that GitHub Actions' versioning works, and how we improved Renovate's support.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/24/github-actions-tagging/
-
A deep dive into the wild world of GitHub Actions' tagging formats
Inside the ways that GitHub Actions' versioning works, and how we improved Renovate's support.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/24/github-actions-tagging/
-
A deep dive into the wild world of GitHub Actions' tagging formats
Inside the ways that GitHub Actions' versioning works, and how we improved Renovate's support.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/24/github-actions-tagging/
-
A deep dive into the wild world of GitHub Actions' tagging formats
Inside the ways that GitHub Actions' versioning works, and how we improved Renovate's support.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/24/github-actions-tagging/
-
A deep dive into the wild world of GitHub Actions' tagging formats
Inside the ways that GitHub Actions' versioning works, and how we improved Renovate's support.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/24/github-actions-tagging/
-
I'm on Fallthrough: Supply Chain Reaction
Announcing my appearance as a guest co-host on Fallthrough, talking about supply chain security, AI, Claude Mythos, and many more topics.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/18/fallthrough-supply-chain/
-
I'm on Fallthrough: Supply Chain Reaction
Announcing my appearance as a guest co-host on Fallthrough, talking about supply chain security, AI, Claude Mythos, and many more topics.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/18/fallthrough-supply-chain/
-
I'm on Fallthrough: Supply Chain Reaction
Announcing my appearance as a guest co-host on Fallthrough, talking about supply chain security, AI, Claude Mythos, and many more topics.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/18/fallthrough-supply-chain/
-
I'm on Fallthrough: Supply Chain Reaction
Announcing my appearance as a guest co-host on Fallthrough, talking about supply chain security, AI, Claude Mythos, and many more topics.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/18/fallthrough-supply-chain/
-
I'm on Fallthrough: Supply Chain Reaction
Announcing my appearance as a guest co-host on Fallthrough, talking about supply chain security, AI, Claude Mythos, and many more topics.https://fed.brid.gy/r/https://www.jvt.me/posts/2026/04/18/fallthrough-supply-chain/
-
mogenius/renovate-operator: Operator to streamline renovate executions in Kubernetes
"Run Renovate on your own infrastructure with CRD-based scheduling, parallel execution, auto-discovery, and a built-in UI."
Link: https://github.com/mogenius/renovate-operator
#linkdump #dependencies #development #kubernetes #renovate #tool
-
mogenius/renovate-operator: Operator to streamline renovate executions in Kubernetes
"Run Renovate on your own infrastructure with CRD-based scheduling, parallel execution, auto-discovery, and a built-in UI."
Link: https://github.com/mogenius/renovate-operator
#linkdump #dependencies #development #kubernetes #renovate #tool
-
mogenius/renovate-operator: Operator to streamline renovate executions in Kubernetes
"Run Renovate on your own infrastructure with CRD-based scheduling, parallel execution, auto-discovery, and a built-in UI."
Link: https://github.com/mogenius/renovate-operator
#linkdump #dependencies #development #kubernetes #renovate #tool
-
mogenius/renovate-operator: Operator to streamline renovate executions in Kubernetes
"Run Renovate on your own infrastructure with CRD-based scheduling, parallel execution, auto-discovery, and a built-in UI."
Link: https://github.com/mogenius/renovate-operator
#linkdump #dependencies #development #kubernetes #renovate #tool
-
mogenius/renovate-operator: Operator to streamline renovate executions in Kubernetes
"Run Renovate on your own infrastructure with CRD-based scheduling, parallel execution, auto-discovery, and a built-in UI."
Link: https://github.com/mogenius/renovate-operator
#linkdump #dependencies #development #kubernetes #renovate #tool
-
Do you use astral-sh/setup-uv@v7 in #GitHubActions?
And it's not hash-pinned?
And you use #Dependabot or #Renovate?
The setup-uv project has switched to only Vx.y.z tags, no more Vx or Vx.y.
But Dependabot and Renovate won't upgrade from Vx to Vx.y.z, so you'll need to manually update to [email protected] to keep up with future updates.
"To increase security even more we will stop publishing minor tags. You won't be able to use v8 or v8.0 any longer."
-
Do you use astral-sh/setup-uv@v7 in #GitHubActions?
And it's not hash-pinned?
And you use #Dependabot or #Renovate?
The setup-uv project has switched to only Vx.y.z tags, no more Vx or Vx.y.
But Dependabot and Renovate won't upgrade from Vx to Vx.y.z, so you'll need to manually update to [email protected] to keep up with future updates.
"To increase security even more we will stop publishing minor tags. You won't be able to use v8 or v8.0 any longer."
-
Do you use astral-sh/setup-uv@v7 in #GitHubActions?
And it's not hash-pinned?
And you use #Dependabot or #Renovate?
The setup-uv project has switched to only Vx.y.z tags, no more Vx or Vx.y.
But Dependabot and Renovate won't upgrade from Vx to Vx.y.z, so you'll need to manually update to [email protected] to keep up with future updates.
"To increase security even more we will stop publishing minor tags. You won't be able to use v8 or v8.0 any longer."
-
Do you use astral-sh/setup-uv@v7 in #GitHubActions?
And it's not hash-pinned?
And you use #Dependabot or #Renovate?
The setup-uv project has switched to only Vx.y.z tags, no more Vx or Vx.y.
But Dependabot and Renovate won't upgrade from Vx to Vx.y.z, so you'll need to manually update to [email protected] to keep up with future updates.
"To increase security even more we will stop publishing minor tags. You won't be able to use v8 or v8.0 any longer."
-
Do you use astral-sh/setup-uv@v7 in #GitHubActions?
And it's not hash-pinned?
And you use #Dependabot or #Renovate?
The setup-uv project has switched to only Vx.y.z tags, no more Vx or Vx.y.
But Dependabot and Renovate won't upgrade from Vx to Vx.y.z, so you'll need to manually update to [email protected] to keep up with future updates.
"To increase security even more we will stop publishing minor tags. You won't be able to use v8 or v8.0 any longer."
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
Minimum Release Age Is an Underrated Supply Chain Defense, by @daniakash.com:
https://daniakash.com/posts/simplest-supply-chain-defense/
#security #dependencies #npm #bun #pnpm #yarn #deno #renovate #dependabot #axios
-
-
-
-
-
Our hosted #renovate bot now runs via the mogenius/renovate-operator (https://github.com/mogenius/renovate-operator).
This enables webhook-based support, i.e. clicking the checkboxes in the renovate dashboard and PR actions now have an effect!
Read more here: https://forum.codefloe.com/t/2026-03-30-improvements-to-the-hosted-renovate-bot/90
-
Our hosted #renovate bot now runs via the mogenius/renovate-operator (https://github.com/mogenius/renovate-operator).
This enables webhook-based support, i.e. clicking the checkboxes in the renovate dashboard and PR actions now have an effect!
Read more here: https://forum.codefloe.com/t/2026-03-30-improvements-to-the-hosted-renovate-bot/90
-
Our hosted #renovate bot now runs via the mogenius/renovate-operator (https://github.com/mogenius/renovate-operator).
This enables webhook-based support, i.e. clicking the checkboxes in the renovate dashboard and PR actions now have an effect!
Read more here: https://forum.codefloe.com/t/2026-03-30-improvements-to-the-hosted-renovate-bot/90
-
Our hosted #renovate bot now runs via the mogenius/renovate-operator (https://github.com/mogenius/renovate-operator).
This enables webhook-based support, i.e. clicking the checkboxes in the renovate dashboard and PR actions now have an effect!
Read more here: https://forum.codefloe.com/t/2026-03-30-improvements-to-the-hosted-renovate-bot/90
-
I posted a blog about: How to keep your #Puppet modules up to date with #Renovate
https://dev.to/betadots/how-to-keep-your-puppet-modules-up-to-date-with-renovate-19jn
-
I posted a blog about: How to keep your #Puppet modules up to date with #Renovate
https://dev.to/betadots/how-to-keep-your-puppet-modules-up-to-date-with-renovate-19jn