Releases: dependabot/dependabot-core
Releases 路 dependabot/dependabot-core
v0.229.0
What's Changed
- Target latest Python versions - 3.11.5, 3.10.13, 3.9.18, 3.8.18 by @phillipuniverse in #7914
- Bump phpstan/phpstan from 1.10.30 to 1.10.32 in /composer/helpers/v1 by @dependabot in #7901
- build(deps): bump terraform from 1.5.5 to 1.5.6 by @yeikel in #7892
- fix: duplicate response body before mutating it by @yeikel in #7926
- v0.229.0 by @dependabot-core-action-automation in #7929
Full Changelog: v0.228.0...v0.229.0
v0.228.0
What's Changed
- Bump rubocop from 1.50.2 to 1.56.0 in /updater by @dependabot in #7788
- Revert "Don't depend on flake8 at runtime (#6830)" by @jeffwidman in #7836
- When trying to parse exact package.json versions, ignore parse errors by @deivid-rodriguez in #7844
- Bump pip from 23.2.0 to 23.2.1 in /python/helpers by @dependabot in #7847
- Bump pip-tools from 7.2.0 to 7.3.0 in /python/helpers by @dependabot in #7845
- Bump flake8 from 5.0.4 to 6.1.0 in /python/helpers by @dependabot in #7846
- Add support for Poetry 1.5 lockfiles by @deivid-rodriguez in #7834
- Simplify development images by @deivid-rodriguez in #7843
- Fix Python runtime errors when instrumenting versions by @deivid-rodriguez in #7858
- fix ungrouped PRs being created due to errors during grouped update by @jakecoffman in #7829
- Regenerate some lockfiles with Poetry 1.5 by @deivid-rodriguez in #7862
- Fix encoding option value for gitlab commit creation by @andrcuns in #7850
- Fix Python version switched from exact to tilde version by @deivid-rodriguez in #6702
- Pub smallest update by @sigurdm in #7446
- Bump underlying
ubuntu
to22.04
LTS by @jeffwidman in #5030 - Update poetry version to 1.6.1 by @noorul in #7866
- Add
yamllint
to linters by @jeffwidman in #7818 - Bump the dev-dependencies group in /composer/helpers/v2 with 1 update by @dependabot in #7870
- python: Handle explicit PyPI source in pyproject.toml by @torarvid in #7499
- Pass exact version being run when replacing python requirement in pyproject.toml by @deivid-rodriguez in #7857
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7873
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #7871
- Bump rubocop from 1.56.0 to 1.56.1 in /updater by @dependabot in #7872
- Don't double-install packages required for building Python. by @jeffwidman in #7876
- Use dependency-type and semver grouping for dev dependencies by @jurre in #7881
- Bubble up expected pub security update errors to the user by @deivid-rodriguez in #7880
- Fix missed error matching on composer by @deivid-rodriguez in #7879
- Report gradle security update errors when dependency not found in repository by @deivid-rodriguez in #7878
- Fix typo by @deivid-rodriguez in #7883
- fix edge cases during semver grouping creating single PRs erroneously by @jakecoffman in #7867
- Split system packages into two sections: required to build python vs required to build users' python packages by @jeffwidman in #7877
- Parallelize tests by @deivid-rodriguez in #6590
- fixes toolchain directive getting into go.mod by @jakecoffman in #7884
- Install libkrb5-dev package in python Dockerfile by @yashvardhannanavati in #7604
- v0.228.0 by @dependabot-core-action-automation in #7893
New Contributors
- @torarvid made their first contribution in #7499
- @yashvardhannanavati made their first contribution in #7604
Full Changelog: v0.227.0...v0.228.0
v0.227.0
What's Changed
- Don't copy .rubocop.yml file to updater's home folder by @deivid-rodriguez in #7797
- Remove mount of folder that does not exist by @deivid-rodriguez in #7799
- Let RuboCop inspect files in ecosystem bin folders by @deivid-rodriguez in #7798
- Explicitly require
dependabot/utils
before usage by @deivid-rodriguez in #7800 - Make grouped updates table more readable by @jurre in #7796
- Reduce Swift image size by @deivid-rodriguez in #7812
- Don't copy ruby version file into the updater image by @deivid-rodriguez in #7802
- Bump rubocop-performance from 1.18.0 to 1.19.0 in /updater by @dependabot in #7809
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #7814
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7807
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7815
- Bump nokogiri from 1.15.3 to 1.15.4 in /updater by @dependabot in #7810
- Add apt lists clean up to python Dockerfile by @tvalenta in #7803
- Restore a more standard RuboCop configuration layout by @deivid-rodriguez in #7801
- Do not attempt to group git dependencies as semver by @jurre in #7817
- Drop
python
3.6
by @jeffwidman in #7610 - Remove
3.6
guard when settingpoetry config experimental.system-git-client
by @jeffwidman in #7614 - Stop manually installing python by @jeffwidman in #7613
- Update pip requirement from <23.2.0,>=21.3.1 to >=21.3.1,<23.3.0 in /python/helpers by @dependabot in #7570
- Stop explicitly specifying python patch versions by @jeffwidman in #7615
- Drop python 3.7 by @jeffwidman in #7702
- Pin poetry to specific version by @jeffwidman in #7716
- Upgrade
pip-tools
to7.2.0
by @jeffwidman in #7711 - Fix typo in no matching dependencies for group error by @jurre in #7820
- Refactor poetry logic to parse subdependency types by @deivid-rodriguez in #7826
pip
no longer requires a range by @jeffwidman in #7714- Update Go to 1.21 by @jakecoffman in #7823
- Revert "Don't copy ruby version file into the updater image (#7802)" by @deivid-rodriguez in #7835
- Python 3.6 drop follow up by @deivid-rodriguez in #7831
- Fix yanked library problems in Poetry not detected when lockfile is present by @deivid-rodriguez in #7832
- Remove code handling pyproject.lock files by @deivid-rodriguez in #7833
- Mount .ruby-version in the dev image instead of copying it by @deivid-rodriguez in #7841
- Support security updates for NPM with exact requirements and no lockfile by @deivid-rodriguez in #7819
- Simplify handling all versions metadata on NPM by @deivid-rodriguez in #7821
- v0.227.0 by @dependabot-core-action-automation in #7824
- Debug issues with docker prereleases by @deivid-rodriguez in #7842
New Contributors
Full Changelog: v0.226.0...v0.227.0
v0.226.0
What's Changed
- Stop checking deprecated
bugtrack_url
by @jeffwidman in #7681 - Fix typo in method name in Swift update checker by @deivid-rodriguez in #7683
- Bump Bundler to 2.4.17 by @deivid-rodriguez in #7684
- Fix Github Actions dependency parsing edge case by @deivid-rodriguez in #7494
- Ignore tags not matching prefix, when workflow is pinned to SHAs by @deivid-rodriguez in #7430
- Rename
conf_files
dir topip_conf_files
to reduce ambiguity by @jeffwidman in #7690 - Update
poetry
test of oldest supported python version to 3.8 by @jeffwidman in #7691 - Test that unsupported Python versions raise the expected error by @jeffwidman in #7692
- Add sane limit to PR description limit for Bitbucket cloud by @stefangr in #7693
- [Grouped Updates] Remove current handling for separate ungrouped version checks from the experiment by @brrygrdn in #7689
- Delete deprecated
host-environment-markers
key by @jeffwidman in #7698 - Fixup
pip_version_resolver
specs by @jeffwidman in #7699 - Move the
Pipfile
/Pipfile.lock
fixtures to a clearly named folder by @jeffwidman in #7700 - Update pip-tools requirement from <=6.13.0,>=6.4.0 to >=6.4.0,<=6.14.0 in /python/helpers by @dependabot in #7509
- Bump composer/composer from 2.5.5 to 2.5.8 in /composer/helpers/v2 by @dependabot in #7420
- Make
python_major_minor
a one-liner by @jeffwidman in #7705 - Use dockerignore rules that play better with recent docker versions by @deivid-rodriguez in #7713
- Give better error message when fixture project is missing a file by @deivid-rodriguez in #7717
- Document why we pin
wheel
by @jeffwidman in #7719 - Bump cython from 0.29.34 to 3.0.0 in /python/helpers by @dependabot in #7586
- Set file encoding in GitLab commits by @mikaellanger in #7381
- Fetching GitLab repo contents correctly uses the ref argument by @maciej-gol in #7351
- Suppress error output when evaluating invalid Ruby during tests by @deivid-rodriguez in #7706
- Fix fetching files in symlinked folders by @deivid-rodriguez in #7411
- Enable
--verbose
when running specs by @deivid-rodriguez in #7708 - Bump the dev-dependencies group in /npm_and_yarn/helpers with 4 updates by @dependabot in #7723
- Bump jason from 1.4.0 to 1.4.1 in /hex/helpers by @dependabot in #7538
- Bump aws-sdk-ecr from 1.58.0 to 1.63.0 in /updater by @dependabot in #7667
- Bump excon from 0.99.0 to 0.100.0 in /updater by @dependabot in #7485
- Bump parser from 3.2.2.0 to 3.2.2.3 in /updater by @dependabot in #7425
- Bump rubocop-performance from 1.17.1 to 1.18.0 in /updater by @dependabot in #7727
- Bump faraday-retry from 2.1.0 to 2.2.0 in /updater by @dependabot in #7726
- Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7725
- Group Dependabot
aws-sdk-*
PRs by @jeffwidman in #7732 - Bump the aws-sdk group in /updater with 1 update by @dependabot in #7733
- Bump vcr from 6.1.0 to 6.2.0 in /updater by @dependabot in #7729
- Bump commonmarker from 0.23.9 to 0.23.10 in /updater by @dependabot in #7730
- Bump the dev-dependencies group in /composer/helpers/v2 with 1 update by @dependabot in #7745
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7747
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7746
- Support SCP-style URIs in Swift updater by @deivid-rodriguez in #7722
- Delete unused test fixture by @jeffwidman in #7737
- Pin test to
legacy
resolver to force desired error message by @jeffwidman in #7738 - build(deps): bump go from 1.20.6 to 1.20.7 by @yeikel in #7754
- build(deps): bump regclient from 0.5.0 to 0.5.1 by @yeikel in #7752
- Delete unused method
error_certainly_bad_python_version?
by @jeffwidman in #7739 - Don't cancel full CI runs on main by @deivid-rodriguez in #7757
- build(deps): bump Yarn to 3.6.1 by @yeikel in #7755
- More swift requirement parsing fixes by @deivid-rodriguez in #7760
- Remove leftover setting that no longer exists by @deivid-rodriguez in #7762
- Remove gitignore entry that does not exist by @deivid-rodriguez in #7761
- fix PR unable to create with grouped updates by @jakecoffman in #7753
- Replace deprecated
pipenv lock
withpipenv requirements
by @jeffwidman in #7764 - build(deps): bump pnpm from 8.6.7 to 8.6.12 by @yeikel in #7751
- Update docker_registry2 by @NautiluX in #7658
- Bump faraday from 2.7.4 to 2.7.10 in /updater by @dependabot in #7735
- Unify memoization by @deivid-rodriguez in #7772
- Remove duplicated line in maven file fetcher by @deivid-rodriguez in #7770
- Fix incorrect memoizations by @deivid-rodriguez in #7773
- Remove leftover
puts
debugging message by @jeffwidman in #7779 - Fixing Yarn1 erroring with failed to replace env by @honeyankit in #7767
fetch_file_if_present
should ignore all "Not Found" errors by @deivid-rodriguez in #7774- Add missing
require
by @deivid-rodriguez in #7781 - build(deps): bump terraform from 1.5.4 to 1.5.5 by @yeikel in #7780
- Simplify Bundler native helper runners by @deivid-rodriguez in #7785
- implement semver grouping and individual PRs by @jakecoffman in #7776
- Update ignore condition table by @jurre in #7787
- Stop pinning
wheel
by @jeffwidman in #7784 - Stop coercing Pipfile source URL's to have trailing slashes by @jeffwidman in #7783
- Fix private source authentication error message by @deivid-rodriguez in #7786
- Add
name
key tosources
inPipfile
s by @jeffwidman in #7744 - Refactor preparing
package.json
files by @deivid-rodriguez in #7245 - Copy clone logic in dry-run.rb from the updater by @deivid-rodriguez in #7791
- Restore version schema with and <build_number> with words between them by @deivid-rodriguez in #7687
- Fix missing cache prunes by @deivid-rodriguez in #7295
- Make sure Bundler group vendoring smoke tests get actually run, and pass by @deivid-rodriguez in #7794
- Remove CodeQL warning by @deivid-rodriguez in #7792
- v0.226.0 by @dependabot-core-action-automation in #7704
New Contributors
...
v0.225.0
What's Changed
- Fix parsing Swift packages with spaces before closing parenthesis by @deivid-rodriguez in #7660
- Update devcontainer.json to include swift by @dwc0011 in #7653
- [Grouped Updates] Implement experimental Semantic Versioning rule by @brrygrdn in #7581
- Make sure Swift lockfile updates respect ignore conditions by @deivid-rodriguez in #7669
- Normalize Swift package names by @deivid-rodriguez in #7648
- Show ignore conditions in a request body by @honeyankit in #7654
- Remove manual exclusion of specific packages by @jeffwidman in #7676
- Fix some swift updates failing when
directory
is configured by @deivid-rodriguez in #7674 - build(deps): bump terraform from 1.5.3 to 1.5.4 by @HorizonNet in #7657
- v0.225.0 by @dependabot-core-action-automation in #7655
Full Changelog: v0.224.0...v0.225.0
v0.224.0
What's Changed
- fix Gemfile not updating for peer dependencies by @jakecoffman in #7621
- Delete leftover build script by @jeffwidman in #7611
- Add option to control PR description max length + set reasonable defaults for each platform by @dwc0011 in #7487
- Point at the correct
Dockerfile
for python by @jeffwidman in #7609 - Instrument Python version metric by @jeffwidman in #7617
- Metadata fetching: Don't fallback to
git
if not installed by @jeffwidman in #6409 - build(deps): bump PNPM to 8.6.7 by @yeikel in #7506
- Update dependabot.yml to capture by package manager by @abdulapopoola in #7630
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #7622
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7623
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #7633
- Fix parsing swift ranges with spaces by @deivid-rodriguez in #7637
- Fix typo by @jeffwidman in #7636
- Revert sanitization of package name by @deivid-rodriguez in #7246
- Fix CI by @deivid-rodriguez in #7650
- Implement security update support for Swift by @deivid-rodriguez in #7638
- cd: correctly find workspace.dependencies-declared dependencies and their Cargo.toml by @ggawryal in #7649
- fix: correctly find workspace.dependencies-declared dependencies and their Cargo.toml by @poliorcetics in #5865
- Bump licensed from 4.3.1 to 4.4.0 in /updater by @dependabot in #7596
- v0.224.0 by @dependabot-core-action-automation in #7631
New Contributors
Full Changelog: v0.223.0...v0.224.0
v0.223.0
What's Changed
- [Grouped Updates] Add support for grouping by dependency type by @brrygrdn in #7620
- Allow gem does not exist in RubyGems case by @deivid-rodriguez in #7626
- Fix CI by @deivid-rodriguez in #7628
- v0.223.0 by @dependabot-core-action-automation in #7627
Full Changelog: v0.222.0...v0.223.0
v0.222.0
What's Changed
- build(deps): bump Terraform from 1.5.2 to 1.5.3 by @yeikel in #7558
- build(deps): bump go from 1.20.4 to 1.20.6 by @yeikel in #7507
- Update README.md by @jmartens in #7491
- buid(deps): bump Yarn from 3.5.0 to 3.6.0 by @yeikel in #7329
- [Grouped Updates] Refactor the DependencyGroupEngine into an object, Improved logging for empty groups by @brrygrdn in #7548
- [Grouped Updates] Don't instantiate any groups without the feature flag by @brrygrdn in #7557
- build(deps): bump REGCTL from 0.4.8 to 0.5.0 by @yeikel in #7505
- Detect interpolation in terragrunt sources and skip if present by @dwc0011 in #7502
- Stub registry request that's not captured by a VCR by @Nishnha in #7306
- Prevent links in PR description that link to redirect.redirect.github.com by @stefangr in #7190
- Use the new base image by @jeffwidman in #7565
- Allow
GitCommitChecker
to check subdependencies too by @deivid-rodriguez in #7464 - Mount
updater/bin
into the docker dev shell by @jeffwidman in #7567 - Match the smoke test invocation of CLI/proxy by @jeffwidman in #7576
- Freeze mutable constants by @jeffwidman in #5966
- fix flaky test that fails when new versions are released by @jakecoffman in #7580
- Support split stderr/stdout when running shell commands by @deivid-rodriguez in #7496
- Only add
"v"
prefix for the helper path by @jeffwidman in #7582 - Turn
composer
version into a metric by @jeffwidman in #7323 - ignore peer dependencies that are in a grouped update group by @jakecoffman in #7561
- Generate PRs on Sundays weekly by @abdulapopoola in #7585
- Upgrade Node.js to active LTS version (18.x) by @christianvuerings in #7348
- Cancel previous jobs in the same branch when repushing by @deivid-rodriguez in #7590
- Don't try to diff if there's nothing to diff by @deivid-rodriguez in #7591
- Make smoke tests cache optional by @deivid-rodriguez in #7592
- Aggressively group prod and dev dependencies for NPM by @abdulapopoola in #7594
- Update docker_registry2 by @NautiluX in #7578
- Revert "Update docker_registry2" by @jurre in #7601
- feat(maven): use
groupId
andartifactId
for the dependency name by @yeikel in #7146 - Rename
python_version
->python_version_file
for clarity by @jeffwidman in #7616 - Group dev-dep PR's for PHP native helpers by @jeffwidman in #7619
- Support for Swift package manager by @deivid-rodriguez in #7525
- v0.222.0 by @dependabot-core-action-automation in #7625
New Contributors
- @christianvuerings made their first contribution in #7348
- @NautiluX made their first contribution in #7578
Full Changelog: v0.221.0...v0.222.0
v0.221.0
What's Changed
- v0.220.0 by @dependabot-core-action-automation in #7428
- Target latest Python versions - 3.11.4, 3.10.12, 3.9.17, 3.8.17, 3.7.17 by @phillipuniverse in #7412
- exclude patterns for grouped updates by @Nishnha in #7402
- Add a newline after the group intro by @Nishnha in #7401
- Use ruby:3.1.4-bullseye by @Nishnha in #7442
- Fix edge case when updating Actions with mixed versions by @deivid-rodriguez in #7410
- [Grouped Updates] Cleaner management of the update dependency list by @brrygrdn in #7414
- [Grouped Updates] The VendorUpdater class watermarks DependencyFile objects it creates by @brrygrdn in #7433
- [Updater] Extract creation of new group Pull Requests into a discrete class by @brrygrdn in #7354
- [Updater] Avoid mis-representing a Dependency Group as a Dependency in error handling by @brrygrdn in #7359
- build(deps): bump Terraform to 1.5.0 by @HorizonNet in #7439
- Remove pnpm experiment flag by @mctofu in #7453
- Roll pub. Use dart 3 for running helpers. by @sigurdm in #7417
- Look in parent directories for nuget.config files by @jmarolf in #7342
- Remove
persistent_gems_after_clean
workaround by @jurre in #7296 - Add
DEPENDABOT
environment variable for users by @shu-mutou in #7407 - Bump debug from 1.7.2 to 1.8.0 in /updater by @dependabot in #7316
- Add workspace experiment to maintain state between updates and capture success/failure of each by @bdragon in #6693
- Add missing final EOL by @deivid-rodriguez in #7456
- Add sanitization to BranchNamer::DependencyGroupStrategy by @TomNaessens in #7452
- Remove duplicated ENV by @deivid-rodriguez in #7455
- Instantiate less dependencies by @deivid-rodriguez in #7459
- Fix actions updates when inconsistent casing is used by @deivid-rodriguez in #7462
- Revert "Pin CodeQL version (#7275)" by @deivid-rodriguez in #7465
- Update Bundler to 2.4.14 by @deivid-rodriguez in #7429
- Configure git with ENV by @deivid-rodriguez in #7467
- Update ecosystem READMEs with recommended setup by @deivid-rodriguez in #7472
- Fix flaky spec by @deivid-rodriguez in #7474
- NPM: fix GitHub registry not working when path is specified by @jakecoffman in #7468
- Remove simplecov by @deivid-rodriguez in #7473
- [Grouped Updates] Avoid passing non-manifest file changes between group updates by @brrygrdn in #7404
- build(deps): bump PNPM from 8.3.1 to 8.6.4 by @yeikel in #7330
- Add support for Directory.Packages.props file as entrypoint by @TobiasLaving in #7086
- Add smoke tests for go, npm and bundler+vendoring by @brrygrdn in #7486
- Use table summary for large groups of dependencies by @bdragon in #7463
- build(deps): bump Terraform from 1.5.0 to 1.5.2 by @yeikel in #7493
- Stop recording the
ecosystem
param by @jeffwidman in #7492 - Only record ecosystem versions when flag set by @jeffwidman in #7516
- Update the
hex.pm/orgs/dependabot
token by @jeffwidman in #7532 - Stop exposing real account tokens in plaintext by @jeffwidman in #7533
- Switch to using the new
record_ecosystem_versions
endpoint. by @jeffwidman in #7517 - Fix CodeQL warning by @deivid-rodriguez in #7531
- Use the new
inputs
API by @jeffwidman in #7550 - v0.221.0 by @dependabot-core-action-automation in #7554
New Contributors
- @jmarolf made their first contribution in #7342
- @shu-mutou made their first contribution in #7407
- @TobiasLaving made their first contribution in #7086
Full Changelog: v0.220.0...v0.221.0
v0.220.0
What's Changed
- Update pip-tools requirement from <=6.12.3,>=6.4.0 to >=6.4.0,<=6.13.0 in /python/helpers by @dependabot in #7034
- Update poetry requirement from <1.4.0,>=1.1.15 to >=1.1.15,<1.6.0 in /python/helpers by @dependabot in #7350
- Ensure updated dependencies are correctly included when building dependency change instance by @bdragon in #7358
- [Grouped Updates] Generate deterministic branch names based on content by @brrygrdn in #7365
- Allow parsing symbols, time and date values in workflow yaml by @jurre in #7400
Full Changelog: v0.219.0...v0.220.0