Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.246.0
What's Changed
- Avoid passing nil url to registry client by @bdragon in #9111
- make DependencySnapshot aware of multiple directories by @jakecoffman in #8963
- Set the dependabot_updater_version docker env from the build arg by @Nishnha in #9116
- Update referenced projects during a run of NuGetUpdater. by @JoeRobich in #9097
- Strict type
Dependabot::Clients::Bitbucketby @JamieMagee in #9113 - Strict type
Dependabot::Clients::CodeCommitby @JamieMagee in #9121 - Strict type
Dependabot::Clients::GitHubWithRetriesby @JamieMagee in #9122 - Strict type
Dependabot::Clients::GitLabWithRetriesby @JamieMagee in #9129 - Fetch the cargo config file so we fetch registry definitions by @pavera in #9109
- Strict type
Dependabot::PullRequestCreator::MessageBuilderby @JamieMagee in #9130 - add more http redirects by @brettfo in #9135
- find .nupkg URL without PackageBaseAddress by @brettfo in #9117
- Strict type
Dependabot::PullRequestUpdater::Gitlabby @JamieMagee in #9132 - output job.json at the start of a run by @jakecoffman in #9133
- Strict type
Dependabot::PullRequestCreator::Azureby @JamieMagee in #9131 - Strict type
Dependabot::PullRequestCreator::CodeCommitby @JamieMagee in #9141 - Strict type
Dependabot::PullRequestCreator::Bitbucketby @JamieMagee in #9140 - Enable
Sorbet/TrueSigilrule incomposerby @JamieMagee in #9139 - Enable
Sorbet/TrueSigilrule inelmby @JamieMagee in #9138 - Strict type
Dependabot::UpdateCheckers::Baseby @JamieMagee in #8947 - Enable
Sorbet/TrueSigilrule ingithub_actionsby @JamieMagee in #9137 - make test properly fail on malformed path by @brettfo in #9104
- don't fail completely if package version cannot be parsed by @brettfo in #9153
- Bump the sorbet group with 1 update by @dependabot in #9150
- Use new Credential class in dry-run script by @noorul in #9123
- run
nuget restoreif the first update operation failed by @brettfo in #9157 - Strict type
Dependabot::PullRequestCreator::GitHubby @JamieMagee in #9154 - Strict type
Dependabot::PullRequestCreator::Gitlabby @JamieMagee in #9155 - Strict type
Dependabot::PullRequestUpdater::Azureby @JamieMagee in #9163 - Strict type
Dependabot::PullRequestUpdater::GitHubby @JamieMagee in #9165 - Require
typed: strictforcommonby @JamieMagee in #9174 - Require
typed: truefordockerby @JamieMagee in #9175 - Require
typed: trueforsilentby @JamieMagee in #9176 - Allow a list of properties to ignore when evaluating MSBuild values. by @JoeRobich in #9164
- improve nuget v2 handling for non- nuget.org sources by @brettfo in #9172
- Switch Open Telemetry to use in_span vs start by @jpinz in #9158
- v0.246.0 by @dependabot-core-action-automation in #9161
Full Changelog: v0.245.0...v0.246.0
Contributors
bdragon, noorul, and 8 other contributors
Assets 2
v0.245.0
What's Changed
- Find Gradle repositories nested in
dependencyResolutionManagementblocks by @eikes in #7260 - Fix hardcoded amd64 arch for git-shim by @andrcuns in #9067
- Surface out of disk/memory error message for easier visibility by @honeyankit in #9064
- fix docker credential type errors by @jakecoffman in #9091
- Report release to sentry by @deivid-rodriguez in #8885
- NuGet: Set EnableWindowsTargeting as true by @na1307 in #9082
- Fix README image header by @davidstosik in #9095
- Bump to Bundler 2.5.5 by @deivid-rodriguez in #8859
- nuget updater command is already space-enabled; allow unsafe execution by @brettfo in #9092
- Strict type
Dependabot::Clients::BitbucketWithRetriesby @JamieMagee in #9087 - Run the prepare tag step on pull_request_review by @Nishnha in #9107
- v0.245.0 by @dependabot-core-action-automation in #9094
New Contributors
- @eikes made their first contribution in #7260
- @na1307 made their first contribution in #9082
- @davidstosik made their first contribution in #9095
Full Changelog: v0.244.0...v0.245.0
Contributors
eikes, davidstosik, and 8 other contributors
Assets 2
v0.244.0
What's Changed
- Expand wildcards in nuget project references by @sebasgomez238 in #8956
- Check credentials for required properties by @JamieMagee in #9052
- Properly parse .ruby-version file by @etiennebarrie in #9012
- build(deps): bump pNPM to 8.15.2 by @yeikel in #8925
- Make container image references explicit by @JamieMagee in #9044
- add missing require statement in credential.rb by @fnoGematik in #9054
- Fix dependency typo by @fredericboyer in #9049
- Report Sorbet issue to sentry without raising by @jurre in #8998
- Fix crash when updating sha-pinned images with no "latest" tag by @deivid-rodriguez in #8070
- Prevent attempt to create empty commit by @bdragon in #9061
- v0.244.0 by @dependabot-core-action-automation in #9056
New Contributors
- @sebasgomez238 made their first contribution in #8956
- @fnoGematik made their first contribution in #9054
- @fredericboyer made their first contribution in #9049
Full Changelog: v0.243.0...v0.244.0
Contributors
etiennebarrie, bdragon, and 7 other contributors
Assets 2
v0.243.0
What's Changed
- Revert "Migrate from
sentry-raventosentry-ruby" by @jakecoffman in #8874 - Docker parser/updater: also support files with a
.in the name by @danwkennedy in #8875 - try to perform environment variable expansion in
NuGet.Confingby @brettfo in #8879 - Enable version updates for devcontainers by @deivid-rodriguez in #8882
- Point again to latest pipenv release by @deivid-rodriguez in #8880
- Strict type
Dependabot::PullRequestCreator::PrNamePrefixerby @JamieMagee in #8866 - Strong type
Dependabot::PullRequestCreator::MessageBuilder::IssueLinkerby @JamieMagee in #8865 - Use proper discovery logic for dotnet-tools.json files. by @JoeRobich in #8889
- [gradle] Parse repositories from the top-level buildfile by @Nishnha in #8891
- only directly query
.nuspecfiles from nuget and azure devops by @brettfo in #8892 - Add a guard for nil top level buildfiles by @Nishnha in #8894
- Fix milestone type for PullRequestCreator by @andrcuns in #8890
- Migrate from
sentry-raventosentry-rubyby @JamieMagee in #8878 - search all candidate packages for compatibility in descending version order by @brettfo in #8901
- add a fake ecosystem for updater integration tests by @jakecoffman in #8871
- Strict type
Dependabot::MetadataFinders::CommitsFinderby @JamieMagee in #8893 - grouped security updates don't require an explicit group by @jakecoffman in #8907
- Strict type
Dependabot::MetadataFinders::Base::ReleaseFinderby @JamieMagee in #8897 - Strict type
Dependabot::MetadataFinders::Base::ChangelogPrunerby @JamieMagee in #8902 - clean directory at job start by @jakecoffman in #8912
- build(deps): bump pNPM to 8.14.3 by @yeikel in #8667
- Handle MSBuild property conditions that have a property wrapped in single quotes in NuGetUpdater by @bording in #8913
- Don't assume
.nuspecdependency group has atargetFrameworkattribute. by @brettfo in #8915 - fix nil directory causing NilClass exception by @jakecoffman in #8921
- tests for grouped security update rebase jobs by @jakecoffman in #8909
- Remove invalid UTF-8 characters from nuspec response body by @JamieMagee in #8929
- Always use .ruby-version for Bundler dependency resolution by @etiennebarrie in #8835
- fix token running out of API quota by @jakecoffman in #8877
- updater end-to-end helper script by @jakecoffman in #8932
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8920
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in #8820
- Retry transient git clone errors by @JamieMagee in #8926
- Surround command line arguments with quotes by @TomW-Skyline in #8695
- Strict type
Dependabot::PullRequestCreator::MessageBuilder::Metadata::Presenterby @JamieMagee in #8942 - Add codespell config and workflow to detect new typos, fix some already found typos by @yarikoptic in #8228
- add tests around incidental updates by @jakecoffman in #8941
- grouped security updates: use the group if one is defined by @jakecoffman in #8742
- always clone all the ecosystems by @jakecoffman in #8933
- fix smoke tests failing because Dir.entries order is not deterministic by @jakecoffman in #8945
- bump(deps): bump regclient from 0.5.1 to 0.5.6 by @yeikel in #8103
- add sorbet types to Dependabot::Job by @jakecoffman in #8943
- Do not swallow exception, print the message by @trejjam in #8928
- Bump the sorbet group with 2 updates by @dependabot in #8951
- Job ID type is always a String by @jakecoffman in #8953
- Bump the all-actions group with 3 updates by @dependabot in #8952
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #8520
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8934
- fix security updates getting into grouped code by @jakecoffman in #8957
- Don't recursively update projects which have already been evaluated by @ryanbrandenburg in #8940
- Add
sentry-opentelemetryand configure when OTel is enabled by @JamieMagee in #8935 - fix Go prerelease ordering by @jakecoffman in #8962
- make a Credential class by @jakecoffman in #8967
- Strict type
Dependabot::GitSubmodulesby @JamieMagee in #8970 - Strict type
Dependabot::Devcontainersby @JamieMagee in #8982 - force set
Condition="false"on Microsoft.WebApplication.targets by @brettfo in #8946 - escape nuget feed urls before querying by @brettfo in #8990
- fix TypeError: no implicit conversion of Credential into Hash by @jakecoffman in #8995
- add types to DependencySnapshot by @jakecoffman in #8986
- Allow
submodule_pathto be nilable by @JamieMagee in #8996 - Expand Sorbet usage by @ryanbrandenburg in #8958
- Update DevContainer by @ryanbrandenburg in #8968
- True type
Dependabot::Python::Versionby @JamieMagee in #9002 - True type
Dependabot::Bundler::FileFetcherto by @JamieMagee in #8997 - handle dependencies incidentally updated by @jakecoffman in #8803
- Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /go_modules by @dependabot in #9008
- fix(gitlab): pr creator missing default for target_project_id by @THETCR in #8985
- Add info on Docker tag support by @Nishnha in #9000
- Nuget lint by @trejjam in #8930
- Filter out NuGet feeds which don't have URLs by @JamieMagee in #9011
- only consider a package a development dependency if it doesn't have any other regular dependencies by @brettfo in #9017
- allow folllowing HTTP 307 when resolving
.nupkgcontents by @brettfo in #9022 - add types to DependencyChange by @jakecoffman in #8999
- fix directories in use for non-grouped updates by @jakecoffman in #9026
- Strict type
Dependabot::MetadataFinders::Base::ChangelogFinderby @JamieMagee in #9029 - add close up-to-date updater test by @jakecoffman in #9025
- test more of the security error scenarios by @jakecoffman in #9039
- support group configs specifically for security updates or version updates by @jakecoffman in #9040
- Strict type
Dependabot::Clients::Azureby @JamieMagee in #9042 - Fix d...
Contributors
etiennebarrie, yarikoptic, and 16 other contributors
Assets 2
v0.242.1
What's Changed
- Strong type
Dependabot::FileFetchers::Base::DependencySetby @JamieMagee in #8791 - Docker fetcher: support filenames with a
.in the middle of the name by @danwkennedy in #8862 - Centralize more Nuget calls by @ryanbrandenburg in #8849
- Unlock
excondependency range by @JamieMagee in #8850 requirerelated gems when initializing OpenTelemetry instrumentation by @JamieMagee in #8851- Disable analyzers in MSBuild temp projects by @ryanbrandenburg in #8863
- use common helper to look for
Directory.Packages.propsby @brettfo in #8842 - Allow BranchNamer to be passed a nil branch by @deivid-rodriguez in #8869
- Migrate from
sentry-raventosentry-rubyby @JamieMagee in #8818 - v0.242.1 by @dependabot-core-action-automation in #8870
New Contributors
- @danwkennedy made their first contribution in #8862
Full Changelog: v0.242.0...v0.242.1
Contributors
danwkennedy, brettfo, and 3 other contributors
Assets 2
v0.242.0
What's Changed
- Handle Update PackageReferences more correctly by @ryanbrandenburg in #8827
- Handle malformed Global.json by @ryanbrandenburg in #8812
- standardizing exception tags by @jakecoffman in #8836
- Fix reviewers, assignees types in PullReqeustCreator by @andrcuns in #8838
- Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #8824
- Bump opentelemetry-instrumentation-http from 0.23.1 to 0.23.2 in /updater by @dependabot in #8823
- Handle STDOUT more correctly by @ryanbrandenburg in #8840
- We now encourage new ecosystems by @abdulapopoola in #8844
- Strong type
Dependabot::SecurityAdvisoryby @JamieMagee in #8792 - Plugin devcontainers ecosystem by @deivid-rodriguez in #8858
- Add
devcontainersecosystem by @joshspicer in #8445 - v0.242.0 by @dependabot-core-action-automation in #8861
New Contributors
- @joshspicer made their first contribution in #8445
Full Changelog: v0.241.0...v0.242.0
Contributors
abdulapopoola, jakecoffman, and 6 other contributors
Assets 2
v0.241.0
What's Changed
- raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in #8787
- Strict type
Dependabot::GitCommitCheckerby @JamieMagee in #8789 - allow mismatching version in
.csprojby @brettfo in #8783 - Strong type
Dependabot::FileParsers::Baseby @JamieMagee in #8794 - Strict type
Dependabot::MetadataFinders::Baseby @JamieMagee in #8774 - Strong type
Dependabot::PullRequestCreator::BranchNamerby @JamieMagee in #8790 - Fix vscode rdbg launch command by @JamieMagee in #8778
- Replace extensions with up-to-date equivalents by @JamieMagee in #8784
- Allow
versionto beStringorGem::Versionby @JamieMagee in #8809 - Bundle
helpersfolder intodependabot-nugetgem by @trejjam in #8589 - Bump sorbet-runtime from 0.5.11178 to 0.5.11193 in /updater by @dependabot in #8799
- update phrasing in contributing.md by @carogalvin in #8813
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8811
- Bump the aws-sdk group in /updater with 2 updates by @dependabot in #8662
- Bump cython from 3.0.5 to 3.0.8 in /python/helpers by @dependabot in #8800
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8814
- Start removing updater coupling on specific ecosystems by @deivid-rodriguez in #8678
- Use correct global.json discovery logic when updating. by @JoeRobich in #8815
- Handle non-matching tags by @landongrindheim in #8766
- Fix type definition for approvers in pull request creator by @andrcuns in #8793
- Bump flake8 from 6.1.0 to 7.0.0 in /python/helpers by @dependabot in #8708
- Group Python helper updates by @abdulapopoola in #8819
- Bump the common group in /python/helpers with 1 update by @dependabot in #8821
- v0.241.0 by @dependabot-core-action-automation in #8830
New Contributors
- @JoeRobich made their first contribution in #8815
Full Changelog: v0.240.0...v0.241.0
Contributors
abdulapopoola, JoeRobich, and 9 other contributors
Assets 2
v0.240.0
What's Changed
- bump Cargo from 1.69.0 to 1.75.0 by @jakecoffman in #8686
- Bump Bundler to 2.5 by @deivid-rodriguez in #8619
- Move sorbet setup from omnibus to root by @deivid-rodriguez in #8670
- Fix building development image & running dry-run.rb script by @deivid-rodriguez in #8694
- Add fingerprint to dynamic git commands by @deivid-rodriguez in #8495
- Fix missing stackprof preventing dry-run.rb script from running by @deivid-rodriguez in #8696
- Dependabot should keep Cargo up to date by @jakecoffman in #8699
- create azure nuget package urls directly from endpoint types by @brettfo in #8703
- fix unsupported Go modules preventing updates by @jakecoffman in #8702
- Check if RBIs are up-to-date by @JamieMagee in #8704
- Make sure tests use the same gem versions we use in production by @deivid-rodriguez in #8138
- Improve root gemfile handling by @deivid-rodriguez in #8712
- Only create PRs for dependencies in the sorbet group by @deivid-rodriguez in #8718
- Handle missing files by @ryanbrandenburg in #8661
- properly locate
nuget.configwhen it's further up-directory from a project by @brettfo in #8722 - Support Python 3.12 by @deivid-rodriguez in #8732
- Improve corepack setup by @deivid-rodriguez in #7134
- Raise a proper error when
package-json.lockis not parseable by @deivid-rodriguez in #8743 - Ignore
packageManagerfield inpackage.jsonwhen unparseable by @deivid-rodriguez in #8744 - Fallback to npm 6 when lockfileVersion is not parseable as an integer by @deivid-rodriguez in #8745
- NuGet efficiency by @ryanbrandenburg in #8679
- Fix broken nuget CI by @deivid-rodriguez in #8752
- Detect version constraint violations in NuGet by @ryanbrandenburg in #8624
- Test that file_parser reads .proj files by @ryanbrandenburg in #8746
- Handle unexpected kub image shapes by @ryanbrandenburg in #8750
- Strong type
Dependabot::PullRequestCreatorby @JamieMagee in #8729 - Strong type
Dependabot::PullRequestUpdaterby @JamieMagee in #8730 - Strong type
Dependabot::RegistryClientby @JamieMagee in #8736 - Strong type
Dependabot::Config::FileFetcherby @JamieMagee in #8737 - patch user-level
NuGet.Configbefore invoking dotnet/nuget tools by @brettfo in #8748 - Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /go_modules by @rcrowe in #8757
- directory is the job directory by @jakecoffman in #8762
- Remove unnecessary gitignore rules by @deivid-rodriguez in #8761
- Strong type
Dependabot::Versionby @JamieMagee in #8727 - Strict type
Dependabot::PullRequestCreator::Labelerby @JamieMagee in #8758 - Added Ruby 3.3.0 to RubyRequirementSetter version requirements by @schinery in #8754
- add NuGet maintainers to CODEOWNERS by @jakecoffman in #8764
- Update CODEOWNERS by @jakecoffman in #8771
- Strong type
Dependabot::BranchNamer::DependencyGroupStrategyby @JamieMagee in #8770 - Fix
bin/bump-version.rbscript to also handle root lockfile by @deivid-rodriguez in #8776 - defensive programming around missing dependency files during an update by @jakecoffman in #8765
- Add missing file to version bump PR by @deivid-rodriguez in #8779
- raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in #8782
- v0.240.0 by @dependabot-core-action-automation in #8781
New Contributors
Full Changelog: v0.239.0...v0.240.0
Contributors
schinery, rcrowe, and 5 other contributors
Assets 2
v0.239.0
What's Changed
- Nuget file fetching simplifications by @deivid-rodriguez in #8524
- Add Open Telemetry Spans throughout the codebase by @jpinz in #8488
- [NuGet] add dotnet 8.0 support by @brettfo in #8562
- Teach updater how to do multi-directory version pull requests by @brbayes-msft in #8541
- report and search
*.projfiles as dependencies by @brettfo in #8569 - Run
spoom bumpas part of CI by @JamieMagee in #8469 - resolve nupkg download link from repository base address and type by @brettfo in #8575
- update NuGet.Client submodule to latest public release, 6.8.0.131 by @brettfo in #8574
- Fix docker attempting to append digest for helm by @brbayes-msft in #8595
- fix Sorbet type error by @jakecoffman in #8606
- fix: Use portable Bash shebang by @l0b0 in #8378
- feat: Updates Hex to 2.0.6 by @isaacsanders in #7890
- consider shrinkwrap when inferring an npmrc file by @jakecoffman in #8611
- Handle Version Elements in Update by @ryanbrandenburg in #8612
- break out the ci paths filter to a file by @jakecoffman in #8604
- Fix: Typo by @localheinz in #8581
- Fix: Typo by @localheinz in #8580
- Fix: Typo by @localheinz in #8579
- Bump the dev-dependencies group in /updater with 2 updates by @dependabot in #8564
- fix Python updates involving mysqlclient by @jakecoffman in #8618
- support Composer artifact repositories by @jakecoffman in #8620
- fix exception when Action is pinned to a SHA with no tags by @jakecoffman in #8621
- Remove unused
requiresof deletedgonative helper functionality by @jeffwidman in #8630 - "re-selling" -> "reselling" by @jeffwidman in #8623
- Fix missing version in commit message for dependency group with 1 update by @martincostello in #8577
- pin Sorbet's version so it doesn't randomly break by @jakecoffman in #8649
- help customers debug Python issues like update_not_possible by @jakecoffman in #8644
- Strictly type
BranchNamer::Baseby @JamieMagee in #8557 - Strong type
MetadataFindersby @JamieMagee in #8556 - Strictly type
Experimentsby @JamieMagee in #8555 - Stop printing pointless
gitdefault branch warning into logs/tests by @jeffwidman in #8632 - Azure DevOps now supports HTML in PR descriptions by @jeffwidman in #8628
- Add a test for Azure sources by @jeffwidman in #8629
- fix #8533 modify registries typing in file.rb by @lucemia in #8599
- Use a hash in the branch name for multi-directory grouped security updates by @Nishnha in #8560
- Strictly type errors by @JamieMagee in #8493
- Create abstract
Dependabot::Requirementclass by @JamieMagee in #8492 - Fix up some of the open telemetry issues by @jpinz in #8650
- build(deps): bump Terraform to 1.6.6 by @Nishnha in #8645
- improve how branch images skips by @jakecoffman in #8651
- group all the actions updates together by @jakecoffman in #8655
- Bump the all-actions group with 4 updates by @dependabot in #8657
- Bump actions/labeler from 4 to 5 by @dependabot in #8586
- Fix failing test for NuGet updates by @martincostello in #8485
- Normalize "lockfile" terminology by @deivid-rodriguez in #8660
- v0.239.0 by @dependabot-core-action-automation in #8607
New Contributors
- @brbayes-msft made their first contribution in #8541
- @l0b0 made their first contribution in #8378
- @isaacsanders made their first contribution in #7890
Full Changelog: v0.238.0...v0.239.0
Contributors
l0b0, lucemia, and 13 other contributors
Assets 2
v0.238.0
What's Changed
- Update error message matching by @pavera in #8408
- yarn:update add a handled error for missing tags by @pavera in #8389
- Contribute changes to NuGet updater from Azure team by @brettfo in #8179
- Strictly type
GitMetadataFetcherby @JamieMagee in #8441 - Strictly type
Dependabot::Dependencyby @JamieMagee in #8418 - Bump
nugetfiles type strictness by @JamieMagee in #8468 - Sanitize
.yanrc.ymlwhen missing environment variables prevent yarn from running by @deivid-rodriguez in #8446 - Remove unused licensed gem and artifacts by @deivid-rodriguez in #8466
- Capture dependencies groups with inline comments in pyproject files by @dsuleimenov in #8423
- build(deps): bump pNPM to 8.11.0 by @yeikel in #8471
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8438
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8336
- Fix pipenv upgrades when star requirement is used by @deivid-rodriguez in #8452
- Bump cython from 3.0.4 to 3.0.5 in /python/helpers by @dependabot in #8337
- fix #8414 follow poetry source constraint by @lucemia in #8422
- Handle 403 Forbidden errors from PNPM by @deivid-rodriguez in #8447
- Bump poetry from 1.6.1 to 1.7.1 in /python/helpers by @dependabot in #8437
- Fix type issues detected in GitHub Actions ecosystem by @deivid-rodriguez in #8472
- Bump pipenv from 2023.8.28 to 2023.11.15 in /python/helpers by @dependabot in #8087
- fix individual PRs being created that should be in the group by @jakecoffman in #8264
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8462
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #8459
- Fix encoding changes when truncating PR descriptions by @mburumaxwell in #8077
- fix grouped update PRs are missing current -> updated version message by @jakecoffman in #8478
- Bump opentelemetry-sdk from 1.3.0 to 1.3.1 in /updater by @dependabot in #8342
- Bump the dev-dependencies group in /updater with 1 update by @dependabot in #8340
- Use a pipenv fork for now to fix tomlkit issues in pipenv by @deivid-rodriguez in #8477
- Bump sorbet-runtime from 0.5.11094 to 0.5.11142 in /updater by @dependabot in #8461
- Ignore repo access issues while parsing actions dependencies by @deivid-rodriguez in #8454
- Fix missing codecommit require by @deivid-rodriguez in #8479
- Handle 401 Unauthorized errors from PNPM by @deivid-rodriguez in #8476
- Bump type strictness by @JamieMagee in #8482
- Refactor error handling by @deivid-rodriguez in #8486
- Enforce LF line endings on checkout by @JamieMagee in #8487
- Raise user error when Yarn is misconfigured by @deivid-rodriguez in #8326
- Fix NPM yanked package detection by @deivid-rodriguez in #8489
- Fix private registry authentication for NPM 8 or higher by @deivid-rodriguez in #8453
- add support for refreshing a grouped security update by @jakecoffman in #8497
- Honor NuGet.config sources and search all build files for properties by @brettfo in #8498
- port Docker updater improvements from Azure DevOps by @brettfo in #8192
- Teach Dependabot how to present multi-directory PRs by @Nishnha in #8494
- fix regression in json gem by using an older version by @jakecoffman in #8509
- Choose closest Nuget.Config by @ryanbrandenburg in #8501
- Update contribution information by @carogalvin in #8507
- fix NuGet smoke test by properly locating
Directory.Packages.propsby @brettfo in #8511 - clean up smoke.yml by @jakecoffman in #8525
- Fix issue with parsing docker images with a tag in the _. format by @jpinz in #8500
- require correct FileFetcher by @jakecoffman in #8527
- Skip Maven snapshots repositories from versions checking by @slawekjaranowski in #8514
- don't attempt to update a package if no versions could be found by @brettfo in #8502
- Include the directory name in multi-directory PR summaries by @Nishnha in #8528
- Create feature flag for Grouped security updates by @ryanbrandenburg in #8529
- fix group update creation failure when a dependency is ignored by @jakecoffman in #8535
- properly resolve nuget search query when the api is versioned by @brettfo in #8534
- only run suites that have changes by @jakecoffman in #8536
- Skip Maven snapshots repositories from versions checking - fix 2 by @slawekjaranowski in #8542
- Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /go_modules by @TomSellers in #8548
- Use upstream pipenv again by @deivid-rodriguez in #8547
- Don't escape dependency names in tarball URLs since it doesn't always work by @deivid-rodriguez in #8546
- dynamically discover smoke tests by @jakecoffman in #8551
- improvements to querying nuget apis for versions by @brettfo in #8538
- Prioritize detection of sha suffixed tags over date tags by @mctofu in #8553
- Fix docker updates for tags with a v prefix by @mctofu in #8561
- v0.238.0 by @dependabot-core-action-automation in #8448
New Contributors
- @dsuleimenov made their first contribution in #8423
- @ryanbrandenburg made their first contribution in #8501
- @jpinz made their first contribution in #8500
- @slawekjaranowski made their first contribution in #8514
- @TomSellers made their first contribution in #8548
Full Changelog: v0.237.0...v0.238.0
Contributors
lucemia, pavera, and 15 other contributors