Adds yarn mutex file flag to cmd line if set in env

feat: stringify unknown errors for better visibility

When pinning, check that the “version” in a lock file is a valid semver, and ignore it if not.

When package-lock.json or yarn.lock files are present, and Renovate needs to “pin” any dependencies (e.g. after onboarding), it will use whatever version is in the lockfile rather than the latest version on npm js that satisfies the semver range. This should increase the chance that Pin Dependencies PRs pass tests, as it should use as close as possible dependencies as the previous time the lock file was committed to master. Thanks to @alexeagle for first suggesting this.

Closes #1362

#1407 introduced a bug where the replacement logic breaks if the value of the npmrc key is a boolean.

Adds a `renovate/verify` status check for those migrating and looking for familiarity. Better to check the GPG verified commit, as mentioned in the associated doc.

Also renames repoName to repository

Adds a config option to bot administrators called `exposeEnv`, for cases where repositories are trusted. If set to true, the bot's full `process.env` can be used for `.npmrc` variable substitution and is passed to child processes when generating lock files. Disabled by default, including in the App.

fix: update dependency pnpm to v1.31.0

Adds new config option `versionStrategy` that allows config to override Renovate’s autodetection of when to “widen” an existing semver range, and when to “replace”.

Enables peerDependencies renovation by default, now that complex semver ranges can be upgraded.

Adds support for ranges, such as `”1.x - 2.x”`. Adds support for widening .x ranges, e.g. `”1.x || 2.x”` becomes updated to `”1.x || 2.x || 3.x”`.

Closes #687

When an “or” semver (e.g. “react”: “^14.4.0 || ^15.0.0”) is found, we now widen it. e.g. the result will be “^14.4.0 || ^15.0.0”.

Adds support for "less than" semver, and for complex semver values that end in "less than" e.g. ">= 1.0.0 < 2.0.0". Also supports complex semver values that end in "less than or equal to", although they make a lot less sense, e.g. ">= 1.0.0 <= 2.0.0".

Closes #1433

This stops HTML substitution from occurring

Detects any greenkeeper configuration fields and migrates them to Renovate’s config during onboarding.

Closes #1429

Changes the way Renovate treats renovate config inside `package.json` files. Before, config used to be applied only to that particular file, meaning that it was not applied for the rest of a monorepo, or for other package managers like Docker. Now, any `renovate` section inside the repository’s root `package.json` will be applied globally, just the sams as if it were contained within a `renovate.json` file. This means there is no longer any case where you *must* have a `renovate.json` file instead of `package.json`.

Closes #1323

BREAKING CHANGE: renovate config in `./package.json` is now applied to whole repository, and renovate config inside non-root `package.json` files is now ignored.

This reverts commit 1aba7c79.

Fixes #1425