From 6a95024e22a25ec107d57f11e0a0f6c06aceb233 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Wed, 5 Apr 2023 06:44:55 +0200
Subject: [PATCH] feat!: allow post upgrade templating by default (#21326)

Closes #21320

BREAKING CHANGE: Post upgrade templating is now allowed by default, as long as the post upgrade task command is itself already allowed.
---
 docs/usage/self-hosted-configuration.md | 8 +++-----
 lib/config/options/index.ts             | 4 ++--
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/docs/usage/self-hosted-configuration.md b/docs/usage/self-hosted-configuration.md
index efbf6a1e5f..d133a5eb34 100644
--- a/docs/usage/self-hosted-configuration.md
+++ b/docs/usage/self-hosted-configuration.md
@@ -19,15 +19,10 @@ Please also see [Self-Hosted Experimental Options](./self-hosted-experimental.md
 
 ## allowPostUpgradeCommandTemplating
 
-Set to `true` to allow templating of dependency level post-upgrade commands.
-
 Let's look at an example of configuring packages with existing Angular migrations.
 
-Add two properties to `config.js`: `allowPostUpgradeCommandTemplating` and `allowedPostUpgradeCommands`:
-
 ```javascript
 module.exports = {
-  allowPostUpgradeCommandTemplating: true,
   allowedPostUpgradeCommands: ['^npm ci --ignore-scripts$', '^npx ng update'],
 };
 ```
@@ -60,6 +55,9 @@ npm ci --ignore-scripts
 npx ng update @angular/core --from=10.0.0 --to=11.0.0 --migrate-only --allow-dirty --force
 ```
 
+If you wish to disable templating because of any security or performance concern, you may set `allowPostUpgradeCommandTemplating` to `false`.
+But before you disable templating completely, try the `allowedPostUpgradeCommands` config option to limit what commands are allowed to run.
+
 ## allowScripts
 
 ## allowedPostUpgradeCommands
diff --git a/lib/config/options/index.ts b/lib/config/options/index.ts
index 5ae3071e58..b110b00c34 100644
--- a/lib/config/options/index.ts
+++ b/lib/config/options/index.ts
@@ -24,9 +24,9 @@ const options: RenovateOptions[] = [
   {
     name: 'allowPostUpgradeCommandTemplating',
     description:
-      'Set this to `true` to allow templating for post-upgrade commands.',
+      'Set this to `false` to disable template compilation for post-upgrade commands.',
     type: 'boolean',
-    default: false,
+    default: true,
     globalOnly: true,
   },
   {
-- 
GitLab