Renovate will now attempt to decrypt with existing default padding, and if that fails then try with RSA_PKCS1_PADDING.

Changes PR body to show both homepage and source repo if both are present in the datasource metadata.

Closes #2387

Adds new admin option “skipInstalls” that is applicable for npm-only for now (including lerna-npm). If set to false, Renovate will perform a full install of modules rather than `—package-lock-only`. This is necessary in some cases to work around bugs in npm.

Self-hosted bot users can set this option themselves on the bot’s config, but app users will require it to be enabled per-repository by the app admin.

Necessary because of https://npm.community/t/scoped-packages-have-latest-version-disappear-temporarily-soon-after-publish/633

Until the npmjs registry can return consistent results, we need to disable roll back PRs.

Closes #2148

Adds field prettyDepType available for templates, currently used for npm only. Allows for PR titles like “Update devDependency left-pad to v1.3.0” instead of default “Update dependency left-pad to v1.3.0”.

To enable in PR titles: add this configuration: `"commitMessageTopic": "{{prettyDepType}} {{depName}}”`

This is not enabled by default as otherwise it could lead to the reopening of previously manually-closed PRs.

Closes #2371, Closes #1863

Add support for renovating Docker images in Kubernetes manifests

Adds support for GitHub-hosted presets, using the `github>` prefix. Supports single preset per repository only.

Example:

```json
{
  "extends": ["github>renovatebot/renovate"]
}
```

The above would extend the `renovate.json` inside this repository (probably not a good idea, but an example).

Closes #2102, Closes #2312

For use in new app

Adds rules to skip any configured grouping or schedules that prevent insecure packages from being updated immediately.

If GitHub's vulnerability alerts are detected, package rules are added to force empty schedule and grouping for each affected package. Settings are configurable via new `vulnerabilityAlerts` config object, e.g. so that custom PR titles, labels or assignees can be configured.

Closes #1567

Adds new config option `rollbackPrs` which defaults to `true` (current behaviour). Setting to false will disable creation of rollback PRs - configurable globally, per-language, per-package, etc.

Adds support for .gitlabci.yml files. Part of the logic is same as Docker Compose files, however the “services” list is new/different so requires additional logic.

Closes #1598

"docker" in config now refers to the Docker "language", which is the parent of dockerfile, docker-compose and circleci managers.

This should address the GITHUB_ENDPOINT problem in #2249

This reverts commit 247bdf6b.

Refactors template logic to test for isSingleVersion instead of the negative of isRange. This means that new values like `==1.2.0` in python will be presented as v1.2.0