If you find any bug with Renovate that may be a security problem, then e-mail us at: renovate-disclosure@mend.io. This way we can evaluate the bug and hopefully fix it before it gets abused. Please give us enough time to investigate the bug before you report it anywhere else.
Please do not create GitHub issues for security-related doubts or problems.
If you've found a bug or have a feature request then please create an issue in this repository (but search first in case a similar issue already exists).
If you would like to fix a bug or implement a feature, please fork the repository and create a Pull Request. More information on getting set up locally can be found in .github/local-development.md.
Before you start any Pull Request, it's recommended that you create an issue to discuss first if you have any doubts about requirements or implementation. That way you can be sure that the maintainer(s) agree on what to change and how, and you can hopefully get a quick merge afterwards. Also, let the maintainers know that you plan to work on a particular issue so that no one else starts any duplicate work.
Please do not force push to your PR's branch after you have created your PR, as doing so makes it harder for us to review your work. PRs will always be squashed by us when we merge your work. Commit as many times as you need in your pull request branch.
Please do not ping your reviewer(s) by mentioning them in a new comment. Instead, use the re-request review functionality. Read more about this in the GitHub docs, Re-requesting a review.
Sometimes the codebase can be a challenge to navigate, especially for a first-time contributor. We don't want you spending an hour trying to work out something that would take us only a minute to explain.
For that reason, we have a Slack channel dedicated to helping anyone who's working on or considering Pull Requests for Renovate. Please email rhys@arkins.net and simply mention that you need an invitation to the channel and you'll be added as soon as possible.