github dependabot/dependabot-core v0.383.0
on GitHub

5 hours ago

What's Changed

  • Bump bundled npm from 11.8.0 to 11.17.0 by @kbukum1 in #15335
  • Fix composer specs failure due to block-insecure feature by @AbhishekBhaskar in #15334
  • Add blocked_versions.ignored metric for Security-blocked update checks by @kbukum1 in #15333
  • Preserve original bundler checksum on Bundler 4.0.11+ lockfile updates by @lucasmazza in #15249
  • Generate .npmrc from scope property when lockfile inference fails by @AbhishekBhaskar in #15264
  • Revert disabling block insecure flag in composer by @AbhishekBhaskar in #15339
  • Fix no method error during fetching credentials properties by @AbhishekBhaskar in #15340
  • Use only uv.lock for uv dependency graphing by @Nishnha in #15217
  • Add transitive blocked-version enforcement to updater by @robaiken in #15295
  • fix(npm_and_yarn): strip trailing slash from registry URL in Corepack env vars by @ajha-cs in #15324
  • Fix pre-commit cooldown bypass and incorrect PR metadata issues with grouped updates by @AbhishekBhaskar in #15346
  • Surface blocking parent dependency in npm fix-unavailable message by @thavaahariharangit in #15337
  • Skip Gradle cooldown metadata fetch when cooldown is not configured by @yeikel in #15136
  • Bundler: surface invalid registry gem metadata as a private source error by @kbukum1 in #15351
  • Set default max branch name length to 100 characters by @kbukum1 in #15282
  • set temporary token for cargo auth that the proxy will then replace by @brettfo in #15298
  • Reject updates for private registries without proper dependabot configuration by @AbhishekBhaskar in #15347
  • gradle: bump updater image to 9.4.1 by @thavaahariharangit in #15356
  • Bundler: tolerate empty registry checksum metadata in v4 helper by @kbukum1 in #15359
  • Preserve custom gradle-wrapper.properties values during wrapper updates by @kbukum1 in #15336
  • fix(pre-commit, github-actions): use tag creation date for cooldown instead of commit date by @robaiken in #15350
  • Update Sorbet toolchain and regenerate gem RBIs by @JamieMagee in #15304
  • Enable six zero-offense Sorbet guardrail cops by @JamieMagee in #15305
  • Replace to_hash with to_h and enable ImplicitConversionMethod by @JamieMagee in #15306
  • Enforce method signatures via Sorbet/EnforceSignatures by @JamieMagee in #15307
  • Image content validation for manifest lists for container image updates by @jpinz in #15352
  • Type Version and Requirement internals across ecosystems by @JamieMagee in #15379
  • Type RequirementsUpdater base and gradle/maven/sbt with DependencyRequirement by @JamieMagee in #15380
  • Type standalone RequirementsUpdaters with DependencyRequirement by @JamieMagee in #15381
  • Drop Python 3.9 support by @kbukum1 in #15391
  • Stub docker manifest request in helm update_checker spec by @JamieMagee in #15398
  • Parse DependencyGroup rules into typed readers by @JamieMagee in #15395
  • Type provider_metadata as integer-keyed by @JamieMagee in #15396
  • Fix Swift native requirement parser when there are additional arguments in .package() by @kkebo in #15311
  • v0.383.0 by @dependabot-core-action-automation[bot] in #15365

New Contributors

Full Changelog: v0.382.0...v0.383.0

Check out latest releases or
releases around dependabot/dependabot-core v0.383.0

Don't miss a new dependabot-core release

NewReleases is sending notifications on new releases.

Get notifications