github dependabot/dependabot-core v0.371.0
on GitHub

5 hours ago

What's Changed

  • Add test coverage for Poetry non-package mode (package-mode = false) by @markhallen in #14731
  • Extract Maven repo interaction logic for JVM ecosystems reuse by @AbhishekBhaskar in #14721
  • uv: Use env vars for index auth when URL matches pyproject.toml by @thavaahariharangit in #14744
  • Keep pinned git references by @robaiken in #14729
  • fix(github_actions): apply cooldown to ref rewrites by @shaanmajid in #14734
  • feat: Populate PoetryPackageManager version metadata by @markhallen in #14745
  • fix: Guard against nil dependencies in Poetry group sections by @markhallen in #14751
  • Fix TypeError on VCS repository credentials missing registry field in Composer by @Copilot in #14732
  • Fix Python libraries misclassification regression due to PR 14709 by @AbhishekBhaskar in #14747
  • Extract Maven metadata lookup logic into shared metadata finder for ecosystem reuse by @AbhishekBhaskar in #14756
  • cargo: Fix duplicate Cargo.lock entries for feature-gated git dependencies by @jurre in #14725
  • Poetry v2 feature tests by @robaiken in #14771
  • test: Add end-to-end security update tests for Poetry v2 PEP 621 projects by @markhallen in #14773
  • Refactor Maven shared version finder for SBT and Gradle ecosystem reuse by @AbhishekBhaskar in #14774
  • percent-encode npm releaser names in Maintainer changes section by @v-HaripriyaC in #14638
  • Fix npm vulnerability auditor for workspace Link nodes by @thavaahariharangit in #14754
  • Swift: support trailing commas in .package() declarations by @struuuuggle in #14755
  • fix(uv): derive --index URLs from uv.lock registry sources instead of credential index-url by @thavaahariharangit in #14779
  • Fix python update_not_possible error with bump_versions strategy by @AbhishekBhaskar in #14785
  • fix(python): filter non-requirements .txt files using filename regex patterns by @Nishnha in #14786
  • add a new PackageReference element next to existing PackageReference elements by @brettfo in #14796
  • Remove unused Properties from ProjectDiscoveryResult and delete Property type by @brettfo in #14776
  • Fix nullability warnings in DependencyConflictResolver.cs by @brettfo in #14784
  • detect file indentation characters by @brettfo in #14797
  • don't do a build on legacy projects by @brettfo in #14748
  • v0.371.0 by @dependabot-core-action-automation[bot] in #14800

New Contributors

Full Changelog: v0.370.0...v0.371.0

Check out latest releases or
releases around dependabot/dependabot-core v0.371.0

Don't miss a new dependabot-core release

NewReleases is sending notifications on new releases.

Get notifications