Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.252.0
What's Changed
- Fix Duplicate Dependencies Showing in PR summary table by @honeyankit in #9436
- automatically download the latest Go when needed by @jakecoffman in #9435
- bundler: avoid reparsing same gemspec by @jakecoffman in #9458
- Bump Swift version from 5.9 to 5.10 by @swiftyfinch in #9459
- Update how we record Bundler versions by @landongrindheim in #9462
- build(deps): bump terraform from 1.6.6 to 1.7.5 by @HorizonNet in #9013
- Bump composer/composer from 2.6.5 to 2.7.2 in /composer/helpers/v2 by @dependabot in #9316
- Avoid passing empty strings as versions by @bdragon in #9461
- Bump library/golang from 1.22.1-bookworm to 1.22.2-bookworm in /go_modules by @dependabot in #9449
- Handle more branch protection errors by @jurre in #9454
- yarn: replace credentials with dummy creds by @jakecoffman in #9466
- [NuGet] Add NuGetUpdater Discover command by @JoeRobich in #9267
- Point smoke-test branch back at main by @Nishnha in #9473
- build(deps): bump Yarn to 3.8.1 by @yeikel in #8964
- Avoid passing empty strings as versions, part 2 by @bdragon in #9471
- Gitlab: Properly forward author details by @ylecuyer in #9188
- Switch VCR record mode to
:noneby @Nishnha in #4822 - Treat pep-621 deps as prod if no requirement_type is specified by @jurre in #9470
- Actions: allow less precise semver updates by @jakecoffman in #9474
New Contributors
- @swiftyfinch made their first contribution in #9459
- @ylecuyer made their first contribution in #9188
Full Changelog: v0.251.0...v0.252.0
Contributors
bdragon, JoeRobich, and 10 other contributors
Assets 2
v0.251.0
What's Changed
- Handle requests for review from dependabot by @landongrindheim in #9398
- only report dependencies whose version numbers can be resolved by @brettfo in #9387
- Table doesn't properly end for multi-directory GSU by @honeyankit in #9364
- allow flamegraph gathering by @jakecoffman in #9423
- remove redundant parsing of original files by @jakecoffman in #9424
- Prevent comparison of Integer with String in group update creation by @bdragon in #9367
- Check for nil
Dependency#previous_requirementsbefore passing toT.mustby @bdragon in #9428 - fix multi-version ecosystem security vulnerability failure by @jakecoffman in #9434
- If only 1 dep in group is updated, use solo title by @pavera in #9416
- Better support around bundler changelogs by @Nishnha in #9429
- Add a note about assumptions being made by @landongrindheim in #9427
- Handle force push restrictions from repository rules by @jurre in #9439
- bundler: avoid repeat lockfile parsing with caching by @jakecoffman in #9443
- speed up bundler updates by parsing gemspecs concurrently by @jakecoffman in #9425
- Explicitly state if dependency was removed in the dependency updates table for grouped updates by @Nishnha in #9437
- v0.251.0 by @dependabot-core-action-automation in #9447
Full Changelog: v0.250.0...v0.251.0
Contributors
bdragon, pavera, and 6 other contributors
Assets 2
v0.250.0
What's Changed
- Update npm sorbet types by @ryanbrandenburg in #9343
- don't fail loading build files that don't exist by @brettfo in #9385
- remove unused boolean from input of tests by @jakecoffman in #9401
- fix really long branch names by @jakecoffman in #9410
- v0.250.0 by @dependabot-core-action-automation in #9412
Full Changelog: v0.249.0...v0.250.0
Contributors
jakecoffman, brettfo, and ryanbrandenburg
Assets 2
v0.249.0
What's Changed
- Set
Style/AccessorGroupingtoseparatedby @JamieMagee in #9336 - Start strict typing
gradleby @JamieMagee in #9346 - Cover parts of
go_modulescode with Sorbet by @ByAgenT in #9338 - Strict type remainder of NuGet by @JamieMagee in #9337
- Fix Invalid .yarnrc.yml File due to Missing Double Quotes by @honeyankit in #9322
- Switch from
pipfiletoplettelib by @jeffwidman in #8627 @target_versioncan beStringorDependabot::Nuget::Versionby @JamieMagee in #9352- Bump the poetry group in /python/helpers with 2 updates by @dependabot in #9291
- Support Poetry non-package mode by @onlined in #9323
- add and update tests around group update failures by @jakecoffman in #9363
- swap language when closing group refresh PR to be less specific by @jakecoffman in #9371
- fix: parse plugin artifactItem dependencies by @yeikel in #9313
- Prevent
NoMethodErrorin group update creation by @bdragon in #9366 - only report dependencies from project files that have a target framework by @brettfo in #9347
- Fix CodeCommit 'fetch_repo_contents' strict type enforcement from Aws::CodeCommit::Types::GetFolderOutput to Seahorse::Client::Response by @dwc0011 in #9334
- test for exclude patterns by @jakecoffman in #9377
package_versionmay be nil by @bdragon in #9365- don't allow
global.jsonfrom repo to affect MSBuild discovery by @brettfo in #9374 - Add
require 'sorbet-runtime'where missing by @JamieMagee in #9379 - honor
packageSourceMappingfromNuGet.Configby @brettfo in #9381 - Avoid including
groupin PR titles twice by @jurre in #9384 - v0.249.0 by @dependabot-core-action-automation in #9382
New Contributors
Full Changelog: v0.248.0...v0.249.0
Contributors
bdragon, jeffwidman, and 10 other contributors
Assets 2
v0.248.0
What's Changed
- Strict type
Dependabot::Nuget::UpdateChecker::VersionFinderby @JamieMagee in #9284 - Type more classes by @ryanbrandenburg in #9275
- Make
tomlan explicit requirement by @jeffwidman in #8626 - Update stalebot.yml by @jonjanego in #9295
- Update stalebot.yml by @jonjanego in #9298
- make dependency file not found message more specific by @brettfo in #9294
- Strict type some more
nugetby @JamieMagee in #9293 - Update stalebot.yml by @jonjanego in #9302
- Bump the sorbet group with 1 update by @dependabot in #9274
- Create issue-labeler.yml by @abdulapopoola in #9305
- Create add-to-core-project.yml by @abdulapopoola in #9307
- Update add-to-core-project.yml by @abdulapopoola in #9310
- Update PNPM to 8.15.5 by @abdulapopoola in #9320
- report discovered dependencies and requirement metadata by @brettfo in #9303
- chore(python): target latest python versions 3.12.2, 3.11.8 by @sileht in #9328
- Switch to official GitHub action for managing app tokens by @jeffwidman in #9340
- v0.248.0 by @dependabot-core-action-automation in #9339
New Contributors
Full Changelog: v0.247.0...v0.248.0
Contributors
sileht, jeffwidman, and 6 other contributors
Assets 2
v0.247.0
What's Changed
- Resolve errors from Sorbet
todo.rbiby @JamieMagee in #9177 - Only use credentials which have
registryconfigured by @JamieMagee in #9159 - fix type of requirements_update_strategy by @jakecoffman in #9197
- Require
typed: trueforcargoby @JamieMagee in #9194 - Record Sorbet errors with OpenTelemetry by @JamieMagee in #9202
- remove tests that are covered by smoke or silent tests by @jakecoffman in #9205
- use built-in file downloader to get
.nupkgby @brettfo in #9204 - Strict type most of
github_actionsby @JamieMagee in #9186 - Ensure
T::SetfromNuGetClient.get_package_versionsby @JamieMagee in #9180 - build(deps): bump node to v20 by @yeikel in #8275
- support multi-directory update with no groups by @jakecoffman in #9148
- Avoid instantiating a dependency with nil requirements by @bdragon in #9216
- Bump library/golang from 1.22.0-bookworm to 1.22.1-bookworm in /go_modules by @dependabot in #9226
- fix exception during all-versions-ignored handling by @jakecoffman in #9214
- Add handling for nil
source_urlinIssueLinkerwhen generating PR text by @bdragon in #9220 - Add and configure
rubocop-rspecby @JamieMagee in #9206 - always directly download nupkg and cache the tfms by @brettfo in #9230
- report the current version as latest if nothing can be found by @brettfo in #9234
↔️ Report Errors to the Service by @landongrindheim in #9208- Allow
onas a YAML key by @landongrindheim in #9229 - Update
NuGet.Clientfrom6.8.0.131to6.9.1.3by @JamieMagee in #9222 - don't assume the
Includeattribute is present on a<ProjectReference>node by @brettfo in #9238 - Fix Nuget grouped PR's by @sebasgomez238 in #9228
- improve robustness of parsing odd-looking version ranges by @brettfo in #9239
- Simplify type parameters for
Gem::Versionby @JamieMagee in #9232 - Avoid comparison with nil version by @bdragon in #9242
- Strict type
nugetfile_fetcher, file_parser, and file_updater classes. by @JoeRobich in #9225 - Filter out NuGet files where lines were only deleted by @JamieMagee in #9162
- Set
branchforNuGet.Clientsubmodule by @JamieMagee in #9223 - use safe navigation through resolvable version by @brettfo in #9243
- prevent both directory and directories from being in the job definition by @jakecoffman in #9227
- Fix the number of updated directories in a group update by @Nishnha in #9240
- allow interactive debugging of tests in the updater by @jakecoffman in #9250
- when resolving MSBuild properties, don't throw if it can't be resolved by @brettfo in #9252
- ensure nupkg zip entry contains a tfm before adding to the list by @brettfo in #9263
- multi-dir rebase of a single dependency by @jakecoffman in #9212
- ⏩ Send Remaining Exceptions to the Service by @landongrindheim in #9237
- Create stalebot.yml, update contributors to explain its existence by @jonjanego in #9264
- Suppress yamlint warning by @abdulapopoola in #9273
- Bump the pip-tools group in /python/helpers with 1 update by @dependabot in #9256
requirements_update_strategyisStringnotSymbolby @JamieMagee in #9179- Type more of
nugetby @JamieMagee in #9244 - Allow
filesto be nilable insolo_strategyby @JamieMagee in #9280 - update dotnet sdk by @brettfo in #9282
- improve update-not-possible logging by @jakecoffman in #9269
- 📏 Standardize Error Keys by @landongrindheim in #9251
- Silence non-file fetching errors by @landongrindheim in #9279
- always recurse submodules when cloning by @jakecoffman in #9278
- Handle local nuget repositories by @ryanbrandenburg in #9253
- Update stalebot.yml by @jonjanego in #9285
- v0.247.0 by @dependabot-core-action-automation in #9235
New Contributors
- @jonjanego made their first contribution in #9264
Full Changelog: v0.246.0...v0.247.0
Contributors
bdragon, abdulapopoola, and 11 other contributors
Assets 2
v0.246.0
What's Changed
- Avoid passing nil url to registry client by @bdragon in #9111
- make DependencySnapshot aware of multiple directories by @jakecoffman in #8963
- Set the dependabot_updater_version docker env from the build arg by @Nishnha in #9116
- Update referenced projects during a run of NuGetUpdater. by @JoeRobich in #9097
- Strict type
Dependabot::Clients::Bitbucketby @JamieMagee in #9113 - Strict type
Dependabot::Clients::CodeCommitby @JamieMagee in #9121 - Strict type
Dependabot::Clients::GitHubWithRetriesby @JamieMagee in #9122 - Strict type
Dependabot::Clients::GitLabWithRetriesby @JamieMagee in #9129 - Fetch the cargo config file so we fetch registry definitions by @pavera in #9109
- Strict type
Dependabot::PullRequestCreator::MessageBuilderby @JamieMagee in #9130 - add more http redirects by @brettfo in #9135
- find .nupkg URL without PackageBaseAddress by @brettfo in #9117
- Strict type
Dependabot::PullRequestUpdater::Gitlabby @JamieMagee in #9132 - output job.json at the start of a run by @jakecoffman in #9133
- Strict type
Dependabot::PullRequestCreator::Azureby @JamieMagee in #9131 - Strict type
Dependabot::PullRequestCreator::CodeCommitby @JamieMagee in #9141 - Strict type
Dependabot::PullRequestCreator::Bitbucketby @JamieMagee in #9140 - Enable
Sorbet/TrueSigilrule incomposerby @JamieMagee in #9139 - Enable
Sorbet/TrueSigilrule inelmby @JamieMagee in #9138 - Strict type
Dependabot::UpdateCheckers::Baseby @JamieMagee in #8947 - Enable
Sorbet/TrueSigilrule ingithub_actionsby @JamieMagee in #9137 - make test properly fail on malformed path by @brettfo in #9104
- don't fail completely if package version cannot be parsed by @brettfo in #9153
- Bump the sorbet group with 1 update by @dependabot in #9150
- Use new Credential class in dry-run script by @noorul in #9123
- run
nuget restoreif the first update operation failed by @brettfo in #9157 - Strict type
Dependabot::PullRequestCreator::GitHubby @JamieMagee in #9154 - Strict type
Dependabot::PullRequestCreator::Gitlabby @JamieMagee in #9155 - Strict type
Dependabot::PullRequestUpdater::Azureby @JamieMagee in #9163 - Strict type
Dependabot::PullRequestUpdater::GitHubby @JamieMagee in #9165 - Require
typed: strictforcommonby @JamieMagee in #9174 - Require
typed: truefordockerby @JamieMagee in #9175 - Require
typed: trueforsilentby @JamieMagee in #9176 - Allow a list of properties to ignore when evaluating MSBuild values. by @JoeRobich in #9164
- improve nuget v2 handling for non- nuget.org sources by @brettfo in #9172
- Switch Open Telemetry to use in_span vs start by @jpinz in #9158
- v0.246.0 by @dependabot-core-action-automation in #9161
Full Changelog: v0.245.0...v0.246.0
Contributors
bdragon, noorul, and 8 other contributors
Assets 2
v0.245.0
What's Changed
- Find Gradle repositories nested in
dependencyResolutionManagementblocks by @eikes in #7260 - Fix hardcoded amd64 arch for git-shim by @andrcuns in #9067
- Surface out of disk/memory error message for easier visibility by @honeyankit in #9064
- fix docker credential type errors by @jakecoffman in #9091
- Report release to sentry by @deivid-rodriguez in #8885
- NuGet: Set EnableWindowsTargeting as true by @na1307 in #9082
- Fix README image header by @davidstosik in #9095
- Bump to Bundler 2.5.5 by @deivid-rodriguez in #8859
- nuget updater command is already space-enabled; allow unsafe execution by @brettfo in #9092
- Strict type
Dependabot::Clients::BitbucketWithRetriesby @JamieMagee in #9087 - Run the prepare tag step on pull_request_review by @Nishnha in #9107
- v0.245.0 by @dependabot-core-action-automation in #9094
New Contributors
- @eikes made their first contribution in #7260
- @na1307 made their first contribution in #9082
- @davidstosik made their first contribution in #9095
Full Changelog: v0.244.0...v0.245.0
Contributors
eikes, davidstosik, and 8 other contributors
Assets 2
v0.244.0
What's Changed
- Expand wildcards in nuget project references by @sebasgomez238 in #8956
- Check credentials for required properties by @JamieMagee in #9052
- Properly parse .ruby-version file by @etiennebarrie in #9012
- build(deps): bump pNPM to 8.15.2 by @yeikel in #8925
- Make container image references explicit by @JamieMagee in #9044
- add missing require statement in credential.rb by @fnoGematik in #9054
- Fix dependency typo by @fredericboyer in #9049
- Report Sorbet issue to sentry without raising by @jurre in #8998
- Fix crash when updating sha-pinned images with no "latest" tag by @deivid-rodriguez in #8070
- Prevent attempt to create empty commit by @bdragon in #9061
- v0.244.0 by @dependabot-core-action-automation in #9056
New Contributors
- @sebasgomez238 made their first contribution in #8956
- @fnoGematik made their first contribution in #9054
- @fredericboyer made their first contribution in #9049
Full Changelog: v0.243.0...v0.244.0
Contributors
etiennebarrie, bdragon, and 7 other contributors
Assets 2
v0.243.0
What's Changed
- Revert "Migrate from
sentry-raventosentry-ruby" by @jakecoffman in #8874 - Docker parser/updater: also support files with a
.in the name by @danwkennedy in #8875 - try to perform environment variable expansion in
NuGet.Confingby @brettfo in #8879 - Enable version updates for devcontainers by @deivid-rodriguez in #8882
- Point again to latest pipenv release by @deivid-rodriguez in #8880
- Strict type
Dependabot::PullRequestCreator::PrNamePrefixerby @JamieMagee in #8866 - Strong type
Dependabot::PullRequestCreator::MessageBuilder::IssueLinkerby @JamieMagee in #8865 - Use proper discovery logic for dotnet-tools.json files. by @JoeRobich in #8889
- [gradle] Parse repositories from the top-level buildfile by @Nishnha in #8891
- only directly query
.nuspecfiles from nuget and azure devops by @brettfo in #8892 - Add a guard for nil top level buildfiles by @Nishnha in #8894
- Fix milestone type for PullRequestCreator by @andrcuns in #8890
- Migrate from
sentry-raventosentry-rubyby @JamieMagee in #8878 - search all candidate packages for compatibility in descending version order by @brettfo in #8901
- add a fake ecosystem for updater integration tests by @jakecoffman in #8871
- Strict type
Dependabot::MetadataFinders::CommitsFinderby @JamieMagee in #8893 - grouped security updates don't require an explicit group by @jakecoffman in #8907
- Strict type
Dependabot::MetadataFinders::Base::ReleaseFinderby @JamieMagee in #8897 - Strict type
Dependabot::MetadataFinders::Base::ChangelogPrunerby @JamieMagee in #8902 - clean directory at job start by @jakecoffman in #8912
- build(deps): bump pNPM to 8.14.3 by @yeikel in #8667
- Handle MSBuild property conditions that have a property wrapped in single quotes in NuGetUpdater by @bording in #8913
- Don't assume
.nuspecdependency group has atargetFrameworkattribute. by @brettfo in #8915 - fix nil directory causing NilClass exception by @jakecoffman in #8921
- tests for grouped security update rebase jobs by @jakecoffman in #8909
- Remove invalid UTF-8 characters from nuspec response body by @JamieMagee in #8929
- Always use .ruby-version for Bundler dependency resolution by @etiennebarrie in #8835
- fix token running out of API quota by @jakecoffman in #8877
- updater end-to-end helper script by @jakecoffman in #8932
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8920
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in #8820
- Retry transient git clone errors by @JamieMagee in #8926
- Surround command line arguments with quotes by @TomW-Skyline in #8695
- Strict type
Dependabot::PullRequestCreator::MessageBuilder::Metadata::Presenterby @JamieMagee in #8942 - Add codespell config and workflow to detect new typos, fix some already found typos by @yarikoptic in #8228
- add tests around incidental updates by @jakecoffman in #8941
- grouped security updates: use the group if one is defined by @jakecoffman in #8742
- always clone all the ecosystems by @jakecoffman in #8933
- fix smoke tests failing because Dir.entries order is not deterministic by @jakecoffman in #8945
- bump(deps): bump regclient from 0.5.1 to 0.5.6 by @yeikel in #8103
- add sorbet types to Dependabot::Job by @jakecoffman in #8943
- Do not swallow exception, print the message by @trejjam in #8928
- Bump the sorbet group with 2 updates by @dependabot in #8951
- Job ID type is always a String by @jakecoffman in #8953
- Bump the all-actions group with 3 updates by @dependabot in #8952
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #8520
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8934
- fix security updates getting into grouped code by @jakecoffman in #8957
- Don't recursively update projects which have already been evaluated by @ryanbrandenburg in #8940
- Add
sentry-opentelemetryand configure when OTel is enabled by @JamieMagee in #8935 - fix Go prerelease ordering by @jakecoffman in #8962
- make a Credential class by @jakecoffman in #8967
- Strict type
Dependabot::GitSubmodulesby @JamieMagee in #8970 - Strict type
Dependabot::Devcontainersby @JamieMagee in #8982 - force set
Condition="false"on Microsoft.WebApplication.targets by @brettfo in #8946 - escape nuget feed urls before querying by @brettfo in #8990
- fix TypeError: no implicit conversion of Credential into Hash by @jakecoffman in #8995
- add types to DependencySnapshot by @jakecoffman in #8986
- Allow
submodule_pathto be nilable by @JamieMagee in #8996 - Expand Sorbet usage by @ryanbrandenburg in #8958
- Update DevContainer by @ryanbrandenburg in #8968
- True type
Dependabot::Python::Versionby @JamieMagee in #9002 - True type
Dependabot::Bundler::FileFetcherto by @JamieMagee in #8997 - handle dependencies incidentally updated by @jakecoffman in #8803
- Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /go_modules by @dependabot in #9008
- fix(gitlab): pr creator missing default for target_project_id by @THETCR in #8985
- Add info on Docker tag support by @Nishnha in #9000
- Nuget lint by @trejjam in #8930
- Filter out NuGet feeds which don't have URLs by @JamieMagee in #9011
- only consider a package a development dependency if it doesn't have any other regular dependencies by @brettfo in #9017
- allow folllowing HTTP 307 when resolving
.nupkgcontents by @brettfo in #9022 - add types to DependencyChange by @jakecoffman in #8999
- fix directories in use for non-grouped updates by @jakecoffman in #9026
- Strict type
Dependabot::MetadataFinders::Base::ChangelogFinderby @JamieMagee in #9029 - add close up-to-date updater test by @jakecoffman in #9025
- test more of the security error scenarios by @jakecoffman in #9039
- support group configs specifically for security updates or version updates by @jakecoffman in #9040
- Strict type
Dependabot::Clients::Azureby @JamieMagee in #9042 - Fix d...
Contributors
etiennebarrie, yarikoptic, and 16 other contributors