v0.269.0

What's Changed

• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10349
• add directory to existing PR checks, updating tests by @jakecoffman in #10325
• Add Spec Tests for CreateSecurityUpdatePullRequest by @kbukum1 in #10344
• Report transitive dependency vulnerability errors for npm, yarn, and pnpm by @kbukum1 in #10282
• don't waste quota on main since branch was up-to-date by @jakecoffman in #10352
• fix "no groups" exception, run more jobs through GroupUpdateAllVersions by @jakecoffman in #10348
• Strict type Dependabot::Updater.Operations::RefreshSecurityUpdatePullRequest by @kbukum1 in #10334
• allow for wildcards in version requirements by @brettfo in #10353
• report no new version if a given package doesn't exist on any feed by @brettfo in #10354
• convert test to not require the network by @brettfo in #10355
• Add Error Handling for YN0082 in YarnErrorHandler by @kbukum1 in #10374
• Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10378
• Fixes logger location for Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10380
• Fixes JSON::ParserError: unexpected token issue by @sachin-sandhu in #10381
• NPM: fix security update for indirect and direct dependencies by @jakecoffman in #10371

Full Changelog: v0.268.0...v0.269.0

v0.268.0

What's Changed

• Adds exception handling for override failure errors by @sachin-sandhu in #10290
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - nested aliases not supported by @sachin-sandhu in #10292
• Small typo by @yeikel in #10295
• add Dependency::directory to the PR payload by @jakecoffman in #10195
• Strict type Dependabot::Updater.Operations::CreateSecurityUpdatePullRequest by @kbukum1 in #10302
• Strict type Dependabot::Terraform::UpdateChecker by @JamieMagee in #10278
• temporarily sideline global.json when adding a transitive package by @brettfo in #10305
• Fixes Dependabot-SharedHelpers-HelperSubprocessFailed by @sachin-sandhu in #10308
• fixing rebases not finding the existing pull request due to directory by @jakecoffman in #10320
• Fix ArgumentError Malformed version number string in github actions by @amazimbe in #10314
• retain msbuild-sdks property in global.json when adding a transitive dependency by @brettfo in #10331
• Properly reject NuGet newline-only changes. by @brettfo in #10332
• v0.268.0 by @dependabot-core-action-automation in #10335
• Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10322
• Fix ArgumentError Malformed version number in github actions by @amazimbe in #10338

Full Changelog: v0.267.0...v0.268.0

v0.267.0

What's Changed

• Fix NuGet app/web.config assembly binding redirect updates by @rhyskoedijk in #10110
• Fix ArgumentError in original_package_update_available? when latest_version is nil by @kbukum1 in #10216
• use unique directory for temp nuget packages by @brettfo in #10243
• Adds filter for failed to replace env in config erros by @sachin-sandhu in #10237
• Upgrade Bundler to 2.5.16 and RubyGems to 3.5.16 by @deivid-rodriguez in #10246
• Fix security updates in Bundler subdependencies by @deivid-rodriguez in #10249
• report missing nuget files by @brettfo in #10247
• removing more of dependency_has_directory feature flag by @jakecoffman in #10252
• Use main smoke-tests repo again by @deivid-rodriguez in #10253
• Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-actions group by @dependabot in #10262
• support multi-part requirements by @brettfo in #10255
• Use go 1.22 in CI by @jeffwidman in #10259
• analyze global.json and dotnet-tools.json by @brettfo in #10269
• Centralize Yarn Error Handling for Yarn Update by @kbukum1 in #10257
• Use repository in project urls as a source by @amazimbe in #10268
• Handle Errors Coded with YN0035 Yarn Error Code by @kbukum1 in #10271
• fix incorrect usage of add_handled_dependencies by @jakecoffman in #10270
• Fixes URI::InvalidURIError issue while fetching metadata by @sachin-sandhu in #10256
• Adds relevant information to exception handling by @sachin-sandhu in #10284
• v0.267.0 by @dependabot-core-action-automation in #10283

New Contributors

• @rhyskoedijk made their first contribution in #10110

Full Changelog: v0.266.0...v0.267.0

v0.266.0

What's Changed

• Adds socket hang up error capture by @sachin-sandhu in #10179
• Revert PR #10060: Fix Versioning Strategy for Python Dependencies by @kbukum1 in #10194
• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #10163
• Adds error handling for registry auth failures by @sachin-sandhu in #10196
• Sorbet for environment by @ryanbrandenburg in #10204
• Bump the dev-dependencies group across 1 directory with 4 updates by @dependabot in #10191
• Bump @npmcli/arborist from 7.5.3 to 7.5.4 in /npm_and_yarn/helpers in the npm-dependencies group by @dependabot in #10208
• Support Go modules with LFS committed files by @danielorbach in #10052
• Treat -pre version suffix as prerelease. by @dbrant in #10207
• ensure Dependency::source::source_url can be populated from .nuspec uRL by @brettfo in #10217
• Improve Yarn Helper Error Handling by @kbukum1 in #10177
• fix PR matching code for both directory and no directory cases by @jakecoffman in #10224
• Handles GitHub package authentication errors by @sachin-sandhu in #10223
• handle 404 from nuget sources by @brettfo in #10225
• Bump the all-actions group with 4 updates by @dependabot in #10211
• Prevent remove_lockfile_packages_name_attribute from being called with nil by @JamieMagee in #10158
• revert changes to DependencyGroupChangeBatch by @jakecoffman in #10228
• surface authentication errors from native tool by @brettfo in #10197
• ensure every project is compatible with the Any,Version=v0.0 framework by @brettfo in #10230
• Add support for versioning with tags for npm other then latest. by @kbukum1 in #10231
• trim whitespace from package names by @brettfo in #10232
• write dependency info JSON to log by @brettfo in #10235
• Fix malformed version number error for terraform and github actions by @amazimbe in #10222
• remove glob experiment since glob support is released by @jakecoffman in #10239
• v0.266.0 by @dependabot-core-action-automation in #10236

New Contributors

• @danielorbach made their first contribution in #10052
• @dbrant made their first contribution in #10207
• @amazimbe made their first contribution in #10222

Full Changelog: v0.265.0...v0.266.0

v0.265.0

What's Changed

• Adds exception to handle nil buildfile issue by @sachin-sandhu in #10061
• Bump the all-actions group across 1 directory with 5 updates by @dependabot in #10165
• Enable Sorbet/StrictSigil in devcontainers by @JamieMagee in #10157
• Remove redundant call from mixfile by @JamieMagee in #10172
• Strict type github_actions by @JamieMagee in #10156
• Fix "Passed nil into T.must" error by @JamieMagee in #10159
• Improve Error Handling for JSON Parse Failures in Helper Subprocess by @kbukum1 in #10171
• Combining dependabot core version constraint (latest_allowable_version) with existing composer version constraint by @thavaahariharangit in #10150
• Bump golang.org/x/mod from 0.18.0 to 0.19.0 in /go_modules/helpers by @dependabot in #10164
• Bump library/golang from 1.22.4-bookworm to 1.22.5-bookworm in /go_modules by @dependabot in #10166
• Make HelperSubprocessFailed error class configurable in run_helper_subprocess by @kbukum1 in #10173
• Ignores timeout in .npmrc file while job update in npm_and_yarn by @sachin-sandhu in #10174
• Revert "Combining dependabot core version constraint (latest_allowable_version) with existing composer version constraint" by @thavaahariharangit in #10184
• Solution provided for ignore minor version config is not respected. by @thavaahariharangit in #10188
• v0.265.0 by @dependabot-core-action-automation in #10189

Full Changelog: v0.264.0...v0.265.0

v0.264.0

v0.264.0 (#10143)

Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

v0.263.0

What's Changed

• Bump flake8 from 7.0.0 to 7.1.0 in /python/helpers in the common group by @dependabot in #10016
• DependencyGroupChangeBatch tracks updated dependencies per file by @Nishnha in #9988
• [Fix] multi-directory grouped updates sometimes create ungrouped PRs by @Nishnha in #9938
• Disabling the RSpec IndexedLet Rubocop rule due to its negligible benefit by @GarryHurleyJr in #10056
• Bump @npmcli/arborist from 7.5.1 to 7.5.3 in /npm_and_yarn/helpers in the npm-dependencies group across 1 directory by @dependabot in #9881
• Enabling RSpec/BeforeAfterAll Rubocop rule by @GarryHurleyJr in #10043
• Enabling RSpec MultipleDescribes and renaming errors_spec.rb file by @GarryHurleyJr in #10045
• Strict type Dependabot::Bundler::PathGemSpecFinder by @raj-meka in #10027
• Strict type Dependabot::Hex::FileFetcher by @raj-meka in #9990
• Address Sorbet error by @abdulapopoola in #9973
• Remove bad newlines from EBADENGINE message by @sirreal in #10049
• Upgrade Bundler to 2.5.14 and RubyGems to 3.5.14 by @deivid-rodriguez in #9993
• Make it easier to upgrade Bundler & RubyGems in sync by @deivid-rodriguez in #9979
• fix(cargo): preserve version range using Less Than Equal by @caspermeijn in #9956
• Revert "Make it easier to upgrade Bundler & RubyGems in sync " by @kbukum1 in #10069
• Upgrade httparty to 0.22.0 by @deivid-rodriguez in #9906
• Added private repo access error catch and missing repo error capture by @sachin-sandhu in #10047
• Add HARDBREAKS to commonmarker config by @blue2cat in #6358
• Make it easier to upgrade Bundler & RubyGems in sync (take 2) by @deivid-rodriguez in #10072
• Bump sorbet-runtime from 0.5.11415 to 0.5.11444 in /updater in the sorbet group across 1 directory by @dependabot in #10064
• Bump default PNPM to 9.4.0 by @deivid-rodriguez in #10073
• Update bundler module to ruby 3.3.3 by @DuncSmith in #10038
• [NuGet] update version_finder_spec.rb by @eltociear in #9769
• Simplify docker regex by @deivid-rodriguez in #8286
• Give better error when security update not possible due to "lockfile_only" strategy by @deivid-rodriguez in #9923
• Strict type Dependabot::Gradle::SettingsFileParser by @raj-meka in #10079
• Revert "Passing the latest allowable version as package constraints" by @thavaahariharangit in #10097

New Contributors

• @sirreal made their first contribution in #10049
• @kbukum1 made their first contribution in #10069
• @eltociear made their first contribution in #9769

Full Changelog: v0.262.0...v0.263.0

v0.262.0

What's Changed

• Strict type Dependabot::Bundler::GemspecFinder by @raj-meka in #10004
• chore(python): target latest python versions 3.12.4 by @sileht in #10030
• Strict type Dependabot::Bundler::RequireRelativeFinder by @raj-meka in #10028
• Strict type Dependabot::Bundler::FilePreparer by @raj-meka in #10029
• Include directory when serializing dependencies by @landongrindheim in #10002
• Bump plette from 2.0.2 to 2.1.0 in /python/helpers by @dependabot in #9948
• Strict type Dependabot::Bundler::ChildGemFileFinder by @raj-meka in #10026
• Re-enabled NamedSubject RSpec rule which was accidentlaly overwritten by @GarryHurleyJr in #10041
• Fix Go modules prerelease by @stefanvanburen in #10022

New Contributors

• @stefanvanburen made their first contribution in #10022

Full Changelog: v0.261.1...v0.262.0

v0.261.1

What's Changed

• Enabling ScatteredSetup Rubocop rule by @GarryHurleyJr in #9980
• Enabling RSpec HooksBefore rubocop rule by @GarryHurleyJr in #9974
• Strict type Dependabot::Hex::MixFileSanitizer by @raj-meka in #9984
• Strict type Dependabot::Hex::CredentialHelpers by @raj-meka in #9989
• Strict type Dependabot::Hex::FileParser by @raj-meka in #9992
• Bump library/golang from 1.22.3-bookworm to 1.22.4-bookworm in /go_modules by @dependabot in #9942
• Strict type Dependabot::Maven::AuthHeadersFinder by @raj-meka in #10000
• Strict type Dependabot::Terraform::Requirement by @raj-meka in #10001
• Passing the latest allowable version as package constraints by @thavaahariharangit in #10018
• Fix Docker Requirement initializer type by @landongrindheim in #10021
• v0.261.1 by @dependabot-core-action-automation in #10023

Full Changelog: v0.261.0...v0.261.1

v0.261.0

What's Changed

• Strict type Dependabot::Hex::MetaDataFinder by @raj-meka in #9913
• Enabled Rubocop rule for the MetadataStyle test by @GarryHurleyJr in #9921
• Garry hurley jr/address rspec expect actual rubocop violations by @GarryHurleyJr in #9927
• Bump the all-actions group across 1 directory with 5 updates by @dependabot in #9930
• Fix comment indentation by @deivid-rodriguez in #9931
• Ignore 422 Validation Failed responses when adding assignees to a PR by @Nishnha in #9860
• don't fail when a dependency doesn't have a previous version by @jakecoffman in #9924
• Strict type Dependabot::GoModules::MetaDataFinder by @raj-meka in #9919
• Strict type Dependabot::Maven::MetadataFinder by @raj-meka in #9928
• Strict type Dependabot::Pub::MetaDataFinder by @raj-meka in #9933
• Strict type Dependabot::Terraform::MetaDataFinder by @raj-meka in #9936
• True type Dependabot::Bundler::FileUpdater::GitSourceRemover by @JamieMagee in #9912
• True type pub by @JamieMagee in #9917
• Strict type Dependabot::Bundler::FileParser::GemspecDeclarationFinder by @JamieMagee in #9911
• True type Dependabot::Bundler::UpdateChecker::SharedBundlerHelpers by @JamieMagee in #9914
• Strict type Dependabot::Bundler::FileParser::GemfileDeclarationFinder by @JamieMagee in #9907
• enabled RSpec Not To Not rubocop. by @GarryHurleyJr in #9926
• Strict type Dependabot::Swift::MetaDataFinder by @raj-meka in #9934
• Enforce true sigil in bundler by @JamieMagee in #9915
• enable receive messages by @GarryHurleyJr in #9935
• Fix code coverage merging by @deivid-rodriguez in #9922
• add Sorbet types to group update creation by @jakecoffman in #9937
• True type maven by @JamieMagee in #9953
• True type gradle by @JamieMagee in #9952
• True type terraform by @JamieMagee in #9951
• True type hex by @JamieMagee in #9950
• Enabling RSpec/ScatteredLet Rubocop by @GarryHurleyJr in #9957
• Enable RSpec/ImplicitSubject by @robaiken in #9814
• True type updater by @JamieMagee in #9929
• True type python by @JamieMagee in #9954
• Enable RSpec/MatchArray by @robaiken in #9820
• Enabling SharedExamples Rubocop rule by @GarryHurleyJr in #9970
• Strict type Dependabot::Silent::FileFetcher by @raj-meka in #9964
• Strict type Dependabot::Pub::FileParser by @raj-meka in #9969
• Strict type Dependabot::Pub::FileUpdater by @raj-meka in #9968
• Strict type Dependabot::python::NameNormaliser by @raj-meka in #9966
• Strict type Dependabot::Python::NativeHelpers by @raj-meka in #9965
• Strict type Dependabot::Silent::FileParser by @raj-meka in #9971
• Strict type Dependabot::Silent::FileUpdater by @raj-meka in #9972
• Changes made for dependabot to respect ignoring minor patch updates. by @thavaahariharangit in #9967
• Strict type Dependabot::Maven::FileFetcher by @raj-meka in #9975
• Strict type Dependabot::Hex::FileUpdater::NativeHelpers by @raj-meka in #9976
• Strict type Dependabot::Hex::MixFileGitPinUpdater by @raj-meka in #9983
• Add #directory to Dependabot::Dependency by @landongrindheim in #9982
• Revert " Changes made for dependabot to respect ignoring minor patch updates." by @jurre in #9991
• Enabling PredicateMatcher Rubocop rule on RSpec. by @GarryHurleyJr in #9960
• enabled RSpec VerifiedDoubeReference rule by @GarryHurleyJr in #9981
• v0.261.0 by @dependabot-core-action-automation in #9985

Full Changelog: v0.260.0...v0.261.0