feat: add aube and allow_builds for npm:renovate#344
Draft
zeitlinger wants to merge 1 commit into
Draft
Conversation
mise's npm backend uses --ignore-scripts=true, silently preventing renovate's re2 dependency from downloading its native binary at install time. aube (picked up automatically by mise when installed) supports per-tool allow_builds allowlisting. flint init and flint-setup now: - add `aube` alongside `node` when npm:renovate is selected - write npm:renovate as an inline table with allow_builds = ["re2"] - detect and fix existing repos missing this config Signed-off-by: Gregor Zeitlinger <gregor.zeitlinger@grafana.com>
This was referenced Jun 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
aubealongsidenodewhennpm:renovateis selected viaflint initnpm:renovateas{ version = "...", allow_builds = ["re2"] }instead of a plain stringflint-setup/flint run --fix flint-setupBackground
mise's npm backend installs with
--ignore-scripts=true, which silently breaks renovate'sre2native dependency (postinstall script downloads the binary). aube is mise's fast package manager that supportsallow_buildsallowlisting per tool — mise picks it up automatically when installed (jdx/mise#10237).Blocking: CI currently failing
CI fails because
@yarnpkg/libzip@3.2.2(a renovate transitive dep) dropped npm provenance attestation relative to3.2.1, triggering aube'strustPolicy=no-downgradecheck (ERR_AUBE_TRUST_DOWNGRADE, exit 23). Reported upstream: yarnpkg/berry#7182. Will unblock once yarnpkg publishes a fixed version.Test plan
cargo testpassesflint initon a repo with renovate-deps addsaubeand writes inline tableflint run --fix flint-setupon an existing repo with plainnpm:renovatemigrates it