v0.222.0

What's Changed

• build(deps): bump Terraform from 1.5.2 to 1.5.3 by @yeikel in #7558
• build(deps): bump go from 1.20.4 to 1.20.6 by @yeikel in #7507
• Update README.md by @jmartens in #7491
• buid(deps): bump Yarn from 3.5.0 to 3.6.0 by @yeikel in #7329
• [Grouped Updates] Refactor the DependencyGroupEngine into an object, Improved logging for empty groups by @brrygrdn in #7548
• [Grouped Updates] Don't instantiate any groups without the feature flag by @brrygrdn in #7557
• build(deps): bump REGCTL from 0.4.8 to 0.5.0 by @yeikel in #7505
• Detect interpolation in terragrunt sources and skip if present by @dwc0011 in #7502
• Stub registry request that's not captured by a VCR by @Nishnha in #7306
• Prevent links in PR description that link to redirect.redirect.github.com by @stefangr in #7190
• Use the new base image by @jeffwidman in #7565
• Allow GitCommitChecker to check subdependencies too by @deivid-rodriguez in #7464
• Mount updater/bin into the docker dev shell by @jeffwidman in #7567
• Match the smoke test invocation of CLI/proxy by @jeffwidman in #7576
• Freeze mutable constants by @jeffwidman in #5966
• fix flaky test that fails when new versions are released by @jakecoffman in #7580
• Support split stderr/stdout when running shell commands by @deivid-rodriguez in #7496
• Only add "v" prefix for the helper path by @jeffwidman in #7582
• Turn composer version into a metric by @jeffwidman in #7323
• ignore peer dependencies that are in a grouped update group by @jakecoffman in #7561
• Generate PRs on Sundays weekly by @abdulapopoola in #7585
• Upgrade Node.js to active LTS version (18.x) by @christianvuerings in #7348
• Cancel previous jobs in the same branch when repushing by @deivid-rodriguez in #7590
• Don't try to diff if there's nothing to diff by @deivid-rodriguez in #7591
• Make smoke tests cache optional by @deivid-rodriguez in #7592
• Aggressively group prod and dev dependencies for NPM by @abdulapopoola in #7594
• Update docker_registry2 by @NautiluX in #7578
• Revert "Update docker_registry2" by @jurre in #7601
• feat(maven): use groupId and artifactId for the dependency name by @yeikel in #7146
• Rename python_version -> python_version_file for clarity by @jeffwidman in #7616
• Group dev-dep PR's for PHP native helpers by @jeffwidman in #7619
• Support for Swift package manager by @deivid-rodriguez in #7525
• v0.222.0 by @dependabot-core-action-automation in #7625

New Contributors

• @christianvuerings made their first contribution in #7348
• @NautiluX made their first contribution in #7578

Full Changelog: v0.221.0...v0.222.0

v0.221.0

What's Changed

• v0.220.0 by @dependabot-core-action-automation in #7428
• Target latest Python versions - 3.11.4, 3.10.12, 3.9.17, 3.8.17, 3.7.17 by @phillipuniverse in #7412
• exclude patterns for grouped updates by @Nishnha in #7402
• Add a newline after the group intro by @Nishnha in #7401
• Use ruby:3.1.4-bullseye by @Nishnha in #7442
• Fix edge case when updating Actions with mixed versions by @deivid-rodriguez in #7410
• [Grouped Updates] Cleaner management of the update dependency list by @brrygrdn in #7414
• [Grouped Updates] The VendorUpdater class watermarks DependencyFile objects it creates by @brrygrdn in #7433
• [Updater] Extract creation of new group Pull Requests into a discrete class by @brrygrdn in #7354
• [Updater] Avoid mis-representing a Dependency Group as a Dependency in error handling by @brrygrdn in #7359
• build(deps): bump Terraform to 1.5.0 by @HorizonNet in #7439
• Remove pnpm experiment flag by @mctofu in #7453
• Roll pub. Use dart 3 for running helpers. by @sigurdm in #7417
• Look in parent directories for nuget.config files by @jmarolf in #7342
• Remove persistent_gems_after_clean workaround by @jurre in #7296
• Add DEPENDABOT environment variable for users by @shu-mutou in #7407
• Bump debug from 1.7.2 to 1.8.0 in /updater by @dependabot in #7316
• Add workspace experiment to maintain state between updates and capture success/failure of each by @bdragon in #6693
• Add missing final EOL by @deivid-rodriguez in #7456
• Add sanitization to BranchNamer::DependencyGroupStrategy by @TomNaessens in #7452
• Remove duplicated ENV by @deivid-rodriguez in #7455
• Instantiate less dependencies by @deivid-rodriguez in #7459
• Fix actions updates when inconsistent casing is used by @deivid-rodriguez in #7462
• Revert "Pin CodeQL version (#7275)" by @deivid-rodriguez in #7465
• Update Bundler to 2.4.14 by @deivid-rodriguez in #7429
• Configure git with ENV by @deivid-rodriguez in #7467
• Update ecosystem READMEs with recommended setup by @deivid-rodriguez in #7472
• Fix flaky spec by @deivid-rodriguez in #7474
• NPM: fix GitHub registry not working when path is specified by @jakecoffman in #7468
• Remove simplecov by @deivid-rodriguez in #7473
• [Grouped Updates] Avoid passing non-manifest file changes between group updates by @brrygrdn in #7404
• build(deps): bump PNPM from 8.3.1 to 8.6.4 by @yeikel in #7330
• Add support for Directory.Packages.props file as entrypoint by @TobiasLaving in #7086
• Add smoke tests for go, npm and bundler+vendoring by @brrygrdn in #7486
• Use table summary for large groups of dependencies by @bdragon in #7463
• build(deps): bump Terraform from 1.5.0 to 1.5.2 by @yeikel in #7493
• Stop recording the ecosystem param by @jeffwidman in #7492
• Only record ecosystem versions when flag set by @jeffwidman in #7516
• Update the hex.pm/orgs/dependabot token by @jeffwidman in #7532
• Stop exposing real account tokens in plaintext by @jeffwidman in #7533
• Switch to using the new record_ecosystem_versions endpoint. by @jeffwidman in #7517
• Fix CodeQL warning by @deivid-rodriguez in #7531
• Use the new inputs API by @jeffwidman in #7550
• v0.221.0 by @dependabot-core-action-automation in #7554

New Contributors

• @jmarolf made their first contribution in #7342
• @shu-mutou made their first contribution in #7407
• @TobiasLaving made their first contribution in #7086

Full Changelog: v0.220.0...v0.221.0

v0.220.0

What's Changed

• Update pip-tools requirement from <=6.12.3,>=6.4.0 to >=6.4.0,<=6.13.0 in /python/helpers by @dependabot in #7034
• Update poetry requirement from <1.4.0,>=1.1.15 to >=1.1.15,<1.6.0 in /python/helpers by @dependabot in #7350
• Ensure updated dependencies are correctly included when building dependency change instance by @bdragon in #7358
• [Grouped Updates] Generate deterministic branch names based on content by @brrygrdn in #7365
• Allow parsing symbols, time and date values in workflow yaml by @jurre in #7400

Full Changelog: v0.219.0...v0.220.0

v0.219.0

What's Changed

• Schedule the release PR to arrive weekly by @jeffwidman in #7325
• Minor cleanup on the publish RubyGems action by @jeffwidman in #7337

Full Changelog: v0.218.0...v0.219.0

v0.218.0

What's Changed

• Cleanup leftover require by @deivid-rodriguez in #7162
• Cleanup duplicated conditions by @deivid-rodriguez in #7161
• Don't run update checker unnecessarily on all javascript packages in a monorepo by @deivid-rodriguez in #7141
• Prepare yarn berry just once by @deivid-rodriguez in #7160
• build(deps): bump Elixir to 1.14.4 by @yeikel in #7151
• Cargo: handle unsupported toolchain versions (part 2) by @jakecoffman in #7168
• It's bug_tracker_uri not issue_tracker_uri by @jeffwidman in #7165
• Switch from Changelog.md to GitHub releases by @jeffwidman in #7163
• No need for --dry-run by @jeffwidman in #7164
• Update docs with current release process by @jeffwidman in #7169
• build(deps): bump Yarn from 3.4.1 to 3.5.0 by @yeikel in #7149
• Pass the serialized group name when creating a PR for grouped updates by @Nishnha in #7166
• [Updater] Ensure we pass all dependency files into each step in a grouped update by @brrygrdn in #7170
• NPM: fix npmrc generation for v3 package-locks by @jakecoffman in #7175
• docs: add information about where to find Terraform updates and how to validate the release by @yeikel in #7176
• Improve npm instrumentation by @deivid-rodriguez in #7177
• Merge workflows that push images by @deivid-rodriguez in #6681
• Clarify the images-latest workflow by @jeffwidman in #7180
• Pass exception message directly to peer dependency error handler by @deivid-rodriguez in #7178
• build(deps): bump Terraform to 1.4.6 by @yeikel in #7181
• Remove accidentally committed node_modules folders by @deivid-rodriguez in #7172
• Refactor workspace file fetching in npm by @deivid-rodriguez in #7183
• NPM: handle EBADENGINE better by @jakecoffman in #7194
• Improve naming of a method by @deivid-rodriguez in #7197
• Clarify comments on peer dependency error regexes by @deivid-rodriguez in #7195
• remove unused script by @jakecoffman in #7205
• Fix README.md formatting error by @JonathanBerkeley in #7193
• Remove unused requires by @deivid-rodriguez in #7200
• Catch bundle lock failures by @jeffwidman in #7208
• Pass required method argument in GroupUpdateAllVersions updater operation by @bdragon in #7202
• Do not catch the 0 exit code by @jeffwidman in #7209
• Remove unused GH_TOKEN env var by @jeffwidman in #7207
• [Updater] Fix brittle test for grouped updates by @brrygrdn in #7213
• Remove Updater#legacy_run by @brrygrdn in #7212
• [Updater] Implement an Operation capable of refreshing a Grouped Update PR. by @brrygrdn in #7192
• Add PNPM support by @deivid-rodriguez in #7081
• Remove dead code by @deivid-rodriguez in #7218
• Add a placeholder dependabot-core.gemspec by @jeffwidman in #7171
• Pin docker_registry2 to 1.14.0 to fix CI by @deivid-rodriguez in #7224
• prebuild Python image for faster Codespace startup by @jakecoffman in #7225
• Create version bump PRs using a custom action by @jeffwidman in #7211
• [Updater] The Updater always expects job.dependency_groups to be defined by @brrygrdn in #7216
• [Updater] Add a test for two overlapping groups by @brrygrdn in #7217
• Fix Dependabot failing to create PRs when updates are needed on path gemspecs by @deivid-rodriguez in #7227
• Remove unnecessary usages of VCR by @deivid-rodriguez in #7233
• Don't link to empty releases page in PR body by @deivid-rodriguez in #7118
• Remove references to removed file by @deivid-rodriguez in #7236
• Fix updating GitHub Actions pinned to mixed references by @deivid-rodriguez in #7215
• Make gem-bump-version inherit ruby/bundler versions by @jeffwidman in #7239
• Fix flaky cargo spec by @deivid-rodriguez in #7243
• Less truncation in RSpec errors by @deivid-rodriguez in #7244
• Fix lockfile-only versioning strategy not creating some updates that are expected (v2) by @deivid-rodriguez in #5902
• Add tag to indicate if repo is private in sentry reports by @jurre in #7228
• Defer opening duplicate grouped PRs by @Nishnha in #7199
• [Updater] Explain why we defer groups with existing PRs when all groups are triggered by @brrygrdn in #7255
• [Updater] Add missing log lines to job startup by @brrygrdn in #7264
• Generate PR intro for grouped update PRs by @bdragon in #7247
• [Updater] Fix a bug in how we handle 'peer' manifests by @brrygrdn in #7268
• build(deps): bump GOLANG from 1.20.3 to 1.20.4 by @yeikel in #7259
• Re-enable e2e test by @bdragon in #7270
• Fix some bad PRs getting created when compact index API is having issues by @deivid-rodriguez in #7269
• Pin CodeQL action by @deivid-rodriguez in #7275
• Update Bundler to 2.4.13 by @deivid-rodriguez in #7274
• fix NilClass error on credential-less runs by @jakecoffman in #7277
• [Updater] Fix a crash in Grouped Updates when vendoring files by @brrygrdn in #7285
• Fix outdated reference to DockerHub by @jeffwidman in #7271
• Switch to watching releases rather than tags by @jeffwidman in #7272
• build(deps): bump Rust from 1.68.2 to 1.69.0 by @yeikel in #7280
• Reparse dependencies after each batch when performing grouped updates by @Nishnha in #7276
• Don't hang when metadata source is not accessible by @deivid-rodriguez in #7241
• Avoid a method missing error distracting when we hit any unhandled exceptions by @brrygrdn in #7287
• Go: fix grouped updates missing updated dependencies in manifests by @jakecoffman in #7288
• Roll changes from pub. by @sigurdm in #7265
• Add basic smoke test for PNPM by @deivid-rodriguez in #7281
• Remove unused code by @deivid-rodriguez in #7279
• fix(gradle): update dependencies only if group and artifact ids are the same by @yeikel in #7145
• Revert "fix(gradle): update dependencies only if both group and artifact ids are the same" by @deivid-rodriguez in #7304
• CodeQL: ignore purposefully invalid ruby files by @jeffwidman in #7126
• [Grouped Updates] Remove prototype from branch names by @brrygrdn in #7297
• docs: improve documentation by @yeikel in #7328
• Ensure we start from `...