Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.276.0
v0.275.0
What's Changed
- Fix showing bundler v1 deprecation warnings in PR message and logs by @kbukum1 in #10554
- Dynamic version selector for Npm and Yarn by @sachin-sandhu in #10510
- Implement maven version specification by @amazimbe in #10524
- Support retrieving workspace of path dependencies in cargo by @Jefffrey in #10550
- adds exception handlers and test cases by @sachin-sandhu in #10570
- Fix argument null exception when updating assembly references with no public key token by @rhyskoedijk in #10568
- Fixes Dependabot::Updater::SubprocessFailed issues by @sachin-sandhu in #10555
- Update CONTRIBUTING.md by @jonjanego in #10577
- Add direct link to the docs for package manager versions by @jeffwidman in #10590
- v0.275.0 by @dependabot-core-action-automation in #10591
Full Changelog: v0.274.0...v0.275.0
v0.274.0
What's Changed
- Revert "rework reporting of dependencies and requirements to better handle transitive dependencies" by @brettfo in #10472
- Error handlers for Dependabot::SharedHelpers::HelperSubprocessFailed PNPM errors by @sachin-sandhu in #10483
- Bump jason from 1.4.3 to 1.4.4 in /hex/helpers by @dependabot in #10364
- Bump rexml from 3.3.1 to 3.3.6 in /updater by @dependabot in #10488
- chore(python): target latest python 3.12.5 version by @Greesb in #10470
- Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #10479
- Fixes unhandled couldn't find any versions for package exception by @sachin-sandhu in #10491
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed related issues by @sachin-sandhu in #10494
- Implement Logging for Bundler v1 Deprecation Warnings by @kbukum1 in #10466
- Adds handler for YARN :: YN0xx errors by @sachin-sandhu in #10505
- Fixes NPM unhandled exceptions in Dependabot::SharedHelpers::HelperSubprocessFailed by @sachin-sandhu in #10506
- Support for pub workspaces by @sigurdm in #10445
- Error handler for Dependabot::Updater::SubprocessFailed: Subprocess issues by @sachin-sandhu in #10512
- v0.273.0 by @dependabot-core-action-automation in #10514
- Fixes Yarn Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10526
- Mount
.rubocop_todo.yml
to enable successful rubocop execution by @Jefffrey in #10544 - Sending Bundler v1 Deprecation Warning Alert by @kbukum1 in #10485
- Avoid using existing branches by @Nishnha in #10519
- v0.274.0 by @dependabot-core-action-automation in #10551
New Contributors
Full Changelog: v0.272.0...v0.274.0
v0.273.0
What's Changed
- Revert "rework reporting of dependencies and requirements to better handle transitive dependencies" by @brettfo in #10472
- Error handlers for Dependabot::SharedHelpers::HelperSubprocessFailed PNPM errors by @sachin-sandhu in #10483
- Bump jason from 1.4.3 to 1.4.4 in /hex/helpers by @dependabot in #10364
- Bump rexml from 3.3.1 to 3.3.6 in /updater by @dependabot in #10488
- chore(python): target latest python 3.12.5 version by @Greesb in #10470
- Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #10479
- Fixes unhandled couldn't find any versions for package exception by @sachin-sandhu in #10491
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed related issues by @sachin-sandhu in #10494
- Implement Logging for Bundler v1 Deprecation Warnings by @kbukum1 in #10466
- Adds handler for YARN :: YN0xx errors by @sachin-sandhu in #10505
- Fixes NPM unhandled exceptions in Dependabot::SharedHelpers::HelperSubprocessFailed by @sachin-sandhu in #10506
- Support for pub workspaces by @sigurdm in #10445
- Error handler for Dependabot::Updater::SubprocessFailed: Subprocess issues by @sachin-sandhu in #10512
New Contributors
Full Changelog: v0.272.0...v0.273.0
v0.272.0
What's Changed
- Adds outofDisk exception handler for updater by @sachin-sandhu in #10444
- Fixes illformed requirement error propagation to unknown errors by @sachin-sandhu in #10448
- Add Bundler v1 Deprecation Warning by @kbukum1 in #10421
- Reformatted Deprecation and Error Messages for Bundler v1 Support by @kbukum1 in #10450
- only discover dependencies from known project types by @brettfo in #10451
- Fixes Yarn Dependabot::Updater::SubprocessFailed issues by @sachin-sandhu in #10456
- fix handling of NuGet transitive dependencies by @brettfo in #10449
- Revert Changes to updated_files_regex method with latest regex from the API by @honeyankit in #10457
- Add semver 2 versioning in dependabot common by @amazimbe in #10434
- Fix : Dependabot::DependabotError: [YN0001] issues by @sachin-sandhu in #10473
- v0.272.0 by @dependabot-core-action-automation in #10476
Full Changelog: v0.271.0...v0.272.0
v0.271.0
v0.271.0 (#10443) Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.271.0 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v0.270.0
What's Changed
- Fixes RuntimeError-No package.json issue by @sachin-sandhu in #10392
- Update issue-labeler.yml by @jonjanego in #10397
- Fixes ERR_PNPM_FETCH-HelperSubprocessFailed by @sachin-sandhu in #10398
- Fix failing tests in the python ecosystem by @amazimbe in #10386
- Guard against possible nil before the actual nil inevitably stops execution by @sato11 in #10396
- Fixes Dependabot::ToolVersionNotSupported issues by @sachin-sandhu in #10390
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - ERR_PNPM_UNSUPPORTED_ENGINE by @sachin-sandhu in #10419
- update nuget/Dockerfile, dotnet_sdk_version is now 8.0.303 by @Tripletri in #10370
- feature-intern-ResolveDependencyConflictsNew to main by @NadiamB in #10343
- lower API rate usage by enabling git-powered comparison by @jakecoffman in #10429
- Fixes issues related with err_pnpm_patch_not_applied and err_pnpm_tarball_integrity errors by @sachin-sandhu in #10430
- type existing prs in the job definition by @jakecoffman in #10432
- Added Missing Regex for Allowlist Dependency Files by @honeyankit in #10389
- Revert Smoke Test Branch to Dependabot-Core Main by @kbukum1 in #10437
- v0.269.0 by @dependabot-core-action-automation in #10391
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - err_pnpm_unsupported_platform error code by @sachin-sandhu in #10436
- v0.270.0 by @dependabot-core-action-automation in #10439
New Contributors
- @sato11 made their first contribution in #10396
- @Tripletri made their first contribution in #10370
- @NadiamB made their first contribution in #10343
Full Changelog: v0.269.0...v0.270.0
v0.269.0
What's Changed
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10349
- add directory to existing PR checks, updating tests by @jakecoffman in #10325
- Add Spec Tests for
CreateSecurityUpdatePullRequest
by @kbukum1 in #10344 - Report transitive dependency vulnerability errors for npm, yarn, and pnpm by @kbukum1 in #10282
- don't waste quota on main since branch was up-to-date by @jakecoffman in #10352
- fix "no groups" exception, run more jobs through GroupUpdateAllVersions by @jakecoffman in #10348
- Strict type Dependabot::Updater.Operations::RefreshSecurityUpdatePullRequest by @kbukum1 in #10334
- allow for wildcards in version requirements by @brettfo in #10353
- report no new version if a given package doesn't exist on any feed by @brettfo in #10354
- convert test to not require the network by @brettfo in #10355
- Add Error Handling for YN0082 in YarnErrorHandler by @kbukum1 in #10374
- Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10378
- Fixes logger location for Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10380
- Fixes JSON::ParserError: unexpected token issue by @sachin-sandhu in #10381
- NPM: fix security update for indirect and direct dependencies by @jakecoffman in #10371
Full Changelog: v0.268.0...v0.269.0
v0.268.0
What's Changed
- Adds exception handling for override failure errors by @sachin-sandhu in #10290
- Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - nested aliases not supported by @sachin-sandhu in #10292
- Small typo by @yeikel in #10295
- add Dependency::directory to the PR payload by @jakecoffman in #10195
- Strict type
Dependabot::Updater.Operations::CreateSecurityUpdatePullRequest
by @kbukum1 in #10302 - Strict type
Dependabot::Terraform::UpdateChecker
by @JamieMagee in #10278 - temporarily sideline
global.json
when adding a transitive package by @brettfo in #10305 - Fixes Dependabot-SharedHelpers-HelperSubprocessFailed by @sachin-sandhu in #10308
- fixing rebases not finding the existing pull request due to directory by @jakecoffman in #10320
- Fix
ArgumentError Malformed version number string
in github actions by @amazimbe in #10314 - retain
msbuild-sdks
property inglobal.json
when adding a transitive dependency by @brettfo in #10331 - Properly reject NuGet newline-only changes. by @brettfo in #10332
- v0.268.0 by @dependabot-core-action-automation in #10335
- Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10322
- Fix ArgumentError Malformed version number in github actions by @amazimbe in #10338
Full Changelog: v0.267.0...v0.268.0
v0.267.0
What's Changed
- Fix NuGet app/web.config assembly binding redirect updates by @rhyskoedijk in #10110
- Fix
ArgumentError
inoriginal_package_update_available?
whenlatest_version
isnil
by @kbukum1 in #10216 - use unique directory for temp nuget packages by @brettfo in #10243
- Adds filter for failed to replace env in config erros by @sachin-sandhu in #10237
- Upgrade Bundler to 2.5.16 and RubyGems to 3.5.16 by @deivid-rodriguez in #10246
- Fix security updates in Bundler subdependencies by @deivid-rodriguez in #10249
- report missing nuget files by @brettfo in #10247
- removing more of dependency_has_directory feature flag by @jakecoffman in #10252
- Use main smoke-tests repo again by @deivid-rodriguez in #10253
- Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-actions group by @dependabot in #10262
- support multi-part requirements by @brettfo in #10255
- Use
go
1.22
in CI by @jeffwidman in #10259 - analyze
global.json
anddotnet-tools.json
by @brettfo in #10269 - Centralize Yarn Error Handling for Yarn Update by @kbukum1 in #10257
- Use repository in project urls as a source by @amazimbe in #10268
- Handle Errors Coded with YN0035 Yarn Error Code by @kbukum1 in #10271
- fix incorrect usage of
add_handled_dependencies
by @jakecoffman in #10270 - Fixes URI::InvalidURIError issue while fetching metadata by @sachin-sandhu in #10256
- Adds relevant information to exception handling by @sachin-sandhu in #10284
- v0.267.0 by @dependabot-core-action-automation in #10283
New Contributors
- @rhyskoedijk made their first contribution in #10110
Full Changelog: v0.266.0...v0.267.0