Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.248.0
What's Changed
- Strict type
Dependabot::Nuget::UpdateChecker::VersionFinderby @JamieMagee in #9284 - Type more classes by @ryanbrandenburg in #9275
- Make
tomlan explicit requirement by @jeffwidman in #8626 - Update stalebot.yml by @jonjanego in #9295
- Update stalebot.yml by @jonjanego in #9298
- make dependency file not found message more specific by @brettfo in #9294
- Strict type some more
nugetby @JamieMagee in #9293 - Update stalebot.yml by @jonjanego in #9302
- Bump the sorbet group with 1 update by @dependabot in #9274
- Create issue-labeler.yml by @abdulapopoola in #9305
- Create add-to-core-project.yml by @abdulapopoola in #9307
- Update add-to-core-project.yml by @abdulapopoola in #9310
- Update PNPM to 8.15.5 by @abdulapopoola in #9320
- report discovered dependencies and requirement metadata by @brettfo in #9303
- chore(python): target latest python versions 3.12.2, 3.11.8 by @sileht in #9328
- Switch to official GitHub action for managing app tokens by @jeffwidman in #9340
- v0.248.0 by @dependabot-core-action-automation in #9339
New Contributors
Full Changelog: v0.247.0...v0.248.0
Contributors
sileht, jeffwidman, and 6 other contributors
Assets 2
v0.247.0
What's Changed
- Resolve errors from Sorbet
todo.rbiby @JamieMagee in #9177 - Only use credentials which have
registryconfigured by @JamieMagee in #9159 - fix type of requirements_update_strategy by @jakecoffman in #9197
- Require
typed: trueforcargoby @JamieMagee in #9194 - Record Sorbet errors with OpenTelemetry by @JamieMagee in #9202
- remove tests that are covered by smoke or silent tests by @jakecoffman in #9205
- use built-in file downloader to get
.nupkgby @brettfo in #9204 - Strict type most of
github_actionsby @JamieMagee in #9186 - Ensure
T::SetfromNuGetClient.get_package_versionsby @JamieMagee in #9180 - build(deps): bump node to v20 by @yeikel in #8275
- support multi-directory update with no groups by @jakecoffman in #9148
- Avoid instantiating a dependency with nil requirements by @bdragon in #9216
- Bump library/golang from 1.22.0-bookworm to 1.22.1-bookworm in /go_modules by @dependabot in #9226
- fix exception during all-versions-ignored handling by @jakecoffman in #9214
- Add handling for nil
source_urlinIssueLinkerwhen generating PR text by @bdragon in #9220 - Add and configure
rubocop-rspecby @JamieMagee in #9206 - always directly download nupkg and cache the tfms by @brettfo in #9230
- report the current version as latest if nothing can be found by @brettfo in #9234
↔️ Report Errors to the Service by @landongrindheim in #9208- Allow
onas a YAML key by @landongrindheim in #9229 - Update
NuGet.Clientfrom6.8.0.131to6.9.1.3by @JamieMagee in #9222 - don't assume the
Includeattribute is present on a<ProjectReference>node by @brettfo in #9238 - Fix Nuget grouped PR's by @sebasgomez238 in #9228
- improve robustness of parsing odd-looking version ranges by @brettfo in #9239
- Simplify type parameters for
Gem::Versionby @JamieMagee in #9232 - Avoid comparison with nil version by @bdragon in #9242
- Strict type
nugetfile_fetcher, file_parser, and file_updater classes. by @JoeRobich in #9225 - Filter out NuGet files where lines were only deleted by @JamieMagee in #9162
- Set
branchforNuGet.Clientsubmodule by @JamieMagee in #9223 - use safe navigation through resolvable version by @brettfo in #9243
- prevent both directory and directories from being in the job definition by @jakecoffman in #9227
- Fix the number of updated directories in a group update by @Nishnha in #9240
- allow interactive debugging of tests in the updater by @jakecoffman in #9250
- when resolving MSBuild properties, don't throw if it can't be resolved by @brettfo in #9252
- ensure nupkg zip entry contains a tfm before adding to the list by @brettfo in #9263
- multi-dir rebase of a single dependency by @jakecoffman in #9212
- ⏩ Send Remaining Exceptions to the Service by @landongrindheim in #9237
- Create stalebot.yml, update contributors to explain its existence by @jonjanego in #9264
- Suppress yamlint warning by @abdulapopoola in #9273
- Bump the pip-tools group in /python/helpers with 1 update by @dependabot in #9256
requirements_update_strategyisStringnotSymbolby @JamieMagee in #9179- Type more of
nugetby @JamieMagee in #9244 - Allow
filesto be nilable insolo_strategyby @JamieMagee in #9280 - update dotnet sdk by @brettfo in #9282
- improve update-not-possible logging by @jakecoffman in #9269
- 📏 Standardize Error Keys by @landongrindheim in #9251
- Silence non-file fetching errors by @landongrindheim in #9279
- always recurse submodules when cloning by @jakecoffman in #9278
- Handle local nuget repositories by @ryanbrandenburg in #9253
- Update stalebot.yml by @jonjanego in #9285
- v0.247.0 by @dependabot-core-action-automation in #9235
New Contributors
- @jonjanego made their first contribution in #9264
Full Changelog: v0.246.0...v0.247.0
Contributors
bdragon, abdulapopoola, and 11 other contributors
Assets 2
v0.246.0
What's Changed
- Avoid passing nil url to registry client by @bdragon in #9111
- make DependencySnapshot aware of multiple directories by @jakecoffman in #8963
- Set the dependabot_updater_version docker env from the build arg by @Nishnha in #9116
- Update referenced projects during a run of NuGetUpdater. by @JoeRobich in #9097
- Strict type
Dependabot::Clients::Bitbucketby @JamieMagee in #9113 - Strict type
Dependabot::Clients::CodeCommitby @JamieMagee in #9121 - Strict type
Dependabot::Clients::GitHubWithRetriesby @JamieMagee in #9122 - Strict type
Dependabot::Clients::GitLabWithRetriesby @JamieMagee in #9129 - Fetch the cargo config file so we fetch registry definitions by @pavera in #9109
- Strict type
Dependabot::PullRequestCreator::MessageBuilderby @JamieMagee in #9130 - add more http redirects by @brettfo in #9135
- find .nupkg URL without PackageBaseAddress by @brettfo in #9117
- Strict type
Dependabot::PullRequestUpdater::Gitlabby @JamieMagee in #9132 - output job.json at the start of a run by @jakecoffman in #9133
- Strict type
Dependabot::PullRequestCreator::Azureby @JamieMagee in #9131 - Strict type
Dependabot::PullRequestCreator::CodeCommitby @JamieMagee in #9141 - Strict type
Dependabot::PullRequestCreator::Bitbucketby @JamieMagee in #9140 - Enable
Sorbet/TrueSigilrule incomposerby @JamieMagee in #9139 - Enable
Sorbet/TrueSigilrule inelmby @JamieMagee in #9138 - Strict type
Dependabot::UpdateCheckers::Baseby @JamieMagee in #8947 - Enable
Sorbet/TrueSigilrule ingithub_actionsby @JamieMagee in #9137 - make test properly fail on malformed path by @brettfo in #9104
- don't fail completely if package version cannot be parsed by @brettfo in #9153
- Bump the sorbet group with 1 update by @dependabot in #9150
- Use new Credential class in dry-run script by @noorul in #9123
- run
nuget restoreif the first update operation failed by @brettfo in #9157 - Strict type
Dependabot::PullRequestCreator::GitHubby @JamieMagee in #9154 - Strict type
Dependabot::PullRequestCreator::Gitlabby @JamieMagee in #9155 - Strict type
Dependabot::PullRequestUpdater::Azureby @JamieMagee in #9163 - Strict type
Dependabot::PullRequestUpdater::GitHubby @JamieMagee in #9165 - Require
typed: strictforcommonby @JamieMagee in #9174 - Require
typed: truefordockerby @JamieMagee in #9175 - Require
typed: trueforsilentby @JamieMagee in #9176 - Allow a list of properties to ignore when evaluating MSBuild values. by @JoeRobich in #9164
- improve nuget v2 handling for non- nuget.org sources by @brettfo in #9172
- Switch Open Telemetry to use in_span vs start by @jpinz in #9158
- v0.246.0 by @dependabot-core-action-automation in #9161
Full Changelog: v0.245.0...v0.246.0
Contributors
bdragon, noorul, and 8 other contributors
Assets 2
v0.245.0
What's Changed
- Find Gradle repositories nested in
dependencyResolutionManagementblocks by @eikes in #7260 - Fix hardcoded amd64 arch for git-shim by @andrcuns in #9067
- Surface out of disk/memory error message for easier visibility by @honeyankit in #9064
- fix docker credential type errors by @jakecoffman in #9091
- Report release to sentry by @deivid-rodriguez in #8885
- NuGet: Set EnableWindowsTargeting as true by @na1307 in #9082
- Fix README image header by @davidstosik in #9095
- Bump to Bundler 2.5.5 by @deivid-rodriguez in #8859
- nuget updater command is already space-enabled; allow unsafe execution by @brettfo in #9092
- Strict type
Dependabot::Clients::BitbucketWithRetriesby @JamieMagee in #9087 - Run the prepare tag step on pull_request_review by @Nishnha in #9107
- v0.245.0 by @dependabot-core-action-automation in #9094
New Contributors
- @eikes made their first contribution in #7260
- @na1307 made their first contribution in #9082
- @davidstosik made their first contribution in #9095
Full Changelog: v0.244.0...v0.245.0
Contributors
eikes, davidstosik, and 8 other contributors
Assets 2
v0.244.0
What's Changed
- Expand wildcards in nuget project references by @sebasgomez238 in #8956
- Check credentials for required properties by @JamieMagee in #9052
- Properly parse .ruby-version file by @etiennebarrie in #9012
- build(deps): bump pNPM to 8.15.2 by @yeikel in #8925
- Make container image references explicit by @JamieMagee in #9044
- add missing require statement in credential.rb by @fnoGematik in #9054
- Fix dependency typo by @fredericboyer in #9049
- Report Sorbet issue to sentry without raising by @jurre in #8998
- Fix crash when updating sha-pinned images with no "latest" tag by @deivid-rodriguez in #8070
- Prevent attempt to create empty commit by @bdragon in #9061
- v0.244.0 by @dependabot-core-action-automation in #9056
New Contributors
- @sebasgomez238 made their first contribution in #8956
- @fnoGematik made their first contribution in #9054
- @fredericboyer made their first contribution in #9049
Full Changelog: v0.243.0...v0.244.0
Contributors
etiennebarrie, bdragon, and 7 other contributors
Assets 2
v0.243.0
What's Changed
- Revert "Migrate from
sentry-raventosentry-ruby" by @jakecoffman in #8874 - Docker parser/updater: also support files with a
.in the name by @danwkennedy in #8875 - try to perform environment variable expansion in
NuGet.Confingby @brettfo in #8879 - Enable version updates for devcontainers by @deivid-rodriguez in #8882
- Point again to latest pipenv release by @deivid-rodriguez in #8880
- Strict type
Dependabot::PullRequestCreator::PrNamePrefixerby @JamieMagee in #8866 - Strong type
Dependabot::PullRequestCreator::MessageBuilder::IssueLinkerby @JamieMagee in #8865 - Use proper discovery logic for dotnet-tools.json files. by @JoeRobich in #8889
- [gradle] Parse repositories from the top-level buildfile by @Nishnha in #8891
- only directly query
.nuspecfiles from nuget and azure devops by @brettfo in #8892 - Add a guard for nil top level buildfiles by @Nishnha in #8894
- Fix milestone type for PullRequestCreator by @andrcuns in #8890
- Migrate from
sentry-raventosentry-rubyby @JamieMagee in #8878 - search all candidate packages for compatibility in descending version order by @brettfo in #8901
- add a fake ecosystem for updater integration tests by @jakecoffman in #8871
- Strict type
Dependabot::MetadataFinders::CommitsFinderby @JamieMagee in #8893 - grouped security updates don't require an explicit group by @jakecoffman in #8907
- Strict type
Dependabot::MetadataFinders::Base::ReleaseFinderby @JamieMagee in #8897 - Strict type
Dependabot::MetadataFinders::Base::ChangelogPrunerby @JamieMagee in #8902 - clean directory at job start by @jakecoffman in #8912
- build(deps): bump pNPM to 8.14.3 by @yeikel in #8667
- Handle MSBuild property conditions that have a property wrapped in single quotes in NuGetUpdater by @bording in #8913
- Don't assume
.nuspecdependency group has atargetFrameworkattribute. by @brettfo in #8915 - fix nil directory causing NilClass exception by @jakecoffman in #8921
- tests for grouped security update rebase jobs by @jakecoffman in #8909
- Remove invalid UTF-8 characters from nuspec response body by @JamieMagee in #8929
- Always use .ruby-version for Bundler dependency resolution by @etiennebarrie in #8835
- fix token running out of API quota by @jakecoffman in #8877
- updater end-to-end helper script by @jakecoffman in #8932
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8920
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in #8820
- Retry transient git clone errors by @JamieMagee in #8926
- Surround command line arguments with quotes by @TomW-Skyline in #8695
- Strict type
Dependabot::PullRequestCreator::MessageBuilder::Metadata::Presenterby @JamieMagee in #8942 - Add codespell config and workflow to detect new typos, fix some already found typos by @yarikoptic in #8228
- add tests around incidental updates by @jakecoffman in #8941
- grouped security updates: use the group if one is defined by @jakecoffman in #8742
- always clone all the ecosystems by @jakecoffman in #8933
- fix smoke tests failing because Dir.entries order is not deterministic by @jakecoffman in #8945
- bump(deps): bump regclient from 0.5.1 to 0.5.6 by @yeikel in #8103
- add sorbet types to Dependabot::Job by @jakecoffman in #8943
- Do not swallow exception, print the message by @trejjam in #8928
- Bump the sorbet group with 2 updates by @dependabot in #8951
- Job ID type is always a String by @jakecoffman in #8953
- Bump the all-actions group with 3 updates by @dependabot in #8952
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #8520
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8934
- fix security updates getting into grouped code by @jakecoffman in #8957
- Don't recursively update projects which have already been evaluated by @ryanbrandenburg in #8940
- Add
sentry-opentelemetryand configure when OTel is enabled by @JamieMagee in #8935 - fix Go prerelease ordering by @jakecoffman in #8962
- make a Credential class by @jakecoffman in #8967
- Strict type
Dependabot::GitSubmodulesby @JamieMagee in #8970 - Strict type
Dependabot::Devcontainersby @JamieMagee in #8982 - force set
Condition="false"on Microsoft.WebApplication.targets by @brettfo in #8946 - escape nuget feed urls before querying by @brettfo in #8990
- fix TypeError: no implicit conversion of Credential into Hash by @jakecoffman in #8995
- add types to DependencySnapshot by @jakecoffman in #8986
- Allow
submodule_pathto be nilable by @JamieMagee in #8996 - Expand Sorbet usage by @ryanbrandenburg in #8958
- Update DevContainer by @ryanbrandenburg in #8968
- True type
Dependabot::Python::Versionby @JamieMagee in #9002 - True type
Dependabot::Bundler::FileFetcherto by @JamieMagee in #8997 - handle dependencies incidentally updated by @jakecoffman in #8803
- Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /go_modules by @dependabot in #9008
- fix(gitlab): pr creator missing default for target_project_id by @THETCR in #8985
- Add info on Docker tag support by @Nishnha in #9000
- Nuget lint by @trejjam in #8930
- Filter out NuGet feeds which don't have URLs by @JamieMagee in #9011
- only consider a package a development dependency if it doesn't have any other regular dependencies by @brettfo in #9017
- allow folllowing HTTP 307 when resolving
.nupkgcontents by @brettfo in #9022 - add types to DependencyChange by @jakecoffman in #8999
- fix directories in use for non-grouped updates by @jakecoffman in #9026
- Strict type
Dependabot::MetadataFinders::Base::ChangelogFinderby @JamieMagee in #9029 - add close up-to-date updater test by @jakecoffman in #9025
- test more of the security error scenarios by @jakecoffman in #9039
- support group configs specifically for security updates or version updates by @jakecoffman in #9040
- Strict type
Dependabot::Clients::Azureby @JamieMagee in #9042 - Fix d...
Contributors
etiennebarrie, yarikoptic, and 16 other contributors
Assets 2
v0.242.1
What's Changed
- Strong type
Dependabot::FileFetchers::Base::DependencySetby @JamieMagee in #8791 - Docker fetcher: support filenames with a
.in the middle of the name by @danwkennedy in #8862 - Centralize more Nuget calls by @ryanbrandenburg in #8849
- Unlock
excondependency range by @JamieMagee in #8850 requirerelated gems when initializing OpenTelemetry instrumentation by @JamieMagee in #8851- Disable analyzers in MSBuild temp projects by @ryanbrandenburg in #8863
- use common helper to look for
Directory.Packages.propsby @brettfo in #8842 - Allow BranchNamer to be passed a nil branch by @deivid-rodriguez in #8869
- Migrate from
sentry-raventosentry-rubyby @JamieMagee in #8818 - v0.242.1 by @dependabot-core-action-automation in #8870
New Contributors
- @danwkennedy made their first contribution in #8862
Full Changelog: v0.242.0...v0.242.1
Contributors
danwkennedy, brettfo, and 3 other contributors
Assets 2
v0.242.0
What's Changed
- Handle Update PackageReferences more correctly by @ryanbrandenburg in #8827
- Handle malformed Global.json by @ryanbrandenburg in #8812
- standardizing exception tags by @jakecoffman in #8836
- Fix reviewers, assignees types in PullReqeustCreator by @andrcuns in #8838
- Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #8824
- Bump opentelemetry-instrumentation-http from 0.23.1 to 0.23.2 in /updater by @dependabot in #8823
- Handle STDOUT more correctly by @ryanbrandenburg in #8840
- We now encourage new ecosystems by @abdulapopoola in #8844
- Strong type
Dependabot::SecurityAdvisoryby @JamieMagee in #8792 - Plugin devcontainers ecosystem by @deivid-rodriguez in #8858
- Add
devcontainersecosystem by @joshspicer in #8445 - v0.242.0 by @dependabot-core-action-automation in #8861
New Contributors
- @joshspicer made their first contribution in #8445
Full Changelog: v0.241.0...v0.242.0
Contributors
abdulapopoola, jakecoffman, and 6 other contributors
Assets 2
v0.241.0
What's Changed
- raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in #8787
- Strict type
Dependabot::GitCommitCheckerby @JamieMagee in #8789 - allow mismatching version in
.csprojby @brettfo in #8783 - Strong type
Dependabot::FileParsers::Baseby @JamieMagee in #8794 - Strict type
Dependabot::MetadataFinders::Baseby @JamieMagee in #8774 - Strong type
Dependabot::PullRequestCreator::BranchNamerby @JamieMagee in #8790 - Fix vscode rdbg launch command by @JamieMagee in #8778
- Replace extensions with up-to-date equivalents by @JamieMagee in #8784
- Allow
versionto beStringorGem::Versionby @JamieMagee in #8809 - Bundle
helpersfolder intodependabot-nugetgem by @trejjam in #8589 - Bump sorbet-runtime from 0.5.11178 to 0.5.11193 in /updater by @dependabot in #8799
- update phrasing in contributing.md by @carogalvin in #8813
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8811
- Bump the aws-sdk group in /updater with 2 updates by @dependabot in #8662
- Bump cython from 3.0.5 to 3.0.8 in /python/helpers by @dependabot in #8800
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8814
- Start removing updater coupling on specific ecosystems by @deivid-rodriguez in #8678
- Use correct global.json discovery logic when updating. by @JoeRobich in #8815
- Handle non-matching tags by @landongrindheim in #8766
- Fix type definition for approvers in pull request creator by @andrcuns in #8793
- Bump flake8 from 6.1.0 to 7.0.0 in /python/helpers by @dependabot in #8708
- Group Python helper updates by @abdulapopoola in #8819
- Bump the common group in /python/helpers with 1 update by @dependabot in #8821
- v0.241.0 by @dependabot-core-action-automation in #8830
New Contributors
- @JoeRobich made their first contribution in #8815
Full Changelog: v0.240.0...v0.241.0
Contributors
abdulapopoola, JoeRobich, and 9 other contributors
Assets 2
v0.240.0
What's Changed
- bump Cargo from 1.69.0 to 1.75.0 by @jakecoffman in #8686
- Bump Bundler to 2.5 by @deivid-rodriguez in #8619
- Move sorbet setup from omnibus to root by @deivid-rodriguez in #8670
- Fix building development image & running dry-run.rb script by @deivid-rodriguez in #8694
- Add fingerprint to dynamic git commands by @deivid-rodriguez in #8495
- Fix missing stackprof preventing dry-run.rb script from running by @deivid-rodriguez in #8696
- Dependabot should keep Cargo up to date by @jakecoffman in #8699
- create azure nuget package urls directly from endpoint types by @brettfo in #8703
- fix unsupported Go modules preventing updates by @jakecoffman in #8702
- Check if RBIs are up-to-date by @JamieMagee in #8704
- Make sure tests use the same gem versions we use in production by @deivid-rodriguez in #8138
- Improve root gemfile handling by @deivid-rodriguez in #8712
- Only create PRs for dependencies in the sorbet group by @deivid-rodriguez in #8718
- Handle missing files by @ryanbrandenburg in #8661
- properly locate
nuget.configwhen it's further up-directory from a project by @brettfo in #8722 - Support Python 3.12 by @deivid-rodriguez in #8732
- Improve corepack setup by @deivid-rodriguez in #7134
- Raise a proper error when
package-json.lockis not parseable by @deivid-rodriguez in #8743 - Ignore
packageManagerfield inpackage.jsonwhen unparseable by @deivid-rodriguez in #8744 - Fallback to npm 6 when lockfileVersion is not parseable as an integer by @deivid-rodriguez in #8745
- NuGet efficiency by @ryanbrandenburg in #8679
- Fix broken nuget CI by @deivid-rodriguez in #8752
- Detect version constraint violations in NuGet by @ryanbrandenburg in #8624
- Test that file_parser reads .proj files by @ryanbrandenburg in #8746
- Handle unexpected kub image shapes by @ryanbrandenburg in #8750
- Strong type
Dependabot::PullRequestCreatorby @JamieMagee in #8729 - Strong type
Dependabot::PullRequestUpdaterby @JamieMagee in #8730 - Strong type
Dependabot::RegistryClientby @JamieMagee in #8736 - Strong type
Dependabot::Config::FileFetcherby @JamieMagee in #8737 - patch user-level
NuGet.Configbefore invoking dotnet/nuget tools by @brettfo in #8748 - Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /go_modules by @rcrowe in #8757
- directory is the job directory by @jakecoffman in #8762
- Remove unnecessary gitignore rules by @deivid-rodriguez in #8761
- Strong type
Dependabot::Versionby @JamieMagee in #8727 - Strict type
Dependabot::PullRequestCreator::Labelerby @JamieMagee in #8758 - Added Ruby 3.3.0 to RubyRequirementSetter version requirements by @schinery in #8754
- add NuGet maintainers to CODEOWNERS by @jakecoffman in #8764
- Update CODEOWNERS by @jakecoffman in #8771
- Strong type
Dependabot::BranchNamer::DependencyGroupStrategyby @JamieMagee in #8770 - Fix
bin/bump-version.rbscript to also handle root lockfile by @deivid-rodriguez in #8776 - defensive programming around missing dependency files during an update by @jakecoffman in #8765
- Add missing file to version bump PR by @deivid-rodriguez in #8779
- raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in #8782
- v0.240.0 by @dependabot-core-action-automation in #8781
New Contributors
Full Changelog: v0.239.0...v0.240.0
Contributors
schinery, rcrowe, and 5 other contributors