v0.276.0

v0.276.0 (#10633)

Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.276.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

v0.275.0

What's Changed

• Fix showing bundler v1 deprecation warnings in PR message and logs by @kbukum1 in #10554
• Dynamic version selector for Npm and Yarn by @sachin-sandhu in #10510
• Implement maven version specification by @amazimbe in #10524
• Support retrieving workspace of path dependencies in cargo by @Jefffrey in #10550
• adds exception handlers and test cases by @sachin-sandhu in #10570
• Fix argument null exception when updating assembly references with no public key token by @rhyskoedijk in #10568
• Fixes Dependabot::Updater::SubprocessFailed issues by @sachin-sandhu in #10555
• Update CONTRIBUTING.md by @jonjanego in #10577
• Add direct link to the docs for package manager versions by @jeffwidman in #10590
• v0.275.0 by @dependabot-core-action-automation in #10591

Full Changelog: v0.274.0...v0.275.0

v0.274.0

What's Changed

• Revert "rework reporting of dependencies and requirements to better handle transitive dependencies" by @brettfo in #10472
• Error handlers for Dependabot::SharedHelpers::HelperSubprocessFailed PNPM errors by @sachin-sandhu in #10483
• Bump jason from 1.4.3 to 1.4.4 in /hex/helpers by @dependabot in #10364
• Bump rexml from 3.3.1 to 3.3.6 in /updater by @dependabot in #10488
• chore(python): target latest python 3.12.5 version by @Greesb in #10470
• Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #10479
• Fixes unhandled couldn't find any versions for package exception by @sachin-sandhu in #10491
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed related issues by @sachin-sandhu in #10494
• Implement Logging for Bundler v1 Deprecation Warnings by @kbukum1 in #10466
• Adds handler for YARN :: YN0xx errors by @sachin-sandhu in #10505
• Fixes NPM unhandled exceptions in Dependabot::SharedHelpers::HelperSubprocessFailed by @sachin-sandhu in #10506
• Support for pub workspaces by @sigurdm in #10445
• Error handler for Dependabot::Updater::SubprocessFailed: Subprocess issues by @sachin-sandhu in #10512
• v0.273.0 by @dependabot-core-action-automation in #10514
• Fixes Yarn Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10526
• Mount .rubocop_todo.yml to enable successful rubocop execution by @Jefffrey in #10544
• Sending Bundler v1 Deprecation Warning Alert by @kbukum1 in #10485
• Avoid using existing branches by @Nishnha in #10519
• v0.274.0 by @dependabot-core-action-automation in #10551

New Contributors

• @Greesb made their first contribution in #10470
• @Jefffrey made their first contribution in #10544

Full Changelog: v0.272.0...v0.274.0

v0.273.0

What's Changed

• Revert "rework reporting of dependencies and requirements to better handle transitive dependencies" by @brettfo in #10472
• Error handlers for Dependabot::SharedHelpers::HelperSubprocessFailed PNPM errors by @sachin-sandhu in #10483
• Bump jason from 1.4.3 to 1.4.4 in /hex/helpers by @dependabot in #10364
• Bump rexml from 3.3.1 to 3.3.6 in /updater by @dependabot in #10488
• chore(python): target latest python 3.12.5 version by @Greesb in #10470
• Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot in #10479
• Fixes unhandled couldn't find any versions for package exception by @sachin-sandhu in #10491
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed related issues by @sachin-sandhu in #10494
• Implement Logging for Bundler v1 Deprecation Warnings by @kbukum1 in #10466
• Adds handler for YARN :: YN0xx errors by @sachin-sandhu in #10505
• Fixes NPM unhandled exceptions in Dependabot::SharedHelpers::HelperSubprocessFailed by @sachin-sandhu in #10506
• Support for pub workspaces by @sigurdm in #10445
• Error handler for Dependabot::Updater::SubprocessFailed: Subprocess issues by @sachin-sandhu in #10512

New Contributors

• @Greesb made their first contribution in #10470

Full Changelog: v0.272.0...v0.273.0

v0.272.0

What's Changed

• Adds outofDisk exception handler for updater by @sachin-sandhu in #10444
• Fixes illformed requirement error propagation to unknown errors by @sachin-sandhu in #10448
• Add Bundler v1 Deprecation Warning by @kbukum1 in #10421
• Reformatted Deprecation and Error Messages for Bundler v1 Support by @kbukum1 in #10450
• only discover dependencies from known project types by @brettfo in #10451
• Fixes Yarn Dependabot::Updater::SubprocessFailed issues by @sachin-sandhu in #10456
• fix handling of NuGet transitive dependencies by @brettfo in #10449
• Revert Changes to updated_files_regex method with latest regex from the API by @honeyankit in #10457
• Add semver 2 versioning in dependabot common by @amazimbe in #10434
• Fix : Dependabot::DependabotError: [YN0001] issues by @sachin-sandhu in #10473
• v0.272.0 by @dependabot-core-action-automation in #10476

Full Changelog: v0.271.0...v0.272.0

v0.271.0

v0.271.0 (#10443)

Release notes: https://github.com/dependabot/dependabot-core/releases/tag/v0.271.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

v0.270.0

What's Changed

• Fixes RuntimeError-No package.json issue by @sachin-sandhu in #10392
• Update issue-labeler.yml by @jonjanego in #10397
• Fixes ERR_PNPM_FETCH-HelperSubprocessFailed by @sachin-sandhu in #10398
• Fix failing tests in the python ecosystem by @amazimbe in #10386
• Guard against possible nil before the actual nil inevitably stops execution by @sato11 in #10396
• Fixes Dependabot::ToolVersionNotSupported issues by @sachin-sandhu in #10390
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - ERR_PNPM_UNSUPPORTED_ENGINE by @sachin-sandhu in #10419
• update nuget/Dockerfile, dotnet_sdk_version is now 8.0.303 by @Tripletri in #10370
• feature-intern-ResolveDependencyConflictsNew to main by @NadiamB in #10343
• lower API rate usage by enabling git-powered comparison by @jakecoffman in #10429
• Fixes issues related with err_pnpm_patch_not_applied and err_pnpm_tarball_integrity errors by @sachin-sandhu in #10430
• type existing prs in the job definition by @jakecoffman in #10432
• Added Missing Regex for Allowlist Dependency Files by @honeyankit in #10389
• Revert Smoke Test Branch to Dependabot-Core Main by @kbukum1 in #10437
• v0.269.0 by @dependabot-core-action-automation in #10391
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - err_pnpm_unsupported_platform error code by @sachin-sandhu in #10436
• v0.270.0 by @dependabot-core-action-automation in #10439

New Contributors

• @sato11 made their first contribution in #10396
• @Tripletri made their first contribution in #10370
• @NadiamB made their first contribution in #10343

Full Changelog: v0.269.0...v0.270.0

v0.269.0

What's Changed

• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed issues by @sachin-sandhu in #10349
• add directory to existing PR checks, updating tests by @jakecoffman in #10325
• Add Spec Tests for CreateSecurityUpdatePullRequest by @kbukum1 in #10344
• Report transitive dependency vulnerability errors for npm, yarn, and pnpm by @kbukum1 in #10282
• don't waste quota on main since branch was up-to-date by @jakecoffman in #10352
• fix "no groups" exception, run more jobs through GroupUpdateAllVersions by @jakecoffman in #10348
• Strict type Dependabot::Updater.Operations::RefreshSecurityUpdatePullRequest by @kbukum1 in #10334
• allow for wildcards in version requirements by @brettfo in #10353
• report no new version if a given package doesn't exist on any feed by @brettfo in #10354
• convert test to not require the network by @brettfo in #10355
• Add Error Handling for YN0082 in YarnErrorHandler by @kbukum1 in #10374
• Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10378
• Fixes logger location for Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10380
• Fixes JSON::ParserError: unexpected token issue by @sachin-sandhu in #10381
• NPM: fix security update for indirect and direct dependencies by @jakecoffman in #10371

Full Changelog: v0.268.0...v0.269.0

v0.268.0

What's Changed

• Adds exception handling for override failure errors by @sachin-sandhu in #10290
• Fixes Dependabot::SharedHelpers::HelperSubprocessFailed - nested aliases not supported by @sachin-sandhu in #10292
• Small typo by @yeikel in #10295
• add Dependency::directory to the PR payload by @jakecoffman in #10195
• Strict type Dependabot::Updater.Operations::CreateSecurityUpdatePullRequest by @kbukum1 in #10302
• Strict type Dependabot::Terraform::UpdateChecker by @JamieMagee in #10278
• temporarily sideline global.json when adding a transitive package by @brettfo in #10305
• Fixes Dependabot-SharedHelpers-HelperSubprocessFailed by @sachin-sandhu in #10308
• fixing rebases not finding the existing pull request due to directory by @jakecoffman in #10320
• Fix ArgumentError Malformed version number string in github actions by @amazimbe in #10314
• retain msbuild-sdks property in global.json when adding a transitive dependency by @brettfo in #10331
• Properly reject NuGet newline-only changes. by @brettfo in #10332
• v0.268.0 by @dependabot-core-action-automation in #10335
• Fixes issues related with Dependabot::NpmAndYarn::UpdateChecker::LatestVersionFinder::RegistryError by @sachin-sandhu in #10322
• Fix ArgumentError Malformed version number in github actions by @amazimbe in #10338

Full Changelog: v0.267.0...v0.268.0

v0.267.0

What's Changed

• Fix NuGet app/web.config assembly binding redirect updates by @rhyskoedijk in #10110
• Fix ArgumentError in original_package_update_available? when latest_version is nil by @kbukum1 in #10216
• use unique directory for temp nuget packages by @brettfo in #10243
• Adds filter for failed to replace env in config erros by @sachin-sandhu in #10237
• Upgrade Bundler to 2.5.16 and RubyGems to 3.5.16 by @deivid-rodriguez in #10246
• Fix security updates in Bundler subdependencies by @deivid-rodriguez in #10249
• report missing nuget files by @brettfo in #10247
• removing more of dependency_has_directory feature flag by @jakecoffman in #10252
• Use main smoke-tests repo again by @deivid-rodriguez in #10253
• Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-actions group by @dependabot in #10262
• support multi-part requirements by @brettfo in #10255
• Use go 1.22 in CI by @jeffwidman in #10259
• analyze global.json and dotnet-tools.json by @brettfo in #10269
• Centralize Yarn Error Handling for Yarn Update by @kbukum1 in #10257
• Use repository in project urls as a source by @amazimbe in #10268
• Handle Errors Coded with YN0035 Yarn Error Code by @kbukum1 in #10271
• fix incorrect usage of add_handled_dependencies by @jakecoffman in #10270
• Fixes URI::InvalidURIError issue while fetching metadata by @sachin-sandhu in #10256
• Adds relevant information to exception handling by @sachin-sandhu in #10284
• v0.267.0 by @dependabot-core-action-automation in #10283

New Contributors

• @rhyskoedijk made their first contribution in #10110

Full Changelog: v0.266.0...v0.267.0