Updated to the latest upstream

kirillcoso · Oct 22, 2024 · 806521d · 806521d
2 parents a05e481 + a55a347
commit 806521d
Show file tree

Hide file tree

Showing 38 changed files with 1,042 additions and 690 deletions.
diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json
@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "dotnet-ef": {
-      "version": "8.0.8",
+      "version": "8.0.10",
       "commands": [
         "dotnet-ef"
       ]

diff --git a/.github/workflows/extension.yml b/.github/workflows/extension.yml
@@ -85,7 +85,7 @@ jobs:
         run: |
           # Major versions are left out here because they are fixed in the task.json files.
           # The minor and patch versions are updated to make sure we keep recent changes deployed.
-          echo "`jq '.version.Minor=34' extension/tasks/dependabotV1/task.json`" > extension/tasks/dependabotV1/task.json
+          echo "`jq '.version.Minor=${{ steps.gitversion.outputs.minor }}' extension/tasks/dependabotV1/task.json`" > extension/tasks/dependabotV1/task.json
           echo "`jq '.version.Patch=${{ github.run_number }}' extension/tasks/dependabotV1/task.json`" > extension/tasks/dependabotV1/task.json
           echo "`jq '.version.Minor=${{ steps.gitversion.outputs.minor }}' extension/tasks/dependabotV2/task.json`" > extension/tasks/dependabotV2/task.json
           echo "`jq '.version.Patch=${{ github.run_number }}' extension/tasks/dependabotV2/task.json`" > extension/tasks/dependabotV2/task.json
@@ -152,7 +152,7 @@ jobs:
           --vsix ${{ github.workspace }}/dev/*.vsix
           --auth-type pat
           --token ${{ secrets.AZURE_DEVOPS_EXTENSION_TOKEN }}
-          --share-with tingle
+          --share-with tingle rhyskoedijk
 
       - name: Publish to marketplace (prod)
         if: startsWith(github.ref, 'refs/tags/')

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -14,7 +14,6 @@ AllCops:
     - "*/spec/fixtures/**/*"
     - "vendor/**/*"
     - "dry-run/**/*"
-    - "bundler/helpers/v1/patched_bundler"
     - "bundler/helpers/spec_helpers/*"
   NewCops: enable
   TargetRubyVersion: 3.1

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
@@ -9,7 +9,6 @@
 # Offense count: 39
 RSpec/AnyInstance:
   Exclude:
-    - 'bundler/helpers/v1/spec/shared_contexts.rb'
     - 'bundler/spec/dependabot/bundler/update_checker_spec.rb'
     - 'common/spec/dependabot/clients/codecommit_spec.rb'
     - 'common/spec/dependabot/file_fetchers/base_spec.rb'

diff --git a/README.md b/README.md
@@ -21,6 +21,7 @@ In this repository you'll find:
 - [Configuring private feeds and registries](#configuring-private-feeds-and-registries)
 - [Configuring security advisories and known vulnerabilities](#configuring-security-advisories-and-known-vulnerabilities)
 - [Configuring experiments](#configuring-experiments)
+- [Configuring assignees and reviewers](#configuring-assignees-and-reviewers)
 - [Unsupported features and configurations](#unsupported-features-and-configurations)
    * [Extension Task](#extension-task)
       + [dependabot@V2](#dependabotv2)
@@ -153,31 +154,44 @@ Experiments vary depending on the package ecyosystem used; They can be enabled u
 > Dependabot experinment names are not [publicly] documented. For convenience, some known experiments are listed below; However, **be aware that this may be out-of-date at the time of reading.**
 
 <details>
-<summary>List of known experiments from dependabot-core@0.278.0</summary>
+<summary>List of known experiments from dependabot-core@0.280.0</summary>
 
-|Package Ecosystem|Experiment Name|Value Type|Description|
+|Package Ecosystem|Experiment Name|Value Type|More Information|
 |--|--|--|--|
-| All | dedup_branch_names | true/false | |
-| All | grouped_updates_experimental_rules | true/false | |
-| All | grouped_security_updates_disabled | true/false | |
-| All | record_ecosystem_versions | true/false | |
-| All | record_update_job_unknown_error | true/false | |
-| All | dependency_change_validation | true/false | |
-| All | add_deprecation_warn_to_pr_message | true/false | |
-| All | threaded_metadata | true/false | |
-| Bundler | bundler_v1_unsupported_error | true/false | |
+| All | dedup_branch_names | true/false | https://github.com/dependabot/dependabot-core/pull/10519 |
+| All | grouped_updates_experimental_rules | true/false | https://github.com/dependabot/dependabot-core/pull/7581 |
+| All | grouped_security_updates_disabled | true/false | https://github.com/dependabot/dependabot-core/pull/8529 |
+| All | record_ecosystem_versions | true/false | https://github.com/dependabot/dependabot-core/pull/7517 |
+| All | record_update_job_unknown_error | true/false | https://github.com/dependabot/dependabot-core/pull/8144 |
+| All | dependency_change_validation | true/false | https://github.com/dependabot/dependabot-core/pull/9888 |
+| All | add_deprecation_warn_to_pr_message | true/false | https://github.com/dependabot/dependabot-core/pull/10421 |
+| All | threaded_metadata | true/false | https://github.com/dependabot/dependabot-core/pull/9485 |
+| Bundler | bundler_v1_unsupported_error | true/false | https://github.com/dependabot/dependabot-core/pull/10601 |
+| Composer | composer_v1_deprecation_warning | true/false | https://github.com/dependabot/dependabot-core/pull/10716 |
+| Composer | composer_v1_unsupported_error | true/false | https://github.com/dependabot/dependabot-core/pull/10716 |
 | Go | tidy | true/false | |
 | Go | vendor | true/false | |
 | Go | goprivate | string | |
-| NPM and Yarn | enable_pnpm_yarn_dynamic_engine | true/false | |
+| NPM | npm_fallback_version_above_v6 | true/false | https://github.com/dependabot/dependabot-core/pull/10757 |
 | NuGet | nuget_native_analysis | true/false | https://github.com/dependabot/dependabot-core/pull/10025 |
 | NuGet | nuget_native_updater | true/false | https://github.com/dependabot/dependabot-core/pull/10521 |
-| NuGet | nuget_dependency_solver | true/false | https://github.com/dependabot/dependabot-core/pull/10343 |
+| NuGet | nuget_legacy_dependency_solver | true/false | https://github.com/dependabot/dependabot-core/pull/10671 |
+
+> To find the latest list of Dependabot experiments, search the `dependabot-core` GitHub repository using queries like ["enabled?(x)"](https://github.com/search?q=repo%3Adependabot%2Fdependabot-core+%2Fenabled%5CW%5C%28.*%5C%29%2F&type=code) and ["options.fetch(x)"](https://github.com/search?q=repo%3Adependabot%2Fdependabot-core+%2Foptions%5C.fetch%5C%28.*%2C%2F&type=code). 
 
 </details>
 
-> [!TIP]
-> To find the latest list of Dependabot experiments, search the `dependabot-core` GitHub repository using queries like ["enabled?(x)"](https://github.com/search?q=repo%3Adependabot%2Fdependabot-core+%2Fenabled%5CW%5C%28.*%5C%29%2F&type=code) and ["options.fetch(x)"](https://github.com/search?q=repo%3Adependabot%2Fdependabot-core+%2Foptions%5C.fetch%5C%28.*%2C%2F&type=code). 
+## Configuring assignees and reviewers
+Dependabot allows for the configuration of both [`assignees`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#assignees) and [`reviewers`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#reviewers). However, Azure DevOps does not have the concept of pull request assignees. Because of this, `assignees` will be treated as **required** reviewers and `reviewers` will be treated as **optional** reviewers.
+
+Reviewers can be any of the following values:
+
+- User GUID
+- User username
+- User email address
+- User full [display] name
+- Group name
+- Team name
 
 ## Unsupported features and configurations
 We aim to support all [official configuration options](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file), but there are some limitations for:
@@ -193,15 +207,18 @@ We aim to support all [official configuration options](https://docs.github.com/e
 - [`directories`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories) are only supported if task input `useUpdateScriptVNext: true` is set.
 - [`groups`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) are only supported if task input `useUpdateScriptVNext: true` is set.
 - [`ignore`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore) may not behave to official specifications unless task input `useUpdateScriptVNext: true` is set. If you are having issues, search for related issues such as <https://github.com/tinglesoftware/dependabot-azure-devops/pull/582> before creating a new issue.
+- [`assignees`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#assignees) and [`reviewers`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#reviewers) must be a list of user guids or email addresses; group/team names are not supported.
 - Private feed/registry authentication may not work with all package ecyosystems. Support is _slightly_ improved when task input `useUpdateScriptVNext: true` is set, but not still not fully supported. See [problems with authentication](https://github.com/tinglesoftware/dependabot-azure-devops/discussions/1317) for more.
 
 ### Updater Docker image
+- `DEPENDABOT_ASSIGNEES` and `DEPENDABOT_REVIEWERS` must be a list of user guids; email addresses and group/team names are not supported.
 - Private feed/registry authentication may not work with all package ecyosystems. See [problems with authentication](https://github.com/tinglesoftware/dependabot-azure-devops/discussions/1317) for more.
 
 ### Server
 
 - [`directories`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories) are not supported.
 - [`groups`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) are not supported.
+- [`assignees`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#assignees) and [`reviewers`](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#reviewers) must be a list of user guids; email addresses and group/team names are not supported.
 - Private feed/registry authentication may not work with all package ecyosystems. See [problems with authentication](https://github.com/tinglesoftware/dependabot-azure-devops/discussions/1317) for more.
 
 ## Migration Guide

diff --git a/extension/README.md b/extension/README.md
@@ -105,5 +105,6 @@ Dependabot uses Docker containers, which may take time to install if not already
 - [Configuring private feeds and registries](https://github.com/tinglesoftware/dependabot-azure-devops/#configuring-private-feeds-and-registries)
 - [Configuring security advisories and known vulnerabilities](https://github.com/tinglesoftware/dependabot-azure-devops/#configuring-security-advisories-and-known-vulnerabilities)
 - [Configuring experiments](https://github.com/tinglesoftware/dependabot-azure-devops/#configuring-experiments)
+- [Configuring assignees and reviewers](https://github.com/tinglesoftware/dependabot-azure-devops/#configuring-assignees-and-reviewers)
 - [Unsupported features and configurations](https://github.com/tinglesoftware/dependabot-azure-devops/#unsupported-features-and-configurations)
 - [Task migration guide for V1 → V2](https://github.com/tinglesoftware/dependabot-azure-devops/blob/main/docs/migrations/v1-to-v2.md)
diff --git a/extension/package-lock.json b/extension/package-lock.json
diff --git a/extension/package.json b/extension/package.json
@@ -30,18 +30,18 @@
   "dependencies": {
     "axios": "1.7.7",
     "azure-devops-node-api": "14.1.0",
-    "azure-pipelines-task-lib": "4.17.2",
+    "azure-pipelines-task-lib": "4.17.3",
     "js-yaml": "4.1.0"
   },
   "devDependencies": {
     "@types/jest": "29.5.13",
     "@types/js-yaml": "4.0.9",
-    "@types/node": "22.7.4",
+    "@types/node": "22.7.7",
     "@types/q": "1.5.8",
     "jest": "29.7.0",
     "ts-jest": "29.2.5",
     "ts-node": "10.9.2",
-    "typescript": "5.6.2"
+    "typescript": "5.6.3"
   },
   "packageManager": "npm@10.8.1"
 }