Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.236.0
What's Changed
- check types in the updater too by @jakecoffman in #8238
- Type
ArtifactUpdaterandVendorUpdaterby @JamieMagee in #8215 - fix markdown header formatting by @brettfo in #8194
- Ignore specs when running Sorbet by @JamieMagee in #8240
- add types to the ApiClient by @jakecoffman in #8239
- Removed unignore command feature flag by @honeyankit in #8241
- add types to service by @jakecoffman in #8246
- report extra information if a repo can't be found by @brettfo in #8191
- Correct handling of
updaterdirectory in sorbet by @JamieMagee in #8247 - Clarify docker logs about ignoring a normally expected update candidate by @deivid-rodriguez in #8262
- Add OpenTelemetry SDK by @JamieMagee in #8210
- Fix poetry regression by @deivid-rodriguez in #8263
- stop processing if updated_deps is empty by @brettfo in #8193
- add types to some of the Dependabot::Config classes by @jakecoffman in #8261
- Recurse submodules when cloning npm and yarn repos by @deivid-rodriguez in #6718
- Unlock related Gemfile dependencies, but not everything that changed by @deivid-rodriguez in #8267
- Add subdirectory value while preparing pyproject.toml if subdirectory key exists by @VictoryKon in #8067
- Avoid incorrectly downgrading top level deps by @deivid-rodriguez in #8279
- Bump sorbet-runtime from 0.5.11026 to 0.5.11094 in /updater by @dependabot in #8281
- temporary fix for flaky test by @jakecoffman in #8284
- Sorbet types for
loggerandcommit_signerby @JamieMagee in #8269 - Update autogenerated RBIs by @JamieMagee in #8271
- v0.236.0 by @dependabot-core-action-automation in #8276
New Contributors
- @brettfo made their first contribution in #8194
- @VictoryKon made their first contribution in #8067
Full Changelog: v0.235.0...v0.236.0
Contributors
jakecoffman, brettfo, and 5 other contributors
Assets 2
v0.235.0
What's Changed
- Improve detection of unsupported cargo toolchains by @deivid-rodriguez in #8181
- build(deps): bump PNpm from 8.8.0 to 8.9.0 by @yeikel in #8175
- Expose a new directory_not_found user error by @deivid-rodriguez in #8174
- Refactor shelling out in Python by @deivid-rodriguez in #8167
- Fix false positive auth redaction by @deivid-rodriguez in #8185
- remove unused code by @jakecoffman in #8171
- Fix multiple pip compile errors by @deivid-rodriguez in #8189
- Fix poetry multiple requirement replacement in pyproject.toml by @deivid-rodriguez in #8190
- Improve running updater tests by @deivid-rodriguez in #8206
- build(deps): bump PNpm from 8.9.0 to 8.9.2 by @yeikel in #8202
- build(deps): bump yarn to 3.6.4 by @yeikel in #8151
- Mark
.rbiaslinguist-generatedby @JamieMagee in #8209 - Fix version comments after quoted strings by @kurtmckee in #8127
- Get better info on an unknown error by @deivid-rodriguez in #8211
- Raise user errors on invalid poetry manifest by @deivid-rodriguez in #8207
- Fix sentry redaction issues by @deivid-rodriguez in #8219
- Avoid trying to parse poetry.lock if pyproject.toml is invalid for Poetry by @deivid-rodriguez in #8223
- Ignore dependencies from remote constraint files by @deivid-rodriguez in #8222
- Go: pull from the official Docker image so that Dependabot bumps it by @jakecoffman in #8225
- Make composer CI pass consistently by @deivid-rodriguez in #8226
- Ensure Grouped Security Updates are rebased correctly by @jurre in #8204
- Raise user error when not finding path dependencies in Python by @deivid-rodriguez in #8172
- Support Python requirements with preceding "v" by @deivid-rodriguez in #8229
- Add types to
FileUpdaters::Baseby @JamieMagee in #8214 - v0.235.0 by @dependabot-core-action-automation in #8231
New Contributors
- @kurtmckee made their first contribution in #8127
Full Changelog: v0.234.0...v0.235.0
Contributors
kurtmckee, jurre, and 4 other contributors
Assets 2
v0.234.0
What's Changed
- build(deps): bump PNpm from 8.7.6 to 8.8.0 by @yeikel in #8101
- fix refreshing a grouped PR causes dependency duplication by @jakecoffman in #8150
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8157
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8158
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #8155
- Bump cython from 3.0.2 to 3.0.3 in /python/helpers by @dependabot in #8153
- Suppress for
Layout/MultilineMethodCallIndentationoffense by @ydah in #8134 - Bump the dev-dependencies group in /updater with 1 update by @dependabot in #8163
- Bump the aws-sdk group in /updater with 2 updates by @dependabot in #8109
- Remove the leading v from Docker versions by @Nishnha in #8165
- grouped security updates by @jakecoffman in #8128
- Small
dry-run.rbimprovement to also handle file fetching errors by @deivid-rodriguez in #8173 - include more info in grouped security update group name by @jakecoffman in #8178
- build(deps): bump Terraform from 1.5.6 to 1.6.1 by @yeikel in #7985
- Ignore file dependencies when parsing requirement files by @deivid-rodriguez in #8170
- v0.234.0 by @dependabot-core-action-automation in #8180
Full Changelog: v0.233.0...v0.234.0
Contributors
jakecoffman, deivid-rodriguez, and 4 other contributors
Assets 2
v0.233.0
What's Changed
- Bump the dev-dependencies group in /updater with 2 updates by @dependabot in #8009
- Bump friendsofphp/php-cs-fixer from 3.23.0 to 3.26.1 in /composer/helpers/v2 by @dependabot in #7996
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #7999
- Bump phpstan/phpstan from 1.10.30 to 1.10.34 in /composer/helpers/v2 by @dependabot in #8035
- Add sig to dependency injection containers by @JamieMagee in #8032
- Add types to clients by @JamieMagee in #8038
- fix: call 'split' on string-type object, not on version-type object by @fredrikaverpil in #8037
- Bump RUBY_VERSIONS to include 3.1.4 and 3.2.2 by @kjeldahl in #8041
- Bump phpstan/phpstan from 1.10.32 to 1.10.34 in /composer/helpers/v1 by @dependabot in #8036
- Upload spoom coverage report data by @JamieMagee in #8046
- Generate and upload spoom coverage report on main by @JamieMagee in #8047
- fix go1.21 not a toolchain by @jakecoffman in #8044
- build(deps): bump go from 1.21.0 to 1.21.1 by @yeikel in #7986
- Update Sorbet from
0.5.11011to0.5.11026by @JamieMagee in #8064 - raise if the reference already exists by @jakecoffman in #8043
- 💅 Use defaults instead of comments for documentation by @landongrindheim in #8069
- Bump actions/checkout from 3 to 4 by @dependabot in #7997
- Track unknown errors by @Nishnha in #7534
- Bump pipenv from 2022.4.8 to 2023.8.28 in /python/helpers by @dependabot in #7922
- Removed logging of commands from Subprocess failure by @honeyankit in #8082
- Use new blessed method for installing NodeJS by @deivid-rodriguez in #8093
- Respect style of each action when mixed styles are used by @deivid-rodriguez in #8068
- fix comment typo by @mburumaxwell in #8076
- Fix Swift 5.9 package manifest analyze error by @soumyamahunt in #8073
- Dockerfile - Add infrequently layers earlier by @tvalenta in #8031
- Fix warnings when running tests in common by @deivid-rodriguez in #8100
- Fix some github actions version comments not getting updated by @deivid-rodriguez in #8098
- build(deps): bump PNpm from 8.6.12 to 8.7.6 by @yeikel in #7899
- Add
sigs forutilsby @JamieMagee in #8096 - Properly infer
.npmrcfor PNPM by @deivid-rodriguez in #8094 - Fix CI by @deivid-rodriguez in #8105
- Improve running specs by @deivid-rodriguez in #8092
- Remove another git warning during specs by @deivid-rodriguez in #8113
- fix dependency duplication across multiple groups by @jakecoffman in #8106
- fix semver segments errors due to invalid Versions by @jakecoffman in #8124
- Add sigs for some
version.rbby @JamieMagee in #8049 - Remove grouped updates feature flags by @jurre in #8123
- Raise unsupported Python version error as an expected error by @deivid-rodriguez in #8104
- Fix a typo by @ydah in #8133
- Fix some flaky test failures by @deivid-rodriguez in #8140
- Catch up test lockfile with parser 3.2.2.4 release by @deivid-rodriguez in #8142
- Parallelize tests on all ecosystems, except for Pub by @deivid-rodriguez in #8139
- fix completely ignored dependencies querying for updates by @jakecoffman in #8143
- Added record update job error api back to capture unknown errors by @honeyankit in #8144
- v0.233.0 by @dependabot-core-action-automation in #8034
New Contributors
- @fredrikaverpil made their first contribution in #8037
- @kjeldahl made their first contribution in #8041
- @soumyamahunt made their first contribution in #8073
- @ydah made their first contribution in #8133
Full Changelog: v0.232.0...v0.233.0
Contributors
kjeldahl, jurre, and 13 other contributors
Assets 2
v0.232.0
What's Changed
- Autobump to
typed: trueusingspoomby @JamieMagee in #8021 - fix helpful error message to have PR number by @jakecoffman in #8024
- Actions: skip unsupported uses strings by @jakecoffman in #8026
- fix docker-dev-shell on ARM by @jakecoffman in #8029
- Add back the Docker::Version.correct? method by @Nishnha in #8030
Full Changelog: v0.231.0...v0.232.0
Contributors
jakecoffman, JamieMagee, and Nishnha
Assets 2
v0.231.0
What's Changed
- Ensure Docker versions are valid Dependabot::Versions by @Nishnha in #7984
- Use
rstripto trim trailing newlines by @JamieMagee in #7991 - Set
Layout/DotPositiontoleadingby @JamieMagee in #7789 - Add
.git-blame-ignore-revs-fileand ignore style change by @JamieMagee in #7992 - Bump the dev-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in #8000
- Add sorbet dependencies by @JamieMagee in #8007
- Update semver by @jurre in #8005
- Make sorbet and tapioca optional by @JamieMagee in #8014
- Initialize sorbet by @JamieMagee in #8012
- Add
typed: falsesigil by @JamieMagee in #8015 - Add
rubocop-sorbetby @JamieMagee in #8016 - Add sorbet workflow by @JamieMagee in #8017
- raise exceptions when PR creation fails by @jakecoffman in #8013
- Add Sorbet VSCode extension by @JamieMagee in #8018
- v0.231.0 by @dependabot-core-action-automation in #8019
Full Changelog: v0.230.0...v0.231.0
Contributors
jurre, jakecoffman, and 3 other contributors
Assets 2
v0.230.0
What's Changed
- Bump the aws-sdk group in /updater with 1 update by @dependabot in #7852
- Use
python3/pip3so we don't have to havepython/pipsymlinks by @jeffwidman in #7927 - Bump cython from 3.0.0 to 3.0.2 in /python/helpers by @dependabot in #7905
- Use pre-compiled Python from official Docker image by @jeffwidman in #7934
- build(deps): bump Yarn to 3.6.3 by @yeikel in #7908
- build(deps): bump npm from 9.5.1 to 9.6.5 by @yeikel in #7811
- Bump excon from 0.100.0 to 0.102.0 in /updater by @dependabot in #7904
- Move copying the other pythons to the end of the Dockerfile by @jeffwidman in #7941
- Python helper removes bytecode files by @tvalenta in #7944
- Stop installing apt packages for compiling Python by @jeffwidman in #7943
- Make building the default python concurrent rather than sequential by @jeffwidman in #7949
- Bump RUBY_VERSIONS to include 3.0.6 by @jade-aronson in #7948
- Replace
gzipwithzstdfor speed + size benefits by @jeffwidman in #7950 - Gradle: fix comparison of the prefix version range by @jakecoffman in #7975
- Bump tibdex/github-app-token from 1.8.0 to 1.8.2 by @dependabot in #7957
- go: fix ambiguous import when using a module without a dot by @vincentbernat in #7979
- Maven: fix classifier being part of the dependency name by @jakecoffman in #7980
- v0.230.0 by @dependabot-core-action-automation in #7982
New Contributors
- @jade-aronson made their first contribution in #7948
- @vincentbernat made their first contribution in #7979
Full Changelog: v0.229.0...v0.230.0
Contributors
jeffwidman, vincentbernat, and 5 other contributors
Assets 2
v0.229.0
What's Changed
- Target latest Python versions - 3.11.5, 3.10.13, 3.9.18, 3.8.18 by @phillipuniverse in #7914
- Bump phpstan/phpstan from 1.10.30 to 1.10.32 in /composer/helpers/v1 by @dependabot in #7901
- build(deps): bump terraform from 1.5.5 to 1.5.6 by @yeikel in #7892
- fix: duplicate response body before mutating it by @yeikel in #7926
- v0.229.0 by @dependabot-core-action-automation in #7929
Full Changelog: v0.228.0...v0.229.0
Contributors
phillipuniverse, yeikel, and dependabot
Assets 2
v0.228.0
What's Changed
- Bump rubocop from 1.50.2 to 1.56.0 in /updater by @dependabot in #7788
- Revert "Don't depend on flake8 at runtime (#6830)" by @jeffwidman in #7836
- When trying to parse exact package.json versions, ignore parse errors by @deivid-rodriguez in #7844
- Bump pip from 23.2.0 to 23.2.1 in /python/helpers by @dependabot in #7847
- Bump pip-tools from 7.2.0 to 7.3.0 in /python/helpers by @dependabot in #7845
- Bump flake8 from 5.0.4 to 6.1.0 in /python/helpers by @dependabot in #7846
- Add support for Poetry 1.5 lockfiles by @deivid-rodriguez in #7834
- Simplify development images by @deivid-rodriguez in #7843
- Fix Python runtime errors when instrumenting versions by @deivid-rodriguez in #7858
- fix ungrouped PRs being created due to errors during grouped update by @jakecoffman in #7829
- Regenerate some lockfiles with Poetry 1.5 by @deivid-rodriguez in #7862
- Fix encoding option value for gitlab commit creation by @andrcuns in #7850
- Fix Python version switched from exact to tilde version by @deivid-rodriguez in #6702
- Pub smallest update by @sigurdm in #7446
- Bump underlying
ubuntuto22.04LTS by @jeffwidman in #5030 - Update poetry version to 1.6.1 by @noorul in #7866
- Add
yamllintto linters by @jeffwidman in #7818 - Bump the dev-dependencies group in /composer/helpers/v2 with 1 update by @dependabot in #7870
- python: Handle explicit PyPI source in pyproject.toml by @torarvid in #7499
- Pass exact version being run when replacing python requirement in pyproject.toml by @deivid-rodriguez in #7857
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7873
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #7871
- Bump rubocop from 1.56.0 to 1.56.1 in /updater by @dependabot in #7872
- Don't double-install packages required for building Python. by @jeffwidman in #7876
- Use dependency-type and semver grouping for dev dependencies by @jurre in #7881
- Bubble up expected pub security update errors to the user by @deivid-rodriguez in #7880
- Fix missed error matching on composer by @deivid-rodriguez in #7879
- Report gradle security update errors when dependency not found in repository by @deivid-rodriguez in #7878
- Fix typo by @deivid-rodriguez in #7883
- fix edge cases during semver grouping creating single PRs erroneously by @jakecoffman in #7867
- Split system packages into two sections: required to build python vs required to build users' python packages by @jeffwidman in #7877
- Parallelize tests by @deivid-rodriguez in #6590
- fixes toolchain directive getting into go.mod by @jakecoffman in #7884
- Install libkrb5-dev package in python Dockerfile by @yashvardhannanavati in #7604
- v0.228.0 by @dependabot-core-action-automation in #7893
New Contributors
- @torarvid made their first contribution in #7499
- @yashvardhannanavati made their first contribution in #7604
Full Changelog: v0.227.0...v0.228.0
Contributors
noorul, torarvid, and 8 other contributors
Assets 2
v0.227.0
What's Changed
- Don't copy .rubocop.yml file to updater's home folder by @deivid-rodriguez in #7797
- Remove mount of folder that does not exist by @deivid-rodriguez in #7799
- Let RuboCop inspect files in ecosystem bin folders by @deivid-rodriguez in #7798
- Explicitly require
dependabot/utilsbefore usage by @deivid-rodriguez in #7800 - Make grouped updates table more readable by @jurre in #7796
- Reduce Swift image size by @deivid-rodriguez in #7812
- Don't copy ruby version file into the updater image by @deivid-rodriguez in #7802
- Bump rubocop-performance from 1.18.0 to 1.19.0 in /updater by @dependabot in #7809
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #7814
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7807
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7815
- Bump nokogiri from 1.15.3 to 1.15.4 in /updater by @dependabot in #7810
- Add apt lists clean up to python Dockerfile by @tvalenta in #7803
- Restore a more standard RuboCop configuration layout by @deivid-rodriguez in #7801
- Do not attempt to group git dependencies as semver by @jurre in #7817
- Drop
python3.6by @jeffwidman in #7610 - Remove
3.6guard when settingpoetry config experimental.system-git-clientby @jeffwidman in #7614 - Stop manually installing python by @jeffwidman in #7613
- Update pip requirement from <23.2.0,>=21.3.1 to >=21.3.1,<23.3.0 in /python/helpers by @dependabot in #7570
- Stop explicitly specifying python patch versions by @jeffwidman in #7615
- Drop python 3.7 by @jeffwidman in #7702
- Pin poetry to specific version by @jeffwidman in #7716
- Upgrade
pip-toolsto7.2.0by @jeffwidman in #7711 - Fix typo in no matching dependencies for group error by @jurre in #7820
- Refactor poetry logic to parse subdependency types by @deivid-rodriguez in #7826
pipno longer requires a range by @jeffwidman in #7714- Update Go to 1.21 by @jakecoffman in #7823
- Revert "Don't copy ruby version file into the updater image (#7802)" by @deivid-rodriguez in #7835
- Python 3.6 drop follow up by @deivid-rodriguez in #7831
- Fix yanked library problems in Poetry not detected when lockfile is present by @deivid-rodriguez in #7832
- Remove code handling pyproject.lock files by @deivid-rodriguez in #7833
- Mount .ruby-version in the dev image instead of copying it by @deivid-rodriguez in #7841
- Support security updates for NPM with exact requirements and no lockfile by @deivid-rodriguez in #7819
- Simplify handling all versions metadata on NPM by @deivid-rodriguez in #7821
- v0.227.0 by @dependabot-core-action-automation in #7824
- Debug issues with docker prereleases by @deivid-rodriguez in #7842
New Contributors
Full Changelog: v0.226.0...v0.227.0
Contributors
jeffwidman, jurre, and 4 other contributors