v0.339.0

What's Changed

• v0.339.0 by @dependabot-core-action-automation[bot] in #13260

Full Changelog: v0.338.2...v0.339.0

v0.337.0

What's Changed

• Fixes a Passed 'nil' into T.must error in the Cargo file fetcher when workspace paths are exactly "*" by @thavaahariharangit in #13221
• Fix Python version defaulting to 3.9 (lowest available) instead of latest when no explicit version specified by @thavaahariharangit in #13215
• Enforce a stricter interface between serializer and dependency data gathering by @brrygrdn in #13209
• Add explicit dependency for maven on rexml by @pavera in #13229
• v0.337.0 by @dependabot-core-action-automation[bot] in #13239

Full Changelog: v0.336.0...v0.337.0

v0.336.0

What's Changed

• Skip the pattern Specificity calculator if there is no pattern set by @robaiken in #13180
• mark implicit packages as transitive by @brettfo in #13178
• add support for pnpm lockfile v9.0 mapping to pnpm v10 by @a-schur in #13088
• Bump tar-fs from 1.16.5 to 1.16.6 in /bun/helpers by @dependabot[bot] in #13182
• Updates terraform to 1.13.3 by @AurelieMerlo in #13156
• Add multi-directory support for UpdateGraphCommand by @brrygrdn in #13128
• Check previous version vulnerability after group update completion by @robaiken in #13203
• Fix npm invalid package manager specification error message by @AbhishekBhaskar in #13198
• Fix go mod invalid version error by @AbhishekBhaskar in #13200
• Attempting to fetch files for empty directories for graph jobs doesn't err by @Ahmed3lmallah in #13207
• Inject the file_parser and use its attributes, Add a prepare! hook by @brrygrdn in #13208
• v0.336.0 by @dependabot-core-action-automation[bot] in #13212

New Contributors

• @a-schur made their first contribution in #13088
• @AurelieMerlo made their first contribution in #13156
• @Ahmed3lmallah made their first contribution in #13207

Full Changelog: v0.335.0...v0.336.0

v0.335.0

What's Changed

• Update Sorbet and RuboCop by @JamieMagee in #13106
• Simplify Rubocop configuration by @JamieMagee in #13116
• Fix Sorbet error in NpmAndYarn::MetadataFinder by @JamieMagee in #13117
• Structure Dependabot::DependencyGrapher as an ecosystem component with generic fallback by @brrygrdn in #12998
• local dryrun testing instructions by @theztefan in #13120
• Dependency Graphing: Update job.correlator to use the relevant manifest path by @brrygrdn in #13123
• Fix Sorbet error in Helm file parser for numeric versions by @JamieMagee in #13118
• fix NilClass exception due to ecosystem not being set by @jakecoffman in #13124
• add basic graph e2e test by @jakecoffman in #13125
• added hyphen to fix mismatch by @alhss in #13126
• Enable Layout/FirstMethodArgumentLineBreak and Layout/MultilineMethodArgumentLineBreaks by @JamieMagee in #13119
• Enable Layout/FirstMethodParameterLineBreak and Layout/MultilineMethodParameterLineBreaks by @JamieMagee in #13129
• Enable Layout/EmptyLinesAroundAttributeAccessor by @JamieMagee in #13131
• Enable Layout/SpaceAroundMethodCallOperator by @JamieMagee in #13132
• Update uv ecosystem Dependabot configuration to ignore all major version upgrades by @yeikel in #12868
• Bump poetry from 2.1.1 to 2.2.0 in /python/helpers in the poetry group by @noorul in #12929
• Enable RuboCop Layout/RescueEnsureAlignment by @JamieMagee in #13145
• Automate regclient version upgrades by @yeikel in #12943
• Example of how to safely parse TOML using Sorbet T::Struct by @JamieMagee in #13139
• Disabling Conda's file fetcher by @robaiken in #13149
• Group regclient updates by @yeikel in #13151
• Bump the regclient group in /docker with 2 updates by @dependabot[bot] in #13153
• Fix go purl generation by @brrygrdn in #13144
• Update NameNormalizer to Sorbet strong by @JamieMagee in #13152
• Fix sentry errors by @AbhishekBhaskar in #13150
• fix rebase not working by @jakecoffman in #13161
• Update NEW_ECOSYSTEMS.md by @diofeher in #13162
• use pr-number in updater tests by @jakecoffman in #13163
• Add GitHub Package Registry support for Bundler ecosystem. by @thavaahariharangit in #13155
• Fix UV dependency detection for packages without version constraints. by @thavaahariharangit in #13160
• Add support for ARM architectures in Dockerfile.updater-core by @diofeher in #13167
• fix group rebases not working by @jakecoffman in #13168
• pass arguments directly instead of double-interpolating them by @brettfo in #13171
• Allow for missing go directive in go.mod by @JamieMagee in #13175
• v0.335.0 by @dependabot-core-action-automation[bot] in #13176

New Contributors

• @diofeher made their first contribution in #13162

Full Changelog: v0.334.0...v0.335.0

v0.334.0

What's Changed

• Force regenerate Sorbet gem RBIs by @JamieMagee in #13109
• Complete Sorbet strict typing of bundler by @JamieMagee in #13103
• Improve and update Sorbet shims by @JamieMagee in #13108
• PR number added to logs logic and test by @alhss in #13101
• Complete Sorbet strict typing of silent by @JamieMagee in #13112
• v0.334.0 by @dependabot-core-action-automation[bot] in #13115

New Contributors

• @alhss made their first contribution in #13101

Full Changelog: v0.333.0...v0.334.0

v0.333.0

What's Changed

• Prevent generic dependency groups from capturing dependencies already handled by more specific groups by @robaiken in #13044
• Clean up cooldown feature flags - enable cooldown by default for all ecosystems by @kbukum1 in #13046
• Upgrade webmock from 3.19.1 to 3.25.1 by @JamieMagee in #13040
• Remove unnecessary RuboCop Sorbet/StrictSigil exclusions by @JamieMagee in #13054
• Autocorrectable rubocop-sorbet fixes for future version by @JamieMagee in #13029
• Complete strict typing gradle ecosystem by @JamieMagee in #13053
• Remove unnecessary custom libyaml by @deivid-rodriguez in #13008
• Revert exclude paths refactoring logic by @AbhishekBhaskar in #13035
• Resolve Sorbet runtime error: convert Bundler::Version to String for conflicting_dependencies by @thavaahariharangit in #13062
• Complete Sorbet strict typing of python ecosystem by @JamieMagee in #13061
• Remove unnecessary RuboCop merge statements by @JamieMagee in #13064
• Remove remaining Sorbet TODOs by @JamieMagee in #13065
• Add exclusion logic in ecosystem file fetcher classes for exclude-paths by @AbhishekBhaskar in #13047
• Fix Helm UpdateChecker type safety issue with cross-package requirement validation by @thavaahariharangit in #13063
• Finish Sorbet strict types in uv by @JamieMagee in #13081
• Finish Sorbet strict types in bun by @JamieMagee in #13082
• Complete strict typing cargo ecosystem by @JamieMagee in #13083
• Only report discovery for projects in the repo by @brettfo in #13050
• update devcontainer to correct sdk version by @brettfo in #13059
• Fix Python MetadataFinder URL construction for private registries by @thavaahariharangit in #13085
• Mark specs with Sorbet false type sigil by @JamieMagee in #13099
• Complete strict typing hex ecosystem by @JamieMagee in #13093
• Complete Sorbet strict typing of updater by @JamieMagee in #13100
• Remove Sorbet StrictSigil exclusions for hex by @JamieMagee in #13102
• Use a unique label for unknown graphing errors by @brrygrdn in #13096
• [Experiment] Cleanup graphing experiment within the update_files_command by @brrygrdn in #13089
• Add pattern scoring to group engine by @robaiken in #13098
• Link to new ecosystems guide in CONTRIBUTING.md by @robaiken in #13097
• Ignore conda specs in Sorbet configuration by @JamieMagee in #13105
• Enable Sorbet/ForbidTUnsafe cop from rubocop-sorbet by @JamieMagee in #13107
• v0.333.0 by @dependabot-core-action-automation[bot] in #13104

Full Changelog: v0.332.0...v0.333.0

v0.332.0

What's Changed

• [Experiment] Simplify the building of Dependency Submission payloads to align with static parsers by @brrygrdn in #12990
• improve tag name extractor by @brettfo in #13018
• [Experiment][Cleanup] Remove per-file dependency list logic from Bundler, Go and NPM by @brrygrdn in #12997
• Do not run Scorecard analysis from forks by @yeikel in #13006
• Only run group updates when running multi ecosystem updates by @robaiken in #13005
• Removing exclude_paths from dry-run by @robaiken in #13028
• Bump Sorbet from 0.5.11952 to 0.5.12414 by @JamieMagee in #12862
• Prefer Azure mirror for Ubuntu by @yeikel in #13023
• Upgrade git and git-lfs by @yeikel in #13022
• Conda security update delegation logic fix to address security update failures by @theztefan in #13026
• v0.332.0 by @dependabot-core-action-automation[bot] in #13060

Full Changelog: v0.331.0...v0.332.0

v0.331.0

What's Changed

• Do not run the gems-bump-version workflow from forks by @yeikel in #12935
• More descriptive error message for tag <tag> does not exist by @Nishnha in #12984
• Clarify error message by @jeffwidman in #12985
• Add support for vcpkg dependency constraints by @JamieMagee in #12872
• Add ecosystem metadata metrics support to Conda FileParser by @Copilot in #12978
• removing timestamp which makes it harder to smoke test by @jakecoffman in #13004
• Match release stability for dated Rust toolchain releases by @JamieMagee in #12986
• Update exclude-paths feature implementation approach by @AbhishekBhaskar in #12966
• always restore packages.config before attempting update by @brettfo in #13010
• v0.331.0 by @dependabot-core-action-automation[bot] in #13015

Full Changelog: v0.330.0...v0.331.0

v0.330.0

What's Changed

• add missing test case by @brettfo in #12776
• add end-to-end test for updating json files by @brettfo in #12963
• Fix git rewrite rules: configure SSH-to-HTTPS rewriting when credentials handled by proxy by @kbukum1 in #12971
• Bump brace-expansion in /bun/helpers by @dependabot[bot] in #12964
• Bump regclient to 0.9.1 by @yeikel in #12937
• Read maven-dependency-plugin version dynamically+ enable dependabot for maven helpers by @yeikel in #12717
• Fix KeyError in git credential configuration when host is missing by @kbukum1 in #12973
• Add early branch validation with helpful error messages for target-branch configurations by @Copilot in #12924
• Add GroupDependencySelector integration to CreateGroupUpdatePullRequest by @robaiken in #12968
• Adding GroupDependencySelector filter to refresh group pull request by @robaiken in #12969
• Add support for goproxy_server and go.env files by @jurre in #12747
• Consider the title of the issue while labeling by @yeikel in #12954
• Do not run the stalebot from forks by @yeikel in #12936
• Fix multi-directory processing to skip directories without required files by @Copilot in #12922
• v0.329.0 by @dependabot-core-action-automation[bot] in #12980
• v0.330.0 by @dependabot-core-action-automation[bot] in #12983

Full Changelog: v0.328.0...v0.330.0

v0.328.0

What's Changed

• Enable GitHub Copilot coding agent with instructions and environment setup by @markhallen in #12949
• Removes feature flag from cooldown metadata collection by @sachin-sandhu in #12955
• [Experiment] First pass of npm support for the dependency submission workflow by @brrygrdn in #12893
• Fix issues with multi-version dependency changes when refreshing security update PRs by @jasonpaulos in #12897
• Include old version number whenever possible by @brettfo in #12962
• Add type safety in UV ecosystem FileFetcher by @Copilot in #12952
• Updating registry finder priority by @thavaahariharangit in #12958
• Reset smoke test branch by @brettfo in #12967
• Add GroupDependencySelector from per-directory merge logic by @markhallen in #12911
• v0.328.0 by @dependabot-core-action-automation[bot] in #12965

New Contributors

• @Copilot made their first contribution in #12952

Full Changelog: v0.327.0...v0.328.0