dependabot/dependabot-core v0.240.0

on GitHub

What's Changed

• bump Cargo from 1.69.0 to 1.75.0 by @jakecoffman in #8686
• Bump Bundler to 2.5 by @deivid-rodriguez in #8619
• Move sorbet setup from omnibus to root by @deivid-rodriguez in #8670
• Fix building development image & running dry-run.rb script by @deivid-rodriguez in #8694
• Add fingerprint to dynamic git commands by @deivid-rodriguez in #8495
• Fix missing stackprof preventing dry-run.rb script from running by @deivid-rodriguez in #8696
• Dependabot should keep Cargo up to date by @jakecoffman in #8699
• create azure nuget package urls directly from endpoint types by @brettfo in #8703
• fix unsupported Go modules preventing updates by @jakecoffman in #8702
• Check if RBIs are up-to-date by @JamieMagee in #8704
• Make sure tests use the same gem versions we use in production by @deivid-rodriguez in #8138
• Improve root gemfile handling by @deivid-rodriguez in #8712
• Only create PRs for dependencies in the sorbet group by @deivid-rodriguez in #8718
• Handle missing files by @ryanbrandenburg in #8661
• properly locate nuget.config when it's further up-directory from a project by @brettfo in #8722
• Support Python 3.12 by @deivid-rodriguez in #8732
• Improve corepack setup by @deivid-rodriguez in #7134
• Raise a proper error when package-json.lock is not parseable by @deivid-rodriguez in #8743
• Ignore packageManager field in package.json when unparseable by @deivid-rodriguez in #8744
• Fallback to npm 6 when lockfileVersion is not parseable as an integer by @deivid-rodriguez in #8745
• NuGet efficiency by @ryanbrandenburg in #8679
• Fix broken nuget CI by @deivid-rodriguez in #8752
• Detect version constraint violations in NuGet by @ryanbrandenburg in #8624
• Test that file_parser reads .proj files by @ryanbrandenburg in #8746
• Handle unexpected kub image shapes by @ryanbrandenburg in #8750
• Strong type Dependabot::PullRequestCreator by @JamieMagee in #8729
• Strong type Dependabot::PullRequestUpdater by @JamieMagee in #8730
• Strong type Dependabot::RegistryClient by @JamieMagee in #8736
• Strong type Dependabot::Config::FileFetcher by @JamieMagee in #8737
• patch user-level NuGet.Config before invoking dotnet/nuget tools by @brettfo in #8748
• Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /go_modules by @rcrowe in #8757
• directory is the job directory by @jakecoffman in #8762
• Remove unnecessary gitignore rules by @deivid-rodriguez in #8761
• Strong type Dependabot::Version by @JamieMagee in #8727
• Strict type Dependabot::PullRequestCreator::Labeler by @JamieMagee in #8758
• Added Ruby 3.3.0 to RubyRequirementSetter version requirements by @schinery in #8754
• add NuGet maintainers to CODEOWNERS by @jakecoffman in #8764
• Update CODEOWNERS by @jakecoffman in #8771
• Strong type Dependabot::BranchNamer::DependencyGroupStrategy by @JamieMagee in #8770
• Fix bin/bump-version.rb script to also handle root lockfile by @deivid-rodriguez in #8776
• defensive programming around missing dependency files during an update by @jakecoffman in #8765
• Add missing file to version bump PR by @deivid-rodriguez in #8779
• raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in #8782
• v0.240.0 by @dependabot-core-action-automation in #8781

New Contributors

• @rcrowe made their first contribution in #8757

Full Changelog: v0.239.0...v0.240.0