Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.269.0
What's Changed
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10349
- add directory to existing PR checks, updating tests by @jakecoffman in #10325
- Add Spec Tests for
CreateSecurityUpdatePullRequest
by @kbukum1 in #10344 - Report transitive dependency vulnerability errors for npm, yarn, and pnpm by @kbukum1 in #10282
- don't waste quota on main since branch was up-to-date by @jakecoffman in #10352
- fix "no groups" exception, run more jobs through GroupUpdateAllVersions by @jakecoffman in #10348
- Strict type Dependabot::Updater.Operations::RefreshSecurityUpdatePullRequest by @kbukum1 in #10334
- allow for wildcards in version requirements by @brettfo in #10353
- report no new version if a given package doesn't exist on any feed by @brettfo in #10354
- convert test to not require the network by @brettfo in #10355
- Add Error Handling for YN0082 in YarnErrorHandler by @kbukum1 in #10374
- Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10378
- Fixes logger location for Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10380
- Fixes JSON::ParserError: unexpected token issue by @sachin-sandhu in #10381
- NPM: fix security update for indirect and direct dependencies by @jakecoffman in #10371
Full Changelog: v0.268.0...v0.269.0
v0.268.0
What's Changed
- Adds exception handling for override failure errors by @sachin-sandhu in #10290
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - nested aliases not supported by @sachin-sandhu in #10292
- Small typo by @yeikel in #10295
- add Dependency::directory to the PR payload by @jakecoffman in #10195
- Strict type
Dependabot::Updater.Operations::CreateSecurityUpdatePullRequest
by @kbukum1 in #10302 - Strict type
Dependabot::Terraform::UpdateChecker
by @JamieMagee in #10278 - temporarily sideline
global.json
when adding a transitive package by @brettfo in #10305 - Fixes Dependabot-SharedHelpers-HelperSubprocessFailed by @sachin-sandhu in #10308
- fixing rebases not finding the existing pull request due to directory by @jakecoffman in #10320
- Fix
ArgumentError Malformed version number string
in github actions by @amazimbe in #10314 - retain
msbuild-sdks
property inglobal.json
when adding a transitive dependency by @brettfo in #10331 - Properly reject NuGet newline-only changes. by @brettfo in #10332
- v0.268.0 by @dependabot-core-action-automation in #10335
- Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10322
- Fix ArgumentError Malformed version number in github actions by @amazimbe in #10338
Full Changelog: v0.267.0...v0.268.0
v0.267.0
What's Changed
- Fix NuGet app/web.config assembly binding redirect updates by @rhyskoedijk in #10110
- Fix
ArgumentError
inoriginal_package_update_available?
whenlatest_version
isnil
by @kbukum1 in #10216 - use unique directory for temp nuget packages by @brettfo in #10243
- Adds filter for failed to replace env in config erros by @sachin-sandhu in #10237
- Upgrade Bundler to 2.5.16 and RubyGems to 3.5.16 by @deivid-rodriguez in #10246
- Fix security updates in Bundler subdependencies by @deivid-rodriguez in #10249
- report missing nuget files by @brettfo in #10247
- removing more of dependency_has_directory feature flag by @jakecoffman in #10252
- Use main smoke-tests repo again by @deivid-rodriguez in #10253
- Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-actions group by @dependabot in #10262
- support multi-part requirements by @brettfo in #10255
- Use
go
1.22
in CI by @jeffwidman in #10259 - analyze
global.json
anddotnet-tools.json
by @brettfo in #10269 - Centralize Yarn Error Handling for Yarn Update by @kbukum1 in #10257
- Use repository in project urls as a source by @amazimbe in #10268
- Handle Errors Coded with YN0035 Yarn Error Code by @kbukum1 in #10271
- fix incorrect usage of
add_handled_dependencies
by @jakecoffman in #10270 - Fixes URI::InvalidURIError issue while fetching metadata by @sachin-sandhu in #10256
- Adds relevant information to exception handling by @sachin-sandhu in #10284
- v0.267.0 by @dependabot-core-action-automation in #10283
New Contributors
- @rhyskoedijk made their first contribution in #10110
Full Changelog: v0.266.0...v0.267.0
v0.266.0
What's Changed
- Adds socket hang up error capture by @sachin-sandhu in #10179
- Revert PR #10060: Fix Versioning Strategy for Python Dependencies by @kbukum1 in #10194
- Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #10163
- Adds error handling for registry auth failures by @sachin-sandhu in #10196
- Sorbet for environment by @ryanbrandenburg in #10204
- Bump the dev-dependencies group across 1 directory with 4 updates by @dependabot in #10191
- Bump @npmcli/arborist from 7.5.3 to 7.5.4 in /npm_and_yarn/helpers in the npm-dependencies group by @dependabot in #10208
- Support Go modules with LFS committed files by @danielorbach in #10052
- Treat
-pre
version suffix as prerelease. by @dbrant in #10207 - ensure
Dependency::source::source_url
can be populated from.nuspec
uRL by @brettfo in #10217 - Improve Yarn Helper Error Handling by @kbukum1 in #10177
- fix PR matching code for both directory and no directory cases by @jakecoffman in #10224
- Handles GitHub package authentication errors by @sachin-sandhu in #10223
- handle 404 from nuget sources by @brettfo in #10225
- Bump the all-actions group with 4 updates by @dependabot in #10211
- Prevent
remove_lockfile_packages_name_attribute
from being called withnil
by @JamieMagee in #10158 - revert changes to DependencyGroupChangeBatch by @jakecoffman in #10228
- surface authentication errors from native tool by @brettfo in #10197
- ensure every project is compatible with the
Any,Version=v0.0
framework by @brettfo in #10230 - Add support for versioning with tags for npm other then latest. by @kbukum1 in #10231
- trim whitespace from package names by @brettfo in #10232
- write dependency info JSON to log by @brettfo in #10235
- Fix malformed version number error for terraform and github actions by @amazimbe in #10222
- remove glob experiment since glob support is released by @jakecoffman in #10239
- v0.266.0 by @dependabot-core-action-automation in #10236
New Contributors
- @danielorbach made their first contribution in #10052
- @dbrant made their first contribution in #10207
- @amazimbe made their first contribution in #10222
Full Changelog: v0.265.0...v0.266.0
v0.265.0
What's Changed
- Adds exception to handle nil buildfile issue by @sachin-sandhu in #10061
- Bump the all-actions group across 1 directory with 5 updates by @dependabot in #10165
- Enable
Sorbet/StrictSigil
indevcontainers
by @JamieMagee in #10157 - Remove redundant call from
mixfile
by @JamieMagee in #10172 - Strict type
github_actions
by @JamieMagee in #10156 - Fix "Passed
nil
into T.must" error by @JamieMagee in #10159 - Improve Error Handling for JSON Parse Failures in Helper Subprocess by @kbukum1 in #10171
- Combining dependabot core version constraint (latest_allowable_version) with existing composer version constraint by @thavaahariharangit in #10150
- Bump golang.org/x/mod from 0.18.0 to 0.19.0 in /go_modules/helpers by @dependabot in #10164
- Bump library/golang from 1.22.4-bookworm to 1.22.5-bookworm in /go_modules by @dependabot in #10166
- Make
HelperSubprocessFailed
error class configurable in run_helper_subprocess by @kbukum1 in #10173 - Ignores timeout in .npmrc file while job update in npm_and_yarn by @sachin-sandhu in #10174
- Revert "Combining dependabot core version constraint (latest_allowable_version) with existing composer version constraint" by @thavaahariharangit in #10184
- Solution provided for ignore minor version config is not respected. by @thavaahariharangit in #10188
- v0.265.0 by @dependabot-core-action-automation in #10189
Full Changelog: v0.264.0...v0.265.0
v0.264.0
v0.264.0 (#10143) Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.264.0 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v0.263.0
What's Changed
- Bump flake8 from 7.0.0 to 7.1.0 in /python/helpers in the common group by @dependabot in #10016
- DependencyGroupChangeBatch tracks updated dependencies per file by @Nishnha in #9988
- [Fix] multi-directory grouped updates sometimes create ungrouped PRs by @Nishnha in #9938
- Disabling the RSpec IndexedLet Rubocop rule due to its negligible benefit by @GarryHurleyJr in #10056
- Bump @npmcli/arborist from 7.5.1 to 7.5.3 in /npm_and_yarn/helpers in the npm-dependencies group across 1 directory by @dependabot in #9881
- Enabling RSpec/BeforeAfterAll Rubocop rule by @GarryHurleyJr in #10043
- Enabling RSpec MultipleDescribes and renaming errors_spec.rb file by @GarryHurleyJr in #10045
- Strict type
Dependabot::Bundler::PathGemSpecFinder
by @raj-meka in #10027 - Strict type
Dependabot::Hex::FileFetcher
by @raj-meka in #9990 - Address Sorbet error by @abdulapopoola in #9973
- Remove bad newlines from EBADENGINE message by @sirreal in #10049
- Upgrade Bundler to 2.5.14 and RubyGems to 3.5.14 by @deivid-rodriguez in #9993
- Make it easier to upgrade Bundler & RubyGems in sync by @deivid-rodriguez in #9979
- fix(cargo): preserve version range using Less Than Equal by @caspermeijn in #9956
- Revert "Make it easier to upgrade Bundler & RubyGems in sync " by @kbukum1 in #10069
- Upgrade httparty to 0.22.0 by @deivid-rodriguez in #9906
- Added private repo access error catch and missing repo error capture by @sachin-sandhu in #10047
- Add
HARDBREAKS
to commonmarker config by @blue2cat in #6358 - Make it easier to upgrade Bundler & RubyGems in sync (take 2) by @deivid-rodriguez in #10072
- Bump sorbet-runtime from 0.5.11415 to 0.5.11444 in /updater in the sorbet group across 1 directory by @dependabot in #10064
- Bump default PNPM to 9.4.0 by @deivid-rodriguez in #10073
- Update bundler module to ruby 3.3.3 by @DuncSmith in #10038
- [NuGet] update version_finder_spec.rb by @eltociear in #9769
- Simplify docker regex by @deivid-rodriguez in #8286
- Give better error when security update not possible due to "lockfile_only" strategy by @deivid-rodriguez in #9923
- Strict type
Dependabot::Gradle::SettingsFileParser
by @raj-meka in #10079 - Revert "Passing the latest allowable version as package constraints" by @thavaahariharangit in #10097
New Contributors
- @sirreal made their first contribution in #10049
- @kbukum1 made their first contribution in #10069
- @eltociear made their first contribution in #9769
Full Changelog: v0.262.0...v0.263.0
v0.262.0
What's Changed
- Strict type
Dependabot::Bundler::GemspecFinder
by @raj-meka in #10004 - chore(python): target latest python versions 3.12.4 by @sileht in #10030
- Strict type
Dependabot::Bundler::RequireRelativeFinder
by @raj-meka in #10028 - Strict type
Dependabot::Bundler::FilePreparer
by @raj-meka in #10029 - Include
directory
when serializing dependencies by @landongrindheim in #10002 - Bump plette from 2.0.2 to 2.1.0 in /python/helpers by @dependabot in #9948
- Strict type
Dependabot::Bundler::ChildGemFileFinder
by @raj-meka in #10026 - Re-enabled NamedSubject RSpec rule which was accidentlaly overwritten by @GarryHurleyJr in #10041
- Fix Go modules prerelease by @stefanvanburen in #10022
New Contributors
- @stefanvanburen made their first contribution in #10022
Full Changelog: v0.261.1...v0.262.0
v0.261.1
What's Changed
- Enabling ScatteredSetup Rubocop rule by @GarryHurleyJr in #9980
- Enabling RSpec HooksBefore rubocop rule by @GarryHurleyJr in #9974
- Strict type
Dependabot::Hex::MixFileSanitizer
by @raj-meka in #9984 - Strict type
Dependabot::Hex::CredentialHelpers
by @raj-meka in #9989 - Strict type
Dependabot::Hex::FileParser
by @raj-meka in #9992 - Bump library/golang from 1.22.3-bookworm to 1.22.4-bookworm in /go_modules by @dependabot in #9942
- Strict type
Dependabot::Maven::AuthHeadersFinder
by @raj-meka in #10000 - Strict type
Dependabot::Terraform::Requirement
by @raj-meka in #10001 - Passing the latest allowable version as package constraints by @thavaahariharangit in #10018
- Fix Docker Requirement initializer type by @landongrindheim in #10021
- v0.261.1 by @dependabot-core-action-automation in #10023
Full Changelog: v0.261.0...v0.261.1
v0.261.0
What's Changed
- Strict type
Dependabot::Hex::MetaDataFinder
by @raj-meka in #9913 - Enabled Rubocop rule for the MetadataStyle test by @GarryHurleyJr in #9921
- Garry hurley jr/address rspec expect actual rubocop violations by @GarryHurleyJr in #9927
- Bump the all-actions group across 1 directory with 5 updates by @dependabot in #9930
- Fix comment indentation by @deivid-rodriguez in #9931
- Ignore 422 Validation Failed responses when adding assignees to a PR by @Nishnha in #9860
- don't fail when a dependency doesn't have a previous version by @jakecoffman in #9924
- Strict type
Dependabot::GoModules::MetaDataFinder
by @raj-meka in #9919 - Strict type
Dependabot::Maven::MetadataFinder
by @raj-meka in #9928 - Strict type
Dependabot::Pub::MetaDataFinder
by @raj-meka in #9933 - Strict type
Dependabot::Terraform::MetaDataFinder
by @raj-meka in #9936 - True type
Dependabot::Bundler::FileUpdater::GitSourceRemover
by @JamieMagee in #9912 - True type
pub
by @JamieMagee in #9917 - Strict type
Dependabot::Bundler::FileParser::GemspecDeclarationFinder
by @JamieMagee in #9911 - True type
Dependabot::Bundler::UpdateChecker::SharedBundlerHelpers
by @JamieMagee in #9914 - Strict type
Dependabot::Bundler::FileParser::GemfileDeclarationFinder
by @JamieMagee in #9907 - enabled RSpec Not To Not rubocop. by @GarryHurleyJr in #9926
- Strict type
Dependabot::Swift::MetaDataFinder
by @raj-meka in #9934 - Enforce
true
sigil inbundler
by @JamieMagee in #9915 - enable receive messages by @GarryHurleyJr in #9935
- Fix code coverage merging by @deivid-rodriguez in #9922
- add Sorbet types to group update creation by @jakecoffman in #9937
- True type
maven
by @JamieMagee in #9953 - True type
gradle
by @JamieMagee in #9952 - True type
terraform
by @JamieMagee in #9951 - True type
hex
by @JamieMagee in #9950 - Enabling RSpec/ScatteredLet Rubocop by @GarryHurleyJr in #9957
- Enable RSpec/ImplicitSubject by @robaiken in #9814
- True type
updater
by @JamieMagee in #9929 - True type
python
by @JamieMagee in #9954 - Enable RSpec/MatchArray by @robaiken in #9820
- Enabling SharedExamples Rubocop rule by @GarryHurleyJr in #9970
- Strict type
Dependabot::Silent::FileFetcher
by @raj-meka in #9964 - Strict type
Dependabot::Pub::FileParser
by @raj-meka in #9969 - Strict type
Dependabot::Pub::FileUpdater
by @raj-meka in #9968 - Strict type
Dependabot::python::NameNormaliser
by @raj-meka in #9966 - Strict type
Dependabot::Python::NativeHelpers
by @raj-meka in #9965 - Strict type
Dependabot::Silent::FileParser
by @raj-meka in #9971 - Strict type
Dependabot::Silent::FileUpdater
by @raj-meka in #9972 - Changes made for dependabot to respect ignoring minor patch updates. by @thavaahariharangit in #9967
- Strict type
Dependabot::Maven::FileFetcher
by @raj-meka in #9975 - Strict type
Dependabot::Hex::FileUpdater::NativeHelpers
by @raj-meka in #9976 - Strict type
Dependabot::Hex::MixFileGitPinUpdater
by @raj-meka in #9983 - Add
#directory
to Dependabot::Dependency by @landongrindheim in #9982 - Revert " Changes made for dependabot to respect ignoring minor patch updates." by @jurre in #9991
- Enabling PredicateMatcher Rubocop rule on RSpec. by @GarryHurleyJr in #9960
- enabled RSpec VerifiedDoubeReference rule by @GarryHurleyJr in #9981
- v0.261.0 by @dependabot-core-action-automation in #9985
Full Changelog: v0.260.0...v0.261.0