Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.234.0
What's Changed
- build(deps): bump PNpm from 8.7.6 to 8.8.0 by @yeikel in #8101
- fix refreshing a grouped PR causes dependency duplication by @jakecoffman in #8150
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #8157
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #8158
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #8155
- Bump cython from 3.0.2 to 3.0.3 in /python/helpers by @dependabot in #8153
- Suppress for
Layout/MultilineMethodCallIndentationoffense by @ydah in #8134 - Bump the dev-dependencies group in /updater with 1 update by @dependabot in #8163
- Bump the aws-sdk group in /updater with 2 updates by @dependabot in #8109
- Remove the leading v from Docker versions by @Nishnha in #8165
- grouped security updates by @jakecoffman in #8128
- Small
dry-run.rbimprovement to also handle file fetching errors by @deivid-rodriguez in #8173 - include more info in grouped security update group name by @jakecoffman in #8178
- build(deps): bump Terraform from 1.5.6 to 1.6.1 by @yeikel in #7985
- Ignore file dependencies when parsing requirement files by @deivid-rodriguez in #8170
- v0.234.0 by @dependabot-core-action-automation in #8180
Full Changelog: v0.233.0...v0.234.0
Contributors
jakecoffman, deivid-rodriguez, and 4 other contributors
Assets 2
v0.233.0
What's Changed
- Bump the dev-dependencies group in /updater with 2 updates by @dependabot in #8009
- Bump friendsofphp/php-cs-fixer from 3.23.0 to 3.26.1 in /composer/helpers/v2 by @dependabot in #7996
- Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #7999
- Bump phpstan/phpstan from 1.10.30 to 1.10.34 in /composer/helpers/v2 by @dependabot in #8035
- Add sig to dependency injection containers by @JamieMagee in #8032
- Add types to clients by @JamieMagee in #8038
- fix: call 'split' on string-type object, not on version-type object by @fredrikaverpil in #8037
- Bump RUBY_VERSIONS to include 3.1.4 and 3.2.2 by @kjeldahl in #8041
- Bump phpstan/phpstan from 1.10.32 to 1.10.34 in /composer/helpers/v1 by @dependabot in #8036
- Upload spoom coverage report data by @JamieMagee in #8046
- Generate and upload spoom coverage report on main by @JamieMagee in #8047
- fix go1.21 not a toolchain by @jakecoffman in #8044
- build(deps): bump go from 1.21.0 to 1.21.1 by @yeikel in #7986
- Update Sorbet from
0.5.11011to0.5.11026by @JamieMagee in #8064 - raise if the reference already exists by @jakecoffman in #8043
- 💅 Use defaults instead of comments for documentation by @landongrindheim in #8069
- Bump actions/checkout from 3 to 4 by @dependabot in #7997
- Track unknown errors by @Nishnha in #7534
- Bump pipenv from 2022.4.8 to 2023.8.28 in /python/helpers by @dependabot in #7922
- Removed logging of commands from Subprocess failure by @honeyankit in #8082
- Use new blessed method for installing NodeJS by @deivid-rodriguez in #8093
- Respect style of each action when mixed styles are used by @deivid-rodriguez in #8068
- fix comment typo by @mburumaxwell in #8076
- Fix Swift 5.9 package manifest analyze error by @soumyamahunt in #8073
- Dockerfile - Add infrequently layers earlier by @tvalenta in #8031
- Fix warnings when running tests in common by @deivid-rodriguez in #8100
- Fix some github actions version comments not getting updated by @deivid-rodriguez in #8098
- build(deps): bump PNpm from 8.6.12 to 8.7.6 by @yeikel in #7899
- Add
sigs forutilsby @JamieMagee in #8096 - Properly infer
.npmrcfor PNPM by @deivid-rodriguez in #8094 - Fix CI by @deivid-rodriguez in #8105
- Improve running specs by @deivid-rodriguez in #8092
- Remove another git warning during specs by @deivid-rodriguez in #8113
- fix dependency duplication across multiple groups by @jakecoffman in #8106
- fix semver segments errors due to invalid Versions by @jakecoffman in #8124
- Add sigs for some
version.rbby @JamieMagee in #8049 - Remove grouped updates feature flags by @jurre in #8123
- Raise unsupported Python version error as an expected error by @deivid-rodriguez in #8104
- Fix a typo by @ydah in #8133
- Fix some flaky test failures by @deivid-rodriguez in #8140
- Catch up test lockfile with parser 3.2.2.4 release by @deivid-rodriguez in #8142
- Parallelize tests on all ecosystems, except for Pub by @deivid-rodriguez in #8139
- fix completely ignored dependencies querying for updates by @jakecoffman in #8143
- Added record update job error api back to capture unknown errors by @honeyankit in #8144
- v0.233.0 by @dependabot-core-action-automation in #8034
New Contributors
- @fredrikaverpil made their first contribution in #8037
- @kjeldahl made their first contribution in #8041
- @soumyamahunt made their first contribution in #8073
- @ydah made their first contribution in #8133
Full Changelog: v0.232.0...v0.233.0
Contributors
kjeldahl, jurre, and 13 other contributors
Assets 2
v0.232.0
What's Changed
- Autobump to
typed: trueusingspoomby @JamieMagee in #8021 - fix helpful error message to have PR number by @jakecoffman in #8024
- Actions: skip unsupported uses strings by @jakecoffman in #8026
- fix docker-dev-shell on ARM by @jakecoffman in #8029
- Add back the Docker::Version.correct? method by @Nishnha in #8030
Full Changelog: v0.231.0...v0.232.0
Contributors
jakecoffman, JamieMagee, and Nishnha
Assets 2
v0.231.0
What's Changed
- Ensure Docker versions are valid Dependabot::Versions by @Nishnha in #7984
- Use
rstripto trim trailing newlines by @JamieMagee in #7991 - Set
Layout/DotPositiontoleadingby @JamieMagee in #7789 - Add
.git-blame-ignore-revs-fileand ignore style change by @JamieMagee in #7992 - Bump the dev-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in #8000
- Add sorbet dependencies by @JamieMagee in #8007
- Update semver by @jurre in #8005
- Make sorbet and tapioca optional by @JamieMagee in #8014
- Initialize sorbet by @JamieMagee in #8012
- Add
typed: falsesigil by @JamieMagee in #8015 - Add
rubocop-sorbetby @JamieMagee in #8016 - Add sorbet workflow by @JamieMagee in #8017
- raise exceptions when PR creation fails by @jakecoffman in #8013
- Add Sorbet VSCode extension by @JamieMagee in #8018
- v0.231.0 by @dependabot-core-action-automation in #8019
Full Changelog: v0.230.0...v0.231.0
Contributors
jurre, jakecoffman, and 3 other contributors
Assets 2
v0.230.0
What's Changed
- Bump the aws-sdk group in /updater with 1 update by @dependabot in #7852
- Use
python3/pip3so we don't have to havepython/pipsymlinks by @jeffwidman in #7927 - Bump cython from 3.0.0 to 3.0.2 in /python/helpers by @dependabot in #7905
- Use pre-compiled Python from official Docker image by @jeffwidman in #7934
- build(deps): bump Yarn to 3.6.3 by @yeikel in #7908
- build(deps): bump npm from 9.5.1 to 9.6.5 by @yeikel in #7811
- Bump excon from 0.100.0 to 0.102.0 in /updater by @dependabot in #7904
- Move copying the other pythons to the end of the Dockerfile by @jeffwidman in #7941
- Python helper removes bytecode files by @tvalenta in #7944
- Stop installing apt packages for compiling Python by @jeffwidman in #7943
- Make building the default python concurrent rather than sequential by @jeffwidman in #7949
- Bump RUBY_VERSIONS to include 3.0.6 by @jade-aronson in #7948
- Replace
gzipwithzstdfor speed + size benefits by @jeffwidman in #7950 - Gradle: fix comparison of the prefix version range by @jakecoffman in #7975
- Bump tibdex/github-app-token from 1.8.0 to 1.8.2 by @dependabot in #7957
- go: fix ambiguous import when using a module without a dot by @vincentbernat in #7979
- Maven: fix classifier being part of the dependency name by @jakecoffman in #7980
- v0.230.0 by @dependabot-core-action-automation in #7982
New Contributors
- @jade-aronson made their first contribution in #7948
- @vincentbernat made their first contribution in #7979
Full Changelog: v0.229.0...v0.230.0
Contributors
jeffwidman, vincentbernat, and 5 other contributors
Assets 2
v0.229.0
What's Changed
- Target latest Python versions - 3.11.5, 3.10.13, 3.9.18, 3.8.18 by @phillipuniverse in #7914
- Bump phpstan/phpstan from 1.10.30 to 1.10.32 in /composer/helpers/v1 by @dependabot in #7901
- build(deps): bump terraform from 1.5.5 to 1.5.6 by @yeikel in #7892
- fix: duplicate response body before mutating it by @yeikel in #7926
- v0.229.0 by @dependabot-core-action-automation in #7929
Full Changelog: v0.228.0...v0.229.0
Contributors
phillipuniverse, yeikel, and dependabot
Assets 2
v0.228.0
What's Changed
- Bump rubocop from 1.50.2 to 1.56.0 in /updater by @dependabot in #7788
- Revert "Don't depend on flake8 at runtime (#6830)" by @jeffwidman in #7836
- When trying to parse exact package.json versions, ignore parse errors by @deivid-rodriguez in #7844
- Bump pip from 23.2.0 to 23.2.1 in /python/helpers by @dependabot in #7847
- Bump pip-tools from 7.2.0 to 7.3.0 in /python/helpers by @dependabot in #7845
- Bump flake8 from 5.0.4 to 6.1.0 in /python/helpers by @dependabot in #7846
- Add support for Poetry 1.5 lockfiles by @deivid-rodriguez in #7834
- Simplify development images by @deivid-rodriguez in #7843
- Fix Python runtime errors when instrumenting versions by @deivid-rodriguez in #7858
- fix ungrouped PRs being created due to errors during grouped update by @jakecoffman in #7829
- Regenerate some lockfiles with Poetry 1.5 by @deivid-rodriguez in #7862
- Fix encoding option value for gitlab commit creation by @andrcuns in #7850
- Fix Python version switched from exact to tilde version by @deivid-rodriguez in #6702
- Pub smallest update by @sigurdm in #7446
- Bump underlying
ubuntuto22.04LTS by @jeffwidman in #5030 - Update poetry version to 1.6.1 by @noorul in #7866
- Add
yamllintto linters by @jeffwidman in #7818 - Bump the dev-dependencies group in /composer/helpers/v2 with 1 update by @dependabot in #7870
- python: Handle explicit PyPI source in pyproject.toml by @torarvid in #7499
- Pass exact version being run when replacing python requirement in pyproject.toml by @deivid-rodriguez in #7857
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7873
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #7871
- Bump rubocop from 1.56.0 to 1.56.1 in /updater by @dependabot in #7872
- Don't double-install packages required for building Python. by @jeffwidman in #7876
- Use dependency-type and semver grouping for dev dependencies by @jurre in #7881
- Bubble up expected pub security update errors to the user by @deivid-rodriguez in #7880
- Fix missed error matching on composer by @deivid-rodriguez in #7879
- Report gradle security update errors when dependency not found in repository by @deivid-rodriguez in #7878
- Fix typo by @deivid-rodriguez in #7883
- fix edge cases during semver grouping creating single PRs erroneously by @jakecoffman in #7867
- Split system packages into two sections: required to build python vs required to build users' python packages by @jeffwidman in #7877
- Parallelize tests by @deivid-rodriguez in #6590
- fixes toolchain directive getting into go.mod by @jakecoffman in #7884
- Install libkrb5-dev package in python Dockerfile by @yashvardhannanavati in #7604
- v0.228.0 by @dependabot-core-action-automation in #7893
New Contributors
- @torarvid made their first contribution in #7499
- @yashvardhannanavati made their first contribution in #7604
Full Changelog: v0.227.0...v0.228.0
Contributors
noorul, torarvid, and 8 other contributors
Assets 2
v0.227.0
What's Changed
- Don't copy .rubocop.yml file to updater's home folder by @deivid-rodriguez in #7797
- Remove mount of folder that does not exist by @deivid-rodriguez in #7799
- Let RuboCop inspect files in ecosystem bin folders by @deivid-rodriguez in #7798
- Explicitly require
dependabot/utilsbefore usage by @deivid-rodriguez in #7800 - Make grouped updates table more readable by @jurre in #7796
- Reduce Swift image size by @deivid-rodriguez in #7812
- Don't copy ruby version file into the updater image by @deivid-rodriguez in #7802
- Bump rubocop-performance from 1.18.0 to 1.19.0 in /updater by @dependabot in #7809
- Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #7814
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7807
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7815
- Bump nokogiri from 1.15.3 to 1.15.4 in /updater by @dependabot in #7810
- Add apt lists clean up to python Dockerfile by @tvalenta in #7803
- Restore a more standard RuboCop configuration layout by @deivid-rodriguez in #7801
- Do not attempt to group git dependencies as semver by @jurre in #7817
- Drop
python3.6by @jeffwidman in #7610 - Remove
3.6guard when settingpoetry config experimental.system-git-clientby @jeffwidman in #7614 - Stop manually installing python by @jeffwidman in #7613
- Update pip requirement from <23.2.0,>=21.3.1 to >=21.3.1,<23.3.0 in /python/helpers by @dependabot in #7570
- Stop explicitly specifying python patch versions by @jeffwidman in #7615
- Drop python 3.7 by @jeffwidman in #7702
- Pin poetry to specific version by @jeffwidman in #7716
- Upgrade
pip-toolsto7.2.0by @jeffwidman in #7711 - Fix typo in no matching dependencies for group error by @jurre in #7820
- Refactor poetry logic to parse subdependency types by @deivid-rodriguez in #7826
pipno longer requires a range by @jeffwidman in #7714- Update Go to 1.21 by @jakecoffman in #7823
- Revert "Don't copy ruby version file into the updater image (#7802)" by @deivid-rodriguez in #7835
- Python 3.6 drop follow up by @deivid-rodriguez in #7831
- Fix yanked library problems in Poetry not detected when lockfile is present by @deivid-rodriguez in #7832
- Remove code handling pyproject.lock files by @deivid-rodriguez in #7833
- Mount .ruby-version in the dev image instead of copying it by @deivid-rodriguez in #7841
- Support security updates for NPM with exact requirements and no lockfile by @deivid-rodriguez in #7819
- Simplify handling all versions metadata on NPM by @deivid-rodriguez in #7821
- v0.227.0 by @dependabot-core-action-automation in #7824
- Debug issues with docker prereleases by @deivid-rodriguez in #7842
New Contributors
Full Changelog: v0.226.0...v0.227.0
Contributors
jeffwidman, jurre, and 4 other contributors
Assets 2
v0.226.0
What's Changed
- Stop checking deprecated
bugtrack_urlby @jeffwidman in #7681 - Fix typo in method name in Swift update checker by @deivid-rodriguez in #7683
- Bump Bundler to 2.4.17 by @deivid-rodriguez in #7684
- Fix Github Actions dependency parsing edge case by @deivid-rodriguez in #7494
- Ignore tags not matching prefix, when workflow is pinned to SHAs by @deivid-rodriguez in #7430
- Rename
conf_filesdir topip_conf_filesto reduce ambiguity by @jeffwidman in #7690 - Update
poetrytest of oldest supported python version to 3.8 by @jeffwidman in #7691 - Test that unsupported Python versions raise the expected error by @jeffwidman in #7692
- Add sane limit to PR description limit for Bitbucket cloud by @stefangr in #7693
- [Grouped Updates] Remove current handling for separate ungrouped version checks from the experiment by @brrygrdn in #7689
- Delete deprecated
host-environment-markerskey by @jeffwidman in #7698 - Fixup
pip_version_resolverspecs by @jeffwidman in #7699 - Move the
Pipfile/Pipfile.lockfixtures to a clearly named folder by @jeffwidman in #7700 - Update pip-tools requirement from <=6.13.0,>=6.4.0 to >=6.4.0,<=6.14.0 in /python/helpers by @dependabot in #7509
- Bump composer/composer from 2.5.5 to 2.5.8 in /composer/helpers/v2 by @dependabot in #7420
- Make
python_major_minora one-liner by @jeffwidman in #7705 - Use dockerignore rules that play better with recent docker versions by @deivid-rodriguez in #7713
- Give better error message when fixture project is missing a file by @deivid-rodriguez in #7717
- Document why we pin
wheelby @jeffwidman in #7719 - Bump cython from 0.29.34 to 3.0.0 in /python/helpers by @dependabot in #7586
- Set file encoding in GitLab commits by @mikaellanger in #7381
- Fetching GitLab repo contents correctly uses the ref argument by @maciej-gol in #7351
- Suppress error output when evaluating invalid Ruby during tests by @deivid-rodriguez in #7706
- Fix fetching files in symlinked folders by @deivid-rodriguez in #7411
- Enable
--verbosewhen running specs by @deivid-rodriguez in #7708 - Bump the dev-dependencies group in /npm_and_yarn/helpers with 4 updates by @dependabot in #7723
- Bump jason from 1.4.0 to 1.4.1 in /hex/helpers by @dependabot in #7538
- Bump aws-sdk-ecr from 1.58.0 to 1.63.0 in /updater by @dependabot in #7667
- Bump excon from 0.99.0 to 0.100.0 in /updater by @dependabot in #7485
- Bump parser from 3.2.2.0 to 3.2.2.3 in /updater by @dependabot in #7425
- Bump rubocop-performance from 1.17.1 to 1.18.0 in /updater by @dependabot in #7727
- Bump faraday-retry from 2.1.0 to 2.2.0 in /updater by @dependabot in #7726
- Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7725
- Group Dependabot
aws-sdk-*PRs by @jeffwidman in #7732 - Bump the aws-sdk group in /updater with 1 update by @dependabot in #7733
- Bump vcr from 6.1.0 to 6.2.0 in /updater by @dependabot in #7729
- Bump commonmarker from 0.23.9 to 0.23.10 in /updater by @dependabot in #7730
- Bump the dev-dependencies group in /composer/helpers/v2 with 1 update by @dependabot in #7745
- Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in #7747
- Bump the dev-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in #7746
- Support SCP-style URIs in Swift updater by @deivid-rodriguez in #7722
- Delete unused test fixture by @jeffwidman in #7737
- Pin test to
legacyresolver to force desired error message by @jeffwidman in #7738 - build(deps): bump go from 1.20.6 to 1.20.7 by @yeikel in #7754
- build(deps): bump regclient from 0.5.0 to 0.5.1 by @yeikel in #7752
- Delete unused method
error_certainly_bad_python_version?by @jeffwidman in #7739 - Don't cancel full CI runs on main by @deivid-rodriguez in #7757
- build(deps): bump Yarn to 3.6.1 by @yeikel in #7755
- More swift requirement parsing fixes by @deivid-rodriguez in #7760
- Remove leftover setting that no longer exists by @deivid-rodriguez in #7762
- Remove gitignore entry that does not exist by @deivid-rodriguez in #7761
- fix PR unable to create with grouped updates by @jakecoffman in #7753
- Replace deprecated
pipenv lockwithpipenv requirementsby @jeffwidman in #7764 - build(deps): bump pnpm from 8.6.7 to 8.6.12 by @yeikel in #7751
- Update docker_registry2 by @NautiluX in #7658
- Bump faraday from 2.7.4 to 2.7.10 in /updater by @dependabot in #7735
- Unify memoization by @deivid-rodriguez in #7772
- Remove duplicated line in maven file fetcher by @deivid-rodriguez in #7770
- Fix incorrect memoizations by @deivid-rodriguez in #7773
- Remove leftover
putsdebugging message by @jeffwidman in #7779 - Fixing Yarn1 erroring with failed to replace env by @honeyankit in #7767
fetch_file_if_presentshould ignore all "Not Found" errors by @deivid-rodriguez in #7774- Add missing
requireby @deivid-rodriguez in #7781 - build(deps): bump terraform from 1.5.4 to 1.5.5 by @yeikel in #7780
- Simplify Bundler native helper runners by @deivid-rodriguez in #7785
- implement semver grouping and individual PRs by @jakecoffman in #7776
- Update ignore condition table by @jurre in #7787
- Stop pinning
wheelby @jeffwidman in #7784 - Stop coercing Pipfile source URL's to have trailing slashes by @jeffwidman in #7783
- Fix private source authentication error message by @deivid-rodriguez in #7786
- Add
namekey tosourcesinPipfiles by @jeffwidman in #7744 - Refactor preparing
package.jsonfiles by @deivid-rodriguez in #7245 - Copy clone logic in dry-run.rb from the updater by @deivid-rodriguez in #7791
- Restore version schema with and <build_number> with words between them by @deivid-rodriguez in #7687
- Fix missing cache prunes by @deivid-rodriguez in #7295
- Make sure Bundler group vendoring smoke tests get actually run, and pass by @deivid-rodriguez in #7794
- Remove CodeQL warning by @deivid-rodriguez in #7792
- v0.226.0 by @dependabot-core-action-automation in #7704
New Contributors
...
Contributors
mikaellanger, jeffwidman, and 10 other contributors
Assets 2
v0.225.0
What's Changed
- Fix parsing Swift packages with spaces before closing parenthesis by @deivid-rodriguez in #7660
- Update devcontainer.json to include swift by @dwc0011 in #7653
- [Grouped Updates] Implement experimental Semantic Versioning rule by @brrygrdn in #7581
- Make sure Swift lockfile updates respect ignore conditions by @deivid-rodriguez in #7669
- Normalize Swift package names by @deivid-rodriguez in #7648
- Show ignore conditions in a request body by @honeyankit in #7654
- Remove manual exclusion of specific packages by @jeffwidman in #7676
- Fix some swift updates failing when
directoryis configured by @deivid-rodriguez in #7674 - build(deps): bump terraform from 1.5.3 to 1.5.4 by @HorizonNet in #7657
- v0.225.0 by @dependabot-core-action-automation in #7655
Full Changelog: v0.224.0...v0.225.0
Contributors
jeffwidman, brrygrdn, and 4 other contributors