github dependabot/dependabot-core v0.379.0
on GitHub

6 hours ago

What's Changed

  • Fix duplicate updated dependencies in multi-directory group refresh by @markhallen in #15098
  • Recategorise lockfile generation errors as known types by @brrygrdn in #15084
  • [Graph Job] Do not treat Dependabot::UnexpectedExternalCode as a hard failure by @brrygrdn in #15075
  • [Graph] Fix handling of multiple version resolution by @brrygrdn in #15099
  • Bun: Upgrade to Node JS 24 by @yeikel in #14964
  • Add API integration to fetch blocked versions at job construction by @kbukum1 in #14917
  • Fix go modules error in package details fetcher due to subpath issue by @AbhishekBhaskar in #15096
  • add common pattern for directory specification by @brettfo in #15108
  • raise generic error without path information by @brettfo in #15088
  • Add HasNoWarnNU1701 merge logic in project discovery by @brettfo in #15090
  • NuGet: Auto-patch NuGet.Config to allow insecure HTTP feeds by @brettfo in #15092
  • NuGet: Filter out submodule paths during discovery by @brettfo in #15093
  • Implement a "dealias_packages" flag for npm file parsing by @brrygrdn in #15070
  • fix(docker_compose): support folded scalar and docker.io-prefixed image values by @thavaahariharangit in #15100
  • Suppress Docker digest-only updates when tag version is unchanged by @markhallen in #15103
  • generate and submit dependency graphs by @brettfo in #14956
  • Revert "Add API integration to fetch blocked versions at job construction" by @robaiken in #15120
  • change test for file path to account for empty string by @brettfo in #15109
  • NuGet: Add circular dependency detection to MSBuildHelper.ThrowOnError by @brettfo in #15116
  • Catch FatalProtocolException from source repository initialization by @brettfo in #15117
  • NuGet: Remove redundant GetPackageGraphForDependencies and use discovery DependencyGraph by @brettfo in #15122
  • Add API integration to fetch blocked versions at job updates by @kbukum1 in #15123
  • Fix yarn berry security updates resolving to latest instead of target version by @kbukum1 in #15091
  • Fix misleading Terraform registry error when TLS certificate verification fails by @yeikel in #15131
  • Fix cooldown ignored in additional_dependencies issue by @AbhishekBhaskar in #15124
  • Remove beta ecosystems feature flag for sbt by @AbhishekBhaskar in #15151
  • NuGet: Fix binding redirect XML parse error to report unparseable file by @brettfo in #15147
  • fix(npm_and_yarn): handle engines OR constraints and split caret-expanded bounds by @thavaahariharangit in #15144
  • Pass --min-release-age=0 for npm security updates to bypass .npmrc by @yeikel in #15139
  • Add deno lockfile support by @sbs44 in #15153
  • NuGet: Fix version range double-wrapping in temp project creation by @brettfo in #15152
  • Check ProjectAssetsFile exists before reading by @brettfo in #15160
  • fix: use configured github source when checking GitHub Actions pre-release status by @yeikel in #15004
  • ERR_PNPM_INVALID_DEPENDENCY_NAME handler in PnpmLockfileUpdater by @Copilot in #15165
  • Read npm min-release-age from .npmrc and apply as cooldown by @yeikel in #15132
  • v0.379.0 by @dependabot-core-action-automation[bot] in #15162

Special Thanks

Big thanks to @yeikel for driving the min-release-age support for the JavaScript ecosystems!

Full Changelog: v0.378.0...v0.379.0

Check out latest releases or
releases around dependabot/dependabot-core v0.379.0

Don't miss a new dependabot-core release

NewReleases is sending notifications on new releases.

Get notifications