github dependabot/dependabot-core v0.364.0
on GitHub

6 hours ago

What's Changed

  • Fix flaky Composer UpdateChecker test: mock VersionResolver instead of stubbing PHP subprocess HTTP calls by @Copilot in #14266
  • feat: Add PR message formatting for dependency-name groups by @markhallen in #14289
  • refactor: Remove group_by_dependency_name feature flag by @markhallen in #14292
  • Add uv dependency grapher by @Nishnha in #14295
  • Bump octokit from 7.2.0 to 10.0.0 in /updater by @dependabot[bot] in #14241
  • Bump sentry-ruby from 5.23.0 to 5.28.1 in /updater by @dependabot[bot] in #14242
  • Bump gitlab from 5.1.0 to 6.1.0 in /updater by @dependabot[bot] in #14240
  • Bump sentry-opentelemetry and sentry-ruby in /updater by @dependabot[bot] in #14308
  • Bump terminal-table from 3.0.2 to 4.0.0 in /updater by @dependabot[bot] in #14239
  • Bump the dev-dependencies group across 2 directories with 1 update by @dependabot[bot] in #14311
  • Bump the prod-dependencies group across 2 directories with 4 updates by @dependabot[bot] in #14310
  • Bump minimatch from 3.0.4 to 3.1.5 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #14305
  • Bump minimatch from 3.1.2 to 3.1.5 in /bun/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #14287
  • Bump lodash from 4.17.21 to 4.17.23 in /bun/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #14017
  • Bump lodash from 4.17.21 to 4.17.23 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #13993
  • Bump minimatch from 3.1.2 to 3.1.5 in /npm_and_yarn/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #14303
  • Bump minimatch from 3.1.2 to 3.1.5 in /bun/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #14299
  • Bump lodash from 4.17.21 to 4.17.23 in /bun/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #13996
  • Bump lodash from 4.17.21 to 4.17.23 in /npm_and_yarn/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #13995
  • Bump Microsoft.Web.Xdt from 3.2.0 to 3.2.3 by @dependabot[bot] in #14252
  • Bump the all-actions group with 3 updates by @dependabot[bot] in #14316
  • Bump System.CommandLine from 2.0.0-beta6.25358.103 to 2.0.3 by @dependabot[bot] in #14319
  • Bump regclient/regctl from v0.11.1 to v0.11.2 in /docker in the regclient group by @dependabot[bot] in #14317
  • Bump Microsoft.Build.Tasks.Core and Microsoft.Build.Utilities.Core by @dependabot[bot] in #14187
  • Bump dotnet-sdk from 9.0.302 to 9.0.303 in /nuget/helpers/lib/NuGetUpdater by @dependabot[bot] in #12666
  • Bump Newtonsoft.Json from 13.0.3 to 13.0.4 by @dependabot[bot] in #14253
  • Bump minimatch in /bun/helpers by @dependabot[bot] in #14312
  • Bump minimatch in /npm_and_yarn/helpers by @dependabot[bot] in #14304
  • Update Composer to the latest 2.9 version (2.9.5) by @T2L in #14267
  • Bump library/rust from 1.93.0-bookworm to 1.93.1-bookworm in /cargo by @dependabot[bot] in #14177
  • Bump library/golang from 1.25.7-bookworm to 1.26.0-bookworm in /go_modules by @dependabot[bot] in #14179
  • Bump ajv from 6.12.6 to 6.14.0 in /npm_and_yarn/helpers by @dependabot[bot] in #14244
  • Bump ajv from 6.12.6 to 6.14.0 in /bun/helpers by @dependabot[bot] in #14245
  • Bump golang.org/x/mod from 0.27.0 to 0.33.0 in /go_modules/helpers by @dependabot[bot] in #14178
  • Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 in /maven/lib/dependabot/maven by @dependabot[bot] in #13233
  • Bump prettier from 3.7.4 to 3.8.1 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot[bot] in #14180
  • Bump the dev-dependencies group across 1 directory with 2 updates by @dependabot[bot] in #14315
  • Bump js-yaml from 3.14.1 to 3.14.2 in /npm_and_yarn/helpers by @dependabot[bot] in #13613
  • Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot[bot] in #10361
  • Update ESLint configuration file to new format by @bohdanhusak in #13785
  • Bump eslint from 9.39.1 to 10.0.0 in /npm_and_yarn/helpers by @dependabot[bot] in #14182
  • Bump pip-tools from 7.4.1 to 7.5.0 in /python/helpers in the pip-tools group by @dependabot[bot] in #12770
  • Bump gradle from 8.14.3-jdk21-ubi-minimal to 9.0.0-jdk21-ubi-minimal in /gradle by @dependabot[bot] in #13971
  • Bump globals from 16.5.0 to 17.4.0 in /npm_and_yarn/helpers by @dependabot[bot] in #14325
  • Fetch pre-commit additional dependencies language field from hook source repository by @AbhishekBhaskar in #14300
  • fix(npm_and_yarn): avoid group refresh NoChangeError for non-pnpm support-file updates by @thavaahariharangit in #14331
  • Set smoke test max parallelism to 10 by @JamieMagee in #14307
  • Bump System.ComponentModel.Composition from 9.0.7 to 10.0.3 by @dependabot[bot] in #14326
  • fix(go_modules): normalize Azure DevOps module paths to include /_git/ by @thavaahariharangit in #14302
  • Bump System.Threading.Tasks.Dataflow from 9.0.13 to 10.0.3 by @dependabot[bot] in #14329
  • Bump System.Security.Cryptography.Pkcs from 9.0.7 to 10.0.3 by @dependabot[bot] in #14327
  • Fix GitHub Actions SHA-pinned refs being downgraded when mixed with tag refs by @jurre in #14349
  • Fix ignore option for gitsubmodule by @etan-status in #14352
  • cargo: Bypass Cargo credential providers, rely on proxy for registry auth by @jeffwidman in #14340
  • bundler: use replaces_base credential for gemspec-only deps by @jeffwidman in #14348
  • Bump NuGet.Client submodule from release-6.12.x to release-6.14.x by @JamieMagee in #14343
  • nuget: switch NuGetUpdater target framework to net10.0 by @JamieMagee in #14345
  • Disable scheduled CI workflow in forks by @martincostello in #14314
  • Remove beta ecosystems feature flag for pre-commit by @AbhishekBhaskar in #14341
  • Enhance Docker update checker to handle non-semver tags by @jpinz in #14337
  • Remove enable_shared_helpers_command_timeout feature flag by @Copilot in #14125
  • cargo: strip credential-provider from .cargo/config.toml via TOML parsing by @jeffwidman in #14359
  • Remove enable_record_ecosystem_meta feature flag by @Copilot in #14353
  • feat: Extend Swift FileFetcher for Xcode-managed SwiftPM (.xcodeproj) support by @markhallen in #14332
  • v0.364.0 by @dependabot-core-action-automation[bot] in #14366

New Contributors

Full Changelog: v0.363.0...v0.364.0

Check out latest releases or
releases around dependabot/dependabot-core v0.364.0

Don't miss a new dependabot-core release

NewReleases is sending notifications on new releases.

Get notifications