Direct Renovate to ignore MySQL and RabbitMQ packages

[cneill]

Description

Since we have deprecated MySQL and RabbitMQ as of v2.36.0, this PR will remove them from the list of packages for which Renovate will open PRs for every version bump (as seen with e.g. #10502 #10510). This is part of our gradual removal of these packages now that they are no longer supported.

This PR should be reverted once these packages are totally removed.

Test results

N/A

Documentation

N/A

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

This code change is related to the configuration of the Renovate bot, which is a tool used for automating dependency updates in software projects. The key changes include ignoring specific dependencies (MySQL and RabbitMQ), excluding certain file paths from the update process, updating the commit message format for dependency updates, and mapping a registry alias.

From an application security perspective, the most interesting aspect of this change is the exclusion of the "mysql" and "rabbitmq" dependencies from being automatically updated. This could be a security-related decision, as these dependencies may be critical to the application's functionality and should be updated with caution to avoid introducing vulnerabilities. Additionally, the exclusion of certain file paths could also be a security-related decision, as it may exclude files or directories that contain sensitive information or are critical to the application's security.

Overall, this code change appears to be a routine update to the Renovate bot configuration, with a focus on controlling which dependencies are automatically updated and which files are excluded from the update process. While there are no obvious security concerns, it's important to review the impact of such changes on the overall security posture of the application.

Files Changed:

• .github/renovate.json: This file contains the configuration for the Renovate bot, which is used to automate dependency updates in the project. The changes include:
  • Ignoring the "mysql" and "rabbitmq" dependencies, which could be a security-related decision.
  • Excluding additional file paths, such as "requirements.txt", "components/package.json", and others, from the update process, which could also be a security-related decision.
  • Updating the commit message format for dependency updates to include the current and new versions, as well as the package file that was updated.
  • Mapping the "bitnami" registry to the "https://charts.bitnami.com/bitnami" URL.

Powered by DryRun Security

[mtesauro]

Approved