Releases: dependabot/dependabot-core
Releases 路 dependabot/dependabot-core
v0.222.0
What's Changed
- build(deps): bump Terraform from 1.5.2 to 1.5.3 by @yeikel in #7558
- build(deps): bump go from 1.20.4 to 1.20.6 by @yeikel in #7507
- Update README.md by @jmartens in #7491
- buid(deps): bump Yarn from 3.5.0 to 3.6.0 by @yeikel in #7329
- [Grouped Updates] Refactor the DependencyGroupEngine into an object, Improved logging for empty groups by @brrygrdn in #7548
- [Grouped Updates] Don't instantiate any groups without the feature flag by @brrygrdn in #7557
- build(deps): bump REGCTL from 0.4.8 to 0.5.0 by @yeikel in #7505
- Detect interpolation in terragrunt sources and skip if present by @dwc0011 in #7502
- Stub registry request that's not captured by a VCR by @Nishnha in #7306
- Prevent links in PR description that link to redirect.redirect.github.com by @stefangr in #7190
- Use the new base image by @jeffwidman in #7565
- Allow
GitCommitChecker
to check subdependencies too by @deivid-rodriguez in #7464 - Mount
updater/bin
into the docker dev shell by @jeffwidman in #7567 - Match the smoke test invocation of CLI/proxy by @jeffwidman in #7576
- Freeze mutable constants by @jeffwidman in #5966
- fix flaky test that fails when new versions are released by @jakecoffman in #7580
- Support split stderr/stdout when running shell commands by @deivid-rodriguez in #7496
- Only add
"v"
prefix for the helper path by @jeffwidman in #7582 - Turn
composer
version into a metric by @jeffwidman in #7323 - ignore peer dependencies that are in a grouped update group by @jakecoffman in #7561
- Generate PRs on Sundays weekly by @abdulapopoola in #7585
- Upgrade Node.js to active LTS version (18.x) by @christianvuerings in #7348
- Cancel previous jobs in the same branch when repushing by @deivid-rodriguez in #7590
- Don't try to diff if there's nothing to diff by @deivid-rodriguez in #7591
- Make smoke tests cache optional by @deivid-rodriguez in #7592
- Aggressively group prod and dev dependencies for NPM by @abdulapopoola in #7594
- Update docker_registry2 by @NautiluX in #7578
- Revert "Update docker_registry2" by @jurre in #7601
- feat(maven): use
groupId
andartifactId
for the dependency name by @yeikel in #7146 - Rename
python_version
->python_version_file
for clarity by @jeffwidman in #7616 - Group dev-dep PR's for PHP native helpers by @jeffwidman in #7619
- Support for Swift package manager by @deivid-rodriguez in #7525
- v0.222.0 by @dependabot-core-action-automation in #7625
New Contributors
- @christianvuerings made their first contribution in #7348
- @NautiluX made their first contribution in #7578
Full Changelog: v0.221.0...v0.222.0
v0.221.0
What's Changed
- v0.220.0 by @dependabot-core-action-automation in #7428
- Target latest Python versions - 3.11.4, 3.10.12, 3.9.17, 3.8.17, 3.7.17 by @phillipuniverse in #7412
- exclude patterns for grouped updates by @Nishnha in #7402
- Add a newline after the group intro by @Nishnha in #7401
- Use ruby:3.1.4-bullseye by @Nishnha in #7442
- Fix edge case when updating Actions with mixed versions by @deivid-rodriguez in #7410
- [Grouped Updates] Cleaner management of the update dependency list by @brrygrdn in #7414
- [Grouped Updates] The VendorUpdater class watermarks DependencyFile objects it creates by @brrygrdn in #7433
- [Updater] Extract creation of new group Pull Requests into a discrete class by @brrygrdn in #7354
- [Updater] Avoid mis-representing a Dependency Group as a Dependency in error handling by @brrygrdn in #7359
- build(deps): bump Terraform to 1.5.0 by @HorizonNet in #7439
- Remove pnpm experiment flag by @mctofu in #7453
- Roll pub. Use dart 3 for running helpers. by @sigurdm in #7417
- Look in parent directories for nuget.config files by @jmarolf in #7342
- Remove
persistent_gems_after_clean
workaround by @jurre in #7296 - Add
DEPENDABOT
environment variable for users by @shu-mutou in #7407 - Bump debug from 1.7.2 to 1.8.0 in /updater by @dependabot in #7316
- Add workspace experiment to maintain state between updates and capture success/failure of each by @bdragon in #6693
- Add missing final EOL by @deivid-rodriguez in #7456
- Add sanitization to BranchNamer::DependencyGroupStrategy by @TomNaessens in #7452
- Remove duplicated ENV by @deivid-rodriguez in #7455
- Instantiate less dependencies by @deivid-rodriguez in #7459
- Fix actions updates when inconsistent casing is used by @deivid-rodriguez in #7462
- Revert "Pin CodeQL version (#7275)" by @deivid-rodriguez in #7465
- Update Bundler to 2.4.14 by @deivid-rodriguez in #7429
- Configure git with ENV by @deivid-rodriguez in #7467
- Update ecosystem READMEs with recommended setup by @deivid-rodriguez in #7472
- Fix flaky spec by @deivid-rodriguez in #7474
- NPM: fix GitHub registry not working when path is specified by @jakecoffman in #7468
- Remove simplecov by @deivid-rodriguez in #7473
- [Grouped Updates] Avoid passing non-manifest file changes between group updates by @brrygrdn in #7404
- build(deps): bump PNPM from 8.3.1 to 8.6.4 by @yeikel in #7330
- Add support for Directory.Packages.props file as entrypoint by @TobiasLaving in #7086
- Add smoke tests for go, npm and bundler+vendoring by @brrygrdn in #7486
- Use table summary for large groups of dependencies by @bdragon in #7463
- build(deps): bump Terraform from 1.5.0 to 1.5.2 by @yeikel in #7493
- Stop recording the
ecosystem
param by @jeffwidman in #7492 - Only record ecosystem versions when flag set by @jeffwidman in #7516
- Update the
hex.pm/orgs/dependabot
token by @jeffwidman in #7532 - Stop exposing real account tokens in plaintext by @jeffwidman in #7533
- Switch to using the new
record_ecosystem_versions
endpoint. by @jeffwidman in #7517 - Fix CodeQL warning by @deivid-rodriguez in #7531
- Use the new
inputs
API by @jeffwidman in #7550 - v0.221.0 by @dependabot-core-action-automation in #7554
New Contributors
- @jmarolf made their first contribution in #7342
- @shu-mutou made their first contribution in #7407
- @TobiasLaving made their first contribution in #7086
Full Changelog: v0.220.0...v0.221.0
v0.220.0
What's Changed
- Update pip-tools requirement from <=6.12.3,>=6.4.0 to >=6.4.0,<=6.13.0 in /python/helpers by @dependabot in #7034
- Update poetry requirement from <1.4.0,>=1.1.15 to >=1.1.15,<1.6.0 in /python/helpers by @dependabot in #7350
- Ensure updated dependencies are correctly included when building dependency change instance by @bdragon in #7358
- [Grouped Updates] Generate deterministic branch names based on content by @brrygrdn in #7365
- Allow parsing symbols, time and date values in workflow yaml by @jurre in #7400
Full Changelog: v0.219.0...v0.220.0
v0.219.0
What's Changed
- Schedule the release PR to arrive weekly by @jeffwidman in #7325
- Minor cleanup on the publish RubyGems action by @jeffwidman in #7337
Full Changelog: v0.218.0...v0.219.0
v0.218.0
What's Changed
- Cleanup leftover require by @deivid-rodriguez in #7162
- Cleanup duplicated conditions by @deivid-rodriguez in #7161
- Don't run update checker unnecessarily on all javascript packages in a monorepo by @deivid-rodriguez in #7141
- Prepare yarn berry just once by @deivid-rodriguez in #7160
- build(deps): bump Elixir to 1.14.4 by @yeikel in #7151
- Cargo: handle unsupported toolchain versions (part 2) by @jakecoffman in #7168
- It's
bug_tracker_uri
notissue_tracker_uri
by @jeffwidman in #7165 - Switch from
Changelog.md
to GitHub releases by @jeffwidman in #7163 - No need for
--dry-run
by @jeffwidman in #7164 - Update docs with current release process by @jeffwidman in #7169
- build(deps): bump Yarn from 3.4.1 to 3.5.0 by @yeikel in #7149
- Pass the serialized group name when creating a PR for grouped updates by @Nishnha in #7166
- [Updater] Ensure we pass all dependency files into each step in a grouped update by @brrygrdn in #7170
- NPM: fix npmrc generation for v3 package-locks by @jakecoffman in #7175
- docs: add information about where to find Terraform updates and how to validate the release by @yeikel in #7176
- Improve npm instrumentation by @deivid-rodriguez in #7177
- Merge workflows that push images by @deivid-rodriguez in #6681
- Clarify the
images-latest
workflow by @jeffwidman in #7180 - Pass exception message directly to peer dependency error handler by @deivid-rodriguez in #7178
- build(deps): bump Terraform to 1.4.6 by @yeikel in #7181
- Remove accidentally committed node_modules folders by @deivid-rodriguez in #7172
- Refactor workspace file fetching in npm by @deivid-rodriguez in #7183
- NPM: handle EBADENGINE better by @jakecoffman in #7194
- Improve naming of a method by @deivid-rodriguez in #7197
- Clarify comments on peer dependency error regexes by @deivid-rodriguez in #7195
- remove unused script by @jakecoffman in #7205
- Fix README.md formatting error by @JonathanBerkeley in #7193
- Remove unused requires by @deivid-rodriguez in #7200
- Catch
bundle lock
failures by @jeffwidman in #7208 - Pass required method argument in
GroupUpdateAllVersions
updater operation by @bdragon in #7202 - Do not catch the
0
exit code by @jeffwidman in #7209 - Remove unused
GH_TOKEN
env var by @jeffwidman in #7207 - [Updater] Fix brittle test for grouped updates by @brrygrdn in #7213
- Remove Updater#legacy_run by @brrygrdn in #7212
- [Updater] Implement an Operation capable of refreshing a Grouped Update PR. by @brrygrdn in #7192
- Add PNPM support by @deivid-rodriguez in #7081
- Remove dead code by @deivid-rodriguez in #7218
- Add a placeholder
dependabot-core.gemspec
by @jeffwidman in #7171 - Pin docker_registry2 to 1.14.0 to fix CI by @deivid-rodriguez in #7224
- prebuild Python image for faster Codespace startup by @jakecoffman in #7225
- Create version bump PRs using a custom action by @jeffwidman in #7211
- [Updater] The Updater always expects job.dependency_groups to be defined by @brrygrdn in #7216
- [Updater] Add a test for two overlapping groups by @brrygrdn in #7217
- Fix Dependabot failing to create PRs when updates are needed on path gemspecs by @deivid-rodriguez in #7227
- Remove unnecessary usages of VCR by @deivid-rodriguez in #7233
- Don't link to empty releases page in PR body by @deivid-rodriguez in #7118
- Remove references to removed file by @deivid-rodriguez in #7236
- Fix updating GitHub Actions pinned to mixed references by @deivid-rodriguez in #7215
- Make
gem-bump-version
inheritruby
/bundler
versions by @jeffwidman in #7239 - Fix flaky cargo spec by @deivid-rodriguez in #7243
- Less truncation in RSpec errors by @deivid-rodriguez in #7244
- Fix
lockfile-only
versioning strategy not creating some updates that are expected (v2) by @deivid-rodriguez in #5902 - Add tag to indicate if repo is private in sentry reports by @jurre in #7228
- Defer opening duplicate grouped PRs by @Nishnha in #7199
- [Updater] Explain why we defer groups with existing PRs when all groups are triggered by @brrygrdn in #7255
- [Updater] Add missing log lines to job startup by @brrygrdn in #7264
- Generate PR intro for grouped update PRs by @bdragon in #7247
- [Updater] Fix a bug in how we handle 'peer' manifests by @brrygrdn in #7268
- build(deps): bump GOLANG from 1.20.3 to 1.20.4 by @yeikel in #7259
- Re-enable e2e test by @bdragon in #7270
- Fix some bad PRs getting created when compact index API is having issues by @deivid-rodriguez in #7269
- Pin CodeQL action by @deivid-rodriguez in #7275
- Update Bundler to 2.4.13 by @deivid-rodriguez in #7274
- fix NilClass error on credential-less runs by @jakecoffman in #7277
- [Updater] Fix a crash in Grouped Updates when vendoring files by @brrygrdn in #7285
- Fix outdated reference to DockerHub by @jeffwidman in #7271
- Switch to watching releases rather than tags by @jeffwidman in #7272
- build(deps): bump Rust from 1.68.2 to 1.69.0 by @yeikel in #7280
- Reparse dependencies after each batch when performing grouped updates by @Nishnha in #7276
- Don't hang when metadata source is not accessible by @deivid-rodriguez in #7241
- Avoid a method missing error distracting when we hit any unhandled exceptions by @brrygrdn in #7287
- Go: fix grouped updates missing updated dependencies in manifests by @jakecoffman in #7288
- Roll changes from pub. by @sigurdm in #7265
- Add basic smoke test for PNPM by @deivid-rodriguez in #7281
- Remove unused code by @deivid-rodriguez in #7279
- fix(gradle): update dependencies only if group and artifact ids are the same by @yeikel in #7145
- Revert "fix(gradle): update dependencies only if both group and artifact ids are the same" by @deivid-rodriguez in #7304
- CodeQL: ignore purposefully invalid ruby files by @jeffwidman in #7126
- [Grouped Updates] Remove prototype from branch names by @brrygrdn in #7297
- docs: improve documentation by @yeikel in #7328
- Ensure we start from `...