github dependabot/dependabot-core v0.381.0
on GitHub

6 hours ago

What's Changed

  • Disable npmMinimalAgeGate for Yarn Berry security updates by @yeikel in #15191
  • Add Bundler 4 support by @JamieMagee in #15180
  • Bump org.apache.maven.plugins:maven-dependency-plugin from 3.10.0 to 3.11.0 in /maven/lib/dependabot/maven by @dependabot[bot] in #15190
  • Add GONOPROXY/GONOSUMDB env vars to go_modules FileParser by @Nishnha in #15159
  • fix(go_modules): include advisory pseudo-version boundaries for security fix resolution by @thavaahariharangit in #15213
  • Retry Gradle metadata fetch on EOF by @thavaahariharangit in #15204
  • Handle npm registry EOFError in latest version finder by @thavaahariharangit in #15205
  • fix(python): honor .pip-tools.toml unsafe-package in pip-compile updates by @thavaahariharangit in #15202
  • Swift: add missing rescue-path test for trailing slash in normalize_name by @Copilot in #15220
  • Fix TypeError: String does not have #dig method in PipenvRunner by @Copilot in #14821
  • fix(go_modules): run strict go mod tidy and surface real errors by @kbukum1 in #15094
  • Gate YARN_NPM_MINIMAL_AGE_GATE on Yarn 4.10+ by @yeikel in #15226
  • opentofu: handle OCI source type in MetadataFinder by @diofeher in #14990
  • Respect cooldown rules when generating Poetry lockfiles by @thavaahariharangit in #15232
  • Fix nuget exception on call to single() by @sebasgomez238 in #15233
  • Fix Maven property update previous version metadata by @kbukum1 in #15224
  • Detect ICU package error indicating EOL SDK by @brettfo in #15234
  • Fix docker_compose parser crash on YAML symbols in lock files by @kbukum1 in #15036
  • Handle Berry lockfiles without explicit Yarn config by @Copilot in #14820
  • Fix behavioral gap in prerelease detection found with Python and generalized to common by @v-HaripriyaC in #15179
  • Fix incorrect cooldown filtering for sha pinned dependencies in pre-commit by @AbhishekBhaskar in #15225
  • Harden Helm helper CLI argument handling and fix helm search flag ordering by @Copilot in #15247
  • Add an experimental GitHub Action summary for graph jobs by @brrygrdn in #15223
  • Add RBI shims for API client wrappers, remove ~110 T.unsafe calls by @JamieMagee in #14615
  • Bump library/rust from 1.94.0-bookworm to 1.95.0-bookworm in /cargo by @dependabot[bot] in #15188
  • Replace Job's untyped hashes with T::ImmutableStruct by @JamieMagee in #14616
  • Fix Gradle/Maven prerelease detection gaps by @v-HaripriyaC in #15222
  • Fix OCI Helm chart metadata finder to strip oci:// prefix by @Copilot in #13634
  • Fix workflow summary experiment name by @brrygrdn in #15250
  • Validate dependency versions in GlobalJsonDiscovery by @brettfo in #15255
  • Enable two Sorbet cops, ignore bazel/nix specs by @JamieMagee in #15257
  • Enable Sorbet/ForbidTUntyped with a todo backlog by @JamieMagee in #15258
  • v0.381.0 by @dependabot-core-action-automation[bot] in #15246

Full Changelog: v0.380.0...v0.381.0

Check out latest releases or
releases around dependabot/dependabot-core v0.381.0

Don't miss a new dependabot-core release

NewReleases is sending notifications on new releases.

Get notifications