v0.274.0

What's Changed

• Revert "rework reporting of dependencies and requirements to better handle transitive dependencies" by @brettfo in #10472
• Error handlers for Dependabot::SharedHelpers::HelperSubprocessFailed PNPM errors by @sachin-sandhu in #10483
• Bump jason from 1.4.3 to 1.4.4 in /hex/helpers by @dependabot in #10364
• Bump rexml from 3.3.1 to 3.3.6 in /updater by @dependabot in #10488
• chore(python): target latest python 3.12.5 version by @Greesb in #10470
• Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #10479
• Fixes unhandled couldn't find any versions for package exception by @sachin-sandhu in #10491
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed related issues by @sachin-sandhu in #10494
• Implement Logging for Bundler v1 Deprecation Warnings by @kbukum1 in #10466
• Adds handler for YARN :: YN0xx errors by @sachin-sandhu in #10505
• Fixes NPM unhandled exceptions in Dependabot::SharedHelpers::HelperSubprocessFailed by @sachin-sandhu in #10506
• Support for pub workspaces by @sigurdm in #10445
• Error handler for Dependabot::Updater::SubprocessFailed: Subprocess issues by @sachin-sandhu in #10512
• v0.273.0 by @dependabot-core-action-automation in #10514
• Fixes Yarn Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10526
• Mount .rubocop_todo.yml to enable successful rubocop execution by @Jefffrey in #10544
• Sending Bundler v1 Deprecation Warning Alert by @kbukum1 in #10485
• Avoid using existing branches by @Nishnha in #10519
• v0.274.0 by @dependabot-core-action-automation in #10551

New Contributors

• @Greesb made their first contribution in #10470
• @Jefffrey made their first contribution in #10544

Full Changelog: v0.272.0...v0.274.0

v0.273.0

What's Changed

• Revert "rework reporting of dependencies and requirements to better handle transitive dependencies" by @brettfo in #10472
• Error handlers for Dependabot::SharedHelpers::HelperSubprocessFailed PNPM errors by @sachin-sandhu in #10483
• Bump jason from 1.4.3 to 1.4.4 in /hex/helpers by @dependabot in #10364
• Bump rexml from 3.3.1 to 3.3.6 in /updater by @dependabot in #10488
• chore(python): target latest python 3.12.5 version by @Greesb in #10470
• Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #10479
• Fixes unhandled couldn't find any versions for package exception by @sachin-sandhu in #10491
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed related issues by @sachin-sandhu in #10494
• Implement Logging for Bundler v1 Deprecation Warnings by @kbukum1 in #10466
• Adds handler for YARN :: YN0xx errors by @sachin-sandhu in #10505
• Fixes NPM unhandled exceptions in Dependabot::SharedHelpers::HelperSubprocessFailed by @sachin-sandhu in #10506
• Support for pub workspaces by @sigurdm in #10445
• Error handler for Dependabot::Updater::SubprocessFailed: Subprocess issues by @sachin-sandhu in #10512

New Contributors

• @Greesb made their first contribution in #10470

Full Changelog: v0.272.0...v0.273.0

v0.272.0

What's Changed

• Adds outofDisk exception handler for updater by @sachin-sandhu in #10444
• Fixes illformed requirement error propagation to unknown errors by @sachin-sandhu in #10448
• Add Bundler v1 Deprecation Warning by @kbukum1 in #10421
• Reformatted Deprecation and Error Messages for Bundler v1 Support by @kbukum1 in #10450
• only discover dependencies from known project types by @brettfo in #10451
• Fixes Yarn Dependabot::Updater::SubprocessFailed issues by @sachin-sandhu in #10456
• fix handling of NuGet transitive dependencies by @brettfo in #10449
• Revert Changes to updated_files_regex method with latest regex from the API by @honeyankit in #10457
• Add semver 2 versioning in dependabot common by @amazimbe in #10434
• Fix : Dependabot::DependabotError: [YN0001] issues by @sachin-sandhu in #10473
• v0.272.0 by @dependabot-core-action-automation in #10476

Full Changelog: v0.271.0...v0.272.0

v0.271.0

v0.271.0 (#10443)

Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.271.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

v0.270.0

What's Changed

• Fixes RuntimeError-No package.json issue by @sachin-sandhu in #10392
• Update issue-labeler.yml by @jonjanego in #10397
• Fixes ERR_PNPM_FETCH-HelperSubprocessFailed by @sachin-sandhu in #10398
• Fix failing tests in the python ecosystem by @amazimbe in #10386
• Guard against possible nil before the actual nil inevitably stops execution by @sato11 in #10396
• Fixes Dependabot::ToolVersionNotSupported issues by @sachin-sandhu in #10390
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - ERR_PNPM_UNSUPPORTED_ENGINE by @sachin-sandhu in #10419
• update nuget/Dockerfile, dotnet_sdk_version is now 8.0.303 by @Tripletri in #10370
• feature-intern-ResolveDependencyConflictsNew to main by @NadiamB in #10343
• lower API rate usage by enabling git-powered comparison by @jakecoffman in #10429
• Fixes issues related with err_pnpm_patch_not_applied and err_pnpm_tarball_integrity errors by @sachin-sandhu in #10430
• type existing prs in the job definition by @jakecoffman in #10432
• Added Missing Regex for Allowlist Dependency Files by @honeyankit in #10389
• Revert Smoke Test Branch to Dependabot-Core Main by @kbukum1 in #10437
• v0.269.0 by @dependabot-core-action-automation in #10391
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - err_pnpm_unsupported_platform error code by @sachin-sandhu in #10436
• v0.270.0 by @dependabot-core-action-automation in #10439

New Contributors

• @sato11 made their first contribution in #10396
• @Tripletri made their first contribution in #10370
• @NadiamB made their first contribution in #10343

Full Changelog: v0.269.0...v0.270.0

v0.269.0

What's Changed

• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10349
• add directory to existing PR checks, updating tests by @jakecoffman in #10325
• Add Spec Tests for CreateSecurityUpdatePullRequest by @kbukum1 in #10344
• Report transitive dependency vulnerability errors for npm, yarn, and pnpm by @kbukum1 in #10282
• don't waste quota on main since branch was up-to-date by @jakecoffman in #10352
• fix "no groups" exception, run more jobs through GroupUpdateAllVersions by @jakecoffman in #10348
• Strict type Dependabot::Updater.Operations::RefreshSecurityUpdatePullRequest by @kbukum1 in #10334
• allow for wildcards in version requirements by @brettfo in #10353
• report no new version if a given package doesn't exist on any feed by @brettfo in #10354
• convert test to not require the network by @brettfo in #10355
• Add Error Handling for YN0082 in YarnErrorHandler by @kbukum1 in #10374
• Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10378
• Fixes logger location for Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10380
• Fixes JSON::ParserError: unexpected token issue by @sachin-sandhu in #10381
• NPM: fix security update for indirect and direct dependencies by @jakecoffman in #10371

Full Changelog: v0.268.0...v0.269.0

v0.268.0

What's Changed

• Adds exception handling for override failure errors by @sachin-sandhu in #10290
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - nested aliases not supported by @sachin-sandhu in #10292
• Small typo by @yeikel in #10295
• add Dependency::directory to the PR payload by @jakecoffman in #10195
• Strict type Dependabot::Updater.Operations::CreateSecurityUpdatePullRequest by @kbukum1 in #10302
• Strict type Dependabot::Terraform::UpdateChecker by @JamieMagee in #10278
• temporarily sideline global.json when adding a transitive package by @brettfo in #10305
• Fixes Dependabot-SharedHelpers-HelperSubprocessFailed by @sachin-sandhu in #10308
• fixing rebases not finding the existing pull request due to directory by @jakecoffman in #10320
• Fix ArgumentError Malformed version number string in github actions by @amazimbe in #10314
• retain msbuild-sdks property in global.json when adding a transitive dependency by @brettfo in #10331
• Properly reject NuGet newline-only changes. by @brettfo in #10332
• v0.268.0 by @dependabot-core-action-automation in #10335
• Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10322
• Fix ArgumentError Malformed version number in github actions by @amazimbe in #10338

Full Changelog: v0.267.0...v0.268.0

v0.267.0

What's Changed

• Fix NuGet app/web.config assembly binding redirect updates by @rhyskoedijk in #10110
• Fix ArgumentError in original_package_update_available? when latest_version is nil by @kbukum1 in #10216
• use unique directory for temp nuget packages by @brettfo in #10243
• Adds filter for failed to replace env in config erros by @sachin-sandhu in #10237
• Upgrade Bundler to 2.5.16 and RubyGems to 3.5.16 by @deivid-rodriguez in #10246
• Fix security updates in Bundler subdependencies by @deivid-rodriguez in #10249
• report missing nuget files by @brettfo in #10247
• removing more of dependency_has_directory feature flag by @jakecoffman in #10252
• Use main smoke-tests repo again by @deivid-rodriguez in #10253
• Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-actions group by @dependabot in #10262
• support multi-part requirements by @brettfo in #10255
• Use go 1.22 in CI by @jeffwidman in #10259
• analyze global.json and dotnet-tools.json by @brettfo in #10269
• Centralize Yarn Error Handling for Yarn Update by @kbukum1 in #10257
• Use repository in project urls as a source by @amazimbe in #10268
• Handle Errors Coded with YN0035 Yarn Error Code by @kbukum1 in #10271
• fix incorrect usage of add_handled_dependencies by @jakecoffman in #10270
• Fixes URI::InvalidURIError issue while fetching metadata by @sachin-sandhu in #10256
• Adds relevant information to exception handling by @sachin-sandhu in #10284
• v0.267.0 by @dependabot-core-action-automation in #10283

New Contributors

• @rhyskoedijk made their first contribution in #10110

Full Changelog: v0.266.0...v0.267.0

v0.266.0

What's Changed

• Adds socket hang up error capture by @sachin-sandhu in #10179
• Revert PR #10060: Fix Versioning Strategy for Python Dependencies by @kbukum1 in #10194
• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #10163
• Adds error handling for registry auth failures by @sachin-sandhu in #10196
• Sorbet for environment by @ryanbrandenburg in #10204
• Bump the dev-dependencies group across 1 directory with 4 updates by @dependabot in #10191
• Bump @npmcli/arborist from 7.5.3 to 7.5.4 in /npm_and_yarn/helpers in the npm-dependencies group by @dependabot in #10208
• Support Go modules with LFS committed files by @danielorbach in #10052
• Treat -pre version suffix as prerelease. by @dbrant in #10207
• ensure Dependency::source::source_url can be populated from .nuspec uRL by @brettfo in #10217
• Improve Yarn Helper Error Handling by @kbukum1 in #10177
• fix PR matching code for both directory and no directory cases by @jakecoffman in #10224
• Handles GitHub package authentication errors by @sachin-sandhu in #10223
• handle 404 from nuget sources by @brettfo in #10225
• Bump the all-actions group with 4 updates by @dependabot in #10211
• Prevent remove_lockfile_packages_name_attribute from being called with nil by @JamieMagee in #10158
• revert changes to DependencyGroupChangeBatch by @jakecoffman in #10228
• surface authentication errors from native tool by @brettfo in #10197
• ensure every project is compatible with the Any,Version=v0.0 framework by @brettfo in #10230
• Add support for versioning with tags for npm other then latest. by @kbukum1 in #10231
• trim whitespace from package names by @brettfo in #10232
• write dependency info JSON to log by @brettfo in #10235
• Fix malformed version number error for terraform and github actions by @amazimbe in #10222
• remove glob experiment since glob support is released by @jakecoffman in #10239
• v0.266.0 by @dependabot-core-action-automation in #10236

New Contributors

• @danielorbach made their first contribution in #10052
• @dbrant made their first contribution in #10207
• @amazimbe made their first contribution in #10222

Full Changelog: v0.265.0...v0.266.0

v0.265.0

What's Changed

• Adds exception to handle nil buildfile issue by @sachin-sandhu in #10061
• Bump the all-actions group across 1 directory with 5 updates by @dependabot in #10165
• Enable Sorbet/StrictSigil in devcontainers by @JamieMagee in #10157
• Remove redundant call from mixfile by @JamieMagee in #10172
• Strict type github_actions by @JamieMagee in #10156
• Fix "Passed nil into T.must" error by @JamieMagee in #10159
• Improve Error Handling for JSON Parse Failures in Helper Subprocess by @kbukum1 in #10171
• Combining dependabot core version constraint (latest_allowable_version) with existing composer version constraint by @thavaahariharangit in #10150
• Bump golang.org/x/mod from 0.18.0 to 0.19.0 in /go_modules/helpers by @dependabot in #10164
• Bump library/golang from 1.22.4-bookworm to 1.22.5-bookworm in /go_modules by @dependabot in #10166
• Make HelperSubprocessFailed error class configurable in run_helper_subprocess by @kbukum1 in #10173
• Ignores timeout in .npmrc file while job update in npm_and_yarn by @sachin-sandhu in #10174
• Revert "Combining dependabot core version constraint (latest_allowable_version) with existing composer version constraint" by @thavaahariharangit in #10184
• Solution provided for ignore minor version config is not respected. by @thavaahariharangit in #10188
• v0.265.0 by @dependabot-core-action-automation in #10189

Full Changelog: v0.264.0...v0.265.0