diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 1df1eacac20..afc7b0d2fce 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -37,6 +37,13 @@ enabled: false, }, + // Re-enable vulnerability/security updates for active release branches + { + matchBaseBranches: ["release-2.5", "release-2.4", "release-2.3"], + isVulnerabilityAlert: true, + enabled: true, + }, + // Disable indirect go dependencies updates, resource: https://github.com/renovatebot/renovate/discussions/35225#discussioncomment-13666269 { matchManagers: ["gomod"], @@ -44,6 +51,14 @@ enabled: false, }, + // Re-enable vulnerability/security updates for indirect go dependencies + { + matchManagers: ["gomod"], + matchDepTypes: ["indirect"], + isVulnerabilityAlert: true, + enabled: true, + }, + { matchManagers: ["gomod"], matchBaseBranches: ["main"], diff --git a/go.mod b/go.mod index 5cef4043ed1..699c986a547 100644 --- a/go.mod +++ b/go.mod @@ -196,6 +196,7 @@ require ( github.com/pion/dtls/v2 v2.2.12 // indirect github.com/pion/logging v0.2.2 // indirect github.com/pion/transport/v2 v2.2.10 // indirect + github.com/pion/transport/v3 v3.0.7 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.2 // indirect diff --git a/hack/update-renovate-baseBranches.sh b/hack/update-renovate-baseBranches.sh index 12f7aba8c2d..5401e980330 100755 --- a/hack/update-renovate-baseBranches.sh +++ b/hack/update-renovate-baseBranches.sh @@ -31,8 +31,8 @@ echo "Updating renovate configuration with versions: $VERSION1, $VERSION2, $VERS sed -i.bak "s/baseBranches: \[\"main\", \"[^\"]*\", \"[^\"]*\", \"[^\"]*\"\],/baseBranches: [\"main\", \"$VERSION1\", \"$VERSION2\", \"$VERSION3\"],/" "$RENOVATE_CONFIG" -# Update first matchBaseBranches occurrence that disables regular updates for active release branches -sed -i.bak2 "0,/matchBaseBranches: \[\"[^\"]*\", \"[^\"]*\", \"[^\"]*\"\],/{s/matchBaseBranches: \[\"[^\"]*\", \"[^\"]*\", \"[^\"]*\"\],/matchBaseBranches: [\"$VERSION1\", \"$VERSION2\", \"$VERSION3\"],/}" "$RENOVATE_CONFIG" +# Update all matchBaseBranches occurrences that list the active release branches +sed -i.bak2 "s/matchBaseBranches: \[\"release-[^\"]*\", \"release-[^\"]*\", \"release-[^\"]*\"\],/matchBaseBranches: [\"$VERSION1\", \"$VERSION2\", \"$VERSION3\"],/g" "$RENOVATE_CONFIG" rm -f "$RENOVATE_CONFIG.bak" "$RENOVATE_CONFIG.bak2"