Releases: dependabot/dependabot-core
Releases · dependabot/dependabot-core
v0.287.0
What's Changed
- Update .NET SDKs by @martincostello in #10752
- Remove Composer v1 Code and Related Feature Flags by @sachin-sandhu in #10934
- Add support for centralized package manager & language abstraction fo… by @amazimbe in #10929
- only report a package as existing if the actual
.nupkg
can be downloaded by @brettfo in #10939 - make NuGet tests more stable by @brettfo in #10931
- Handle semicolons in packageReferences by @sebasgomez238 in #10909
- Ensure Corepack Usage for npm, pnpm, and yarn Command Execution by @kbukum1 in #10944
- Update hcl2json to version
0.6.4
by @Zawadidone in #10952 - [pub] Fix update fails when project contains dependency from Dart SDK by @chika3742 in #10947
- still allow package analysis to continue even if metadata isn't valid by @brettfo in #10956
- Make DiscoveryWorker project path check case insensitive by @sebasgomez238 in #10958
- Adds conditional for no pull request for existing branch by @sachin-sandhu in #10963
- v0.287.0 by @dependabot-core-action-automation in #10965
New Contributors
- @Zawadidone made their first contribution in #10952
- @chika3742 made their first contribution in #10947
Full Changelog: v0.286.0...v0.287.0
v0.286.0
What's Changed
- manage C#-only experiments with
ExperimentsManager
by @brettfo in #10868 - create interfaces for workers to make testing more direct by @brettfo in #10910
- clean up warnings from NuGet.Client submodule by @brettfo in #10911
- Adding support for build-system.requires in pyproject.toml by @gopidesupavan in #10899
- improve packages directory detection by @brettfo in #10912
- Send Ecosystem Metrics to Dependabot-API on Update Job Completion by @kbukum1 in #10905
- Add Ruby Language Requirement Collection for Bundler Ecosystem Metrics by @kbukum1 in #10932
- Fix bug related to empty package manager name in npm_and_yarn package manager by @kbukum1 in #10936
- v0.286.0 by @dependabot-core-action-automation in #10933
New Contributors
- @gopidesupavan made their first contribution in #10899
Full Changelog: v0.285.0...v0.286.0
v0.285.0
What's Changed
- Add support for centralized package manager abstraction for
npm_and_yarn
ecosystem by @kbukum1 in #10862 - Expand Centralized Ecosystem Format with Language Version Information for Bundler by @kbukum1 in #10867
- Check for packages.config in pure C# updater. by @sebasgomez238 in #10858
- Expand Centralized Ecosystem Format with Requirements Information for Bundler Package Manager by @kbukum1 in #10897
- Adds additional logs for Github PR creator by @sachin-sandhu in #10907
- v0.285.0 by @dependabot-core-action-automation in #10906
Full Changelog: v0.284.0...v0.285.0
v0.284.0
What's Changed
- do case-insensitive comparison for
lead_security_dependency
experiment by @brettfo in #10861 - restrict when we add binding redirects by @brettfo in #10833
- add explicit
clone
command for NuGet updater by @brettfo in #10864 - Bump
sorbet
andtapioca
versions by @JamieMagee in #10875 - Centralizing Eco-System, and Package Manager Version Information by @kbukum1 in #10826
source_url
inMaven::UpdaterChecker::RequirementsUpdater
can benil
by @JamieMagee in #10876- Convert match from
MatchData
to string before creating Python version by @JamieMagee in #10877 - Bump rexml from 3.3.8 to 3.3.9 in /updater by @dependabot in #10860
- Initial
dotnet_sdk
updater by @JamieMagee in #10756 - Docker Registry Upgrade by @lewis-strong in #10855
- Bump the all-actions group across 1 directory with 6 updates by @dependabot in #10879
- Introduce feature flag to raise exception on same branch exists by @sachin-sandhu in #10878
- Bump eslint from 9.13.0 to 9.14.0 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot in #10887
- v0.284.0 by @dependabot-core-action-automation in #10894
New Contributors
- @lewis-strong made their first contribution in #10855
Full Changelog: v0.283.0...v0.284.0
v0.283.0
What's Changed
- Add semver ignore-condition range code into python version by @amazimbe in #10844
- Bump eslint from 9.12.0 to 9.13.0 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot in #10819
- v0.283.0 by @dependabot-core-action-automation in #10869
Full Changelog: v0.282.0...v0.283.0
v0.282.0
What's Changed
- enable updating transitive dependencies with solver by @brettfo in #10776
- Check csproj files for adjacent packages.config. by @sebasgomez238 in #10803
- Bump the all-actions group across 1 directory with 9 updates by @dependabot in #10811
- Update Swift Dockerfile to use Swift 6.0.1 by @tonyarnold in #10666
- Bump the dev-dependencies group across 1 directory with 5 updates by @dependabot in #10809
- Bump the dev-dependencies group across 1 directory with 2 updates by @dependabot in #10740
- Rename SdkPackageUpdater => PackageReferenceUpdater, for clarity by @rhyskoedijk in #10788
- Bump library/rust from 1.79.0-bookworm to 1.82.0-bookworm in /cargo by @dependabot in #10822
- Upgrade
Nuget.Client
from6.11.1.2
to6.12.0.127
by @JamieMagee in #10814 - report unix-friendly packages path by @brettfo in #10815
- split artifacts on OS by @brettfo in #10816
- Update python patch versions by @Javier-Borreguero in #10742
- fix(dotnet): Ensure that packages can be updated when referencing .NET workloads by @jeromelaban in #10649
- Add lowest_prerelease_suffix method by @amazimbe in #10832
- Remove python_new_version feature flag and irrelevant code by @amazimbe in #10797
- Remove replacement of plus with dot in python latest version by @amazimbe in #10838
- Adds telemetry collection logs for existing branches information by @sachin-sandhu in #10840
- v0.282.0 by @dependabot-core-action-automation in #10839
New Contributors
- @tonyarnold made their first contribution in #10666
- @Javier-Borreguero made their first contribution in #10742
- @jeromelaban made their first contribution in #10649
Full Changelog: v0.281.0...v0.282.0
v0.281.0
What's Changed
- Update python version regex and fix version ordering by @amazimbe in #10613
- Update Specs for NPM 8 as Default and Fallback Version by @kbukum1 in #10765
- allow for various xml formatting when finding runtime config file by @brettfo in #10779
- update allowed files regex by @brettfo in #10774
- handle all errors during an update job by @brettfo in #10762
- create separate loggers to make test output easier to read by @brettfo in #10748
- Fix nuget ecosystem arm build by @andrcuns in #10693
- Add sorbet typing to maven requirements updater by @amazimbe in #10778
- Update pnpm Specs with Public Git Dependency for Private Testing by @kbukum1 in #10786
- raise when an unsupported package manager version is present by @jakecoffman in #10794
- fix rebase creating PR for wrong dependency by @sachin-sandhu in #10727
- Bump the npm-dependencies group across 1 directory with 3 updates by @dependabot in #10741
- Remove Bundler v1 Deprecation and Unsupported Feature Flags and Deactivate Bundler v1 CI Tests by @kbukum1 in #10796
- Remove Bundler v1 Code by @kbukum1 in #10793
- Adds additional log for wrong dependency rebase (dependency_changed) issue by @sachin-sandhu in #10804
- Fix dependency tag filtering to use exact prefix matching by @robaiken in #10799
- v0.281.0 by @dependabot-core-action-automation in #10805
Full Changelog: v0.280.0...v0.281.0
v0.280.0
What's Changed
- Make Dependabot tolerate new "ref not found" error message from Cargo 1.80+ by @RobJellinghaus in #10719
- Add package_manager for Composer v1 deprecation warning and unsupported error by @kbukum1 in #10716
- Fix Sorbet typings for Composer file_parser and helper by @kbukum1 in #10732
- Upgrade
NuGet.Client
from6.10.0.100
to6.11.1.2
by @JamieMagee in #10718 - report specific error when project cannot be restored by @brettfo in #10720
- Sorbet support arm64 macOS natively by @JamieMagee in #10662
- Strict type
Dependabot::NpmAndYarn::FileUpdater
by @JamieMagee in #10651 - Strict type
Dependabot::Terraform::FileUpdater
by @JamieMagee in #10644 - Update NPM Default and Fallback Versions to NPM 8 by @kbukum1 in #10757
- Fix typo by @martincostello in #10723
- Patch: Enforce npm 8 for Lockfile Version 2+ by @kbukum1 in #10761
- Fixes : exception handling for client and server codes (4xx, 5xx) by @sachin-sandhu in #10770
- v0.280.0 by @dependabot-core-action-automation in #10767
New Contributors
- @RobJellinghaus made their first contribution in #10719
Full Changelog: v0.279.0...v0.280.0
v0.279.0
What's Changed
- raise specific error when no update was possible by @brettfo in #10685
- Python Dependabot::SharedHelpers::HelperSubprocessFailed issues fixes by @sachin-sandhu in #10686
- update package to fix bug in XML reader by @brettfo in #10687
- Upgrade
opentelemetry
related gems by @JamieMagee in #10690 - use new nuget dependency solver by default by @brettfo in #10671
- Add OpenTelemetry metrics by @JamieMagee in #10691
- escape all required characters in nuget source names by @brettfo in #10702
- Make sure process parameters are correctly quoted by @ffried in #10676
- rearrange NuGet error handling to one location in full runner by @brettfo in #10692
- only escape repo urls if necessary by @brettfo in #10710
- Support .NET 9 by @martincostello in #10593
- allow empty version after comma in a requirement by @brettfo in #10713
- Cleans up feature flag for dynamic version selector by @sachin-sandhu in #10706
- Revert "Revert "Use new implementation of Maven version standard"" by @amazimbe in #10704
- v0.279.0 by @dependabot-core-action-automation in #10721
New Contributors
Full Changelog: v0.278.0...v0.279.0
v0.278.0
What's Changed
- Fixes exception handler for file_not_parseable under file_updater and fixes error handler for package not found error by @sachin-sandhu in #10619
- Support NuGet lockfiles (Updated) by @na1307 in #9678
- add end-to-end C# update runner by @brettfo in #10521
- v0.278.0 by @dependabot-core-action-automation in #10673
Full Changelog: v0.277.0...v0.278.0