Dependency Management Support Matrix

This page details the compatibility, support and implementation limitations of certain managers. It is intended to supply the list of currently supported managers.

Python dependencies

Manager / Python version

3.9

3.10

3.11

3.12

3.13

poetry

pdm

pip-compile [1]

-

-

-

-

pipenv [2]

uv [3]

  • Only minor versions (e.g. 3.13) are generally supported, patch versions (e.g. 3.13.4) are not

  • Python 3.8 and older are not supported.

  • peynv is available and used to install Python 3.10 and Python 3.13, which are not available in UBI images.

Using uv pip compile instead of pip-compile

If Python 3.12 for pip-compile is not sufficient for your project, consider using uv pip compile instead, see the uv docs and Renovate docs.

In order to start using uv pip compile, run this command once manually: uv pip compile --python-version=3.13 requirements.in --output-file=requirements.txt and push the file into the repository.

Once done, the file should have this header:

# This file was autogenerated by uv via the following command:
#    uv pip compile --python-version=3.13 --output-file=requirements.txt requirements.in

and Renovate will parse the version from it. By changing the --python-version argument you can force the locking mechanism to use any Python version you need.

RPM lock files

Capability

Supported

Generate a new rpms.lock.yaml

No

Update existing rpms.lock.yaml

Yes

Update multiple lock files in subdirectories

No

Work with different lock file in multiple branches

No [4]

Display individual package upgrades in PR description

Yes

Match CVE data to package upgrades

(root rpms.lock.yaml)

Yes [5]

Match CVE data to package upgrades

(subdirectory rpms.lock.yaml)

No

Go dependencies

MintMaker sets the GOTOOLCHAIN=auto environment variable, so when updating dependencies, Go will choose the correct toolchain version automatically.

Renovate will automatically update the go and toolchain directives in case it is required by an updated dependency. This cannot be changed in the configuration.

1. pip-tools is installed using Python 3.12 and cannot be invoked for any other Python version
2. Only python_version is supported, python_full_version can fail for specific Python versions
3. uv supports any Python version by installing it at runtime
4. Only a single branch is properly supported at the moment
5. Occassionally the [SECURITY] label might be missing, despite CVE description being included