What's Changed
- Add support for
scopeproperty innpm_registrycredentials by @AbhishekBhaskar in #15219 - uv: Remove dead add_auth_env_vars code and add credential matching diagnostics by @kbukum1 in #15209
- Fix npm registry credential leak to sibling paths on the same host by @Copilot in #15248
- Fix pnpm lockfileVersion 9.0 parsing error with optional chaining by @markhallen in #13959
- Parse remaining Job collections into typed structs by @JamieMagee in #15262
- Add a typed Hash subclass for requirement entries by @JamieMagee in #15263
- Fix Gradle wrapper jar encoding by @kbukum1 in #15235
- fix(maven): handle
.targetupdates in file updater by @thavaahariharangit in #15270 - Default all Cargo crates to increase-if-necessary by @JamieMagee in #14306
- Improve handling of Python failures when insecure-external-code-execution: deny is set, Tidier summary output by @brrygrdn in #15269
- Type updated_requirements as DependencyRequirement across all ecosystems by @JamieMagee in #15272
- Remove T.untyped from four common files by @JamieMagee in #15278
- Type create_dependency_file with keyword arguments by @JamieMagee in #15279
- Remove T.untyped from three updater files by @JamieMagee in #15281
- fix(npm_and_yarn): prefer replaces-base registry over lockfile source for metadata fetches by @thavaahariharangit in #15273
- Type DependencyFile#to_h and Notice#to_hash serialization hashes by @JamieMagee in #15283
- Type parse_dep_string return in bundler and npm_and_yarn by @JamieMagee in #15284
- Type registry_parser, git_pin_replacer, and drop stale pnpm entry by @JamieMagee in #15286
- Type python requirement_parser and pip_compile_files by @JamieMagee in #15287
- Type parse_dep_string return in cargo and pub by @JamieMagee in #15288
- Remove stale ForbidTUntyped entries for eight update checkers by @JamieMagee in #15297
- Type Prism AST node parameters in bundler finders by @JamieMagee in #15299
- Introduce typed GitTagDetails for GitCommitChecker local-tag shape by @JamieMagee in #15300
- Type requirements parameters as DependencyRequirement in gradle and cargo by @JamieMagee in #15302
- Type go_modules requirement parsing and version comparison by @JamieMagee in #15303
- Clarify npm security update failure messages by @thavaahariharangit in #15294
- Bump the regclient group across 1 directory with 2 updates by @dependabot[bot] in #14769
- Fix CHECKSUMS header being stripped when removing bundler 4.0.x entry (#15193) by @jmgarnier in #15229
- Bump bundled Deno to 2.8.3 for lockfile v5 support by @markhallen in #15319
- Add Deno workspace support by @markhallen in #15322
- Bump golang.org/x/mod from 0.33.0 to 0.37.0 in /go_modules/helpers by @dependabot[bot] in #15314
- v0.382.0 by @dependabot-core-action-automation[bot] in #15317
New Contributors
- @jmgarnier made their first contribution in #15229
Full Changelog: v0.381.0...v0.382.0