Skip to content

v7.0.0

Latest

Choose a tag to compare

@kdeldycke kdeldycke released this 02 Jul 10:02
Immutable release. Only release title and notes can be modified.

Note

7.0.0 is available on 🐍 PyPI and 🐙 GitHub.

  • Breaking: Remove the Renovate integration: the renovate.yaml workflow, the bundled renovate.json5, the check-renovate command, and the Dependabot-to-Renovate migration are gone, replaced by self-hosted dependency updates (below). Downstream repos prune the orphaned files on their next repomatic init.
  • Breaking: repomatic update-checksums is now registry-only: the workflow-file argument and the --registry flag are removed, so it only refreshes the binary tool checksums.
  • Add sync-deps, the single entry point for dependency updates: runs every enabled updater or a named subset in parallel and applies them in order, with a --dry-run preview.
  • Add sync-tool-versions: bumps each repomatic run tool to its latest release past the cooldown and refreshes the binary tool checksums in the same pass.
  • Add sync-action-pins: bumps SHA-pinned GitHub Actions to their latest release past the cooldown, resolving each release tag to its commit SHA.
  • Add sync-workflow-pins: bumps the npm and PyPI version literals embedded in workflow YAML past the cooldown.
  • Add [tool.repomatic] minimum-release-age (default 8 days), the shared stabilization cooldown for the sync updaters, plus per-updater tool-versions.sync, action-pins.sync, and workflow-pins.sync toggles.
  • repomatic run now runs npm-backed tools, starting with awesome-lint, installed from the npm registry with per-tarball integrity and the minimum-release-age cooldown; the lint-awesome job now calls repomatic run awesome-lint.
  • Add a [tool.repomatic] changelog.archive-location option pointing at an archive file for older release sections, so lint-changelog treats archived versions as documented instead of flagging them as orphans.
  • Dependency-updater PR bodies now share sync-uv-lock's format: a cooldown cutoff date, a Held back by cooldown section, and a Release notes dropdown between them.
  • repomatic run now applies the minimum-release-age cooldown to the transitive dependencies of its uvx-installed tools; binary and uv run tools stay pinned as before.
  • The autofix workflow now runs the dependency updaters weekly on a schedule, so quiet repositories still pick up dependency, tool, and action-pin updates.
  • REPOMATIC_PAT no longer requires the Commit statuses permission; lint-repo now warns when a token still grants it so it can be tightened.
  • Drop the pydriller dependency: Git history operations now invoke the git CLI directly, shrinking the install and compiled-binary footprint.
  • repomatic run now animates a spinner while downloading a tool whose server omits a Content-Length, where it previously showed nothing.
  • The generated Python compatibility matrix in install.md now covers pre-classifier releases, falling back to requires-python, Poetry, or setup.py metadata to infer supported versions.
  • Fix update-deps-graph rendering only one of several extras or dependency groups that share a directly-declared dependency; each now gets its own subgraph.
  • Fix broken documentation links: the standalone-binary downloads (versionless 404s), the pipx installation guide, and the GitHub matrix-strategy reference.

Full changelog: v6.31.0...v7.0.0


🛡️ VirusTotal scans

Binary Detections Analysis
repomatic-7.0.0-linux-arm64.bin 1 / 61 View scan
repomatic-7.0.0-linux-x64.bin 0 / 63 View scan
repomatic-7.0.0-macos-arm64.bin 1 / 58 View scan
repomatic-7.0.0-macos-x64.bin 1 / 61 View scan
repomatic-7.0.0-windows-arm64.exe 2 / 67 View scan
repomatic-7.0.0-windows-x64.exe 15 / 70 View scan