dependabot-gitlab/dependabot v2.0.0-alpha.4

on GitLab

2.0.0-alpha.4 (2023-08-27)

⚠️ Security updates (1 change)

• [Security] Bump puma from 6.3.0 to 6.3.1 by @dependabot-bot. See merge request !2321

🚀 New features (3 changes)

• Support closing superseded mrs in standalone mode by @andrcuns. See merge request !2341
• Add severity labels to merge requests with vulnerabilities by @andrcuns. See merge request !2324
• Add support for vulnerability detection in standalone mode by @andrcuns. See merge request !2301

🔬 Improvements (3 changes)

• Move background tasks to separate container by @andrcuns. See merge request !2334
• Add support for sentry profiling functionality by @andrcuns. See merge request !2310
• Log more details for processed vulnerability info by @andrcuns. See merge request !2307

🐞 Bug Fixes (7 changes)

• Only consider actual vulnerabilities when adding severity labels by @andrcuns. See merge request !2350
• Remove obsolete merge request closing by @andrcuns. See merge request !2349
• Cache labels already known to exist in project by @andrcuns. See merge request !2346
• Correctly update cached project labels by @andrcuns. See merge request !2345
• Correctly fetch source branch name for superseded mr in standalone mode by @andrcuns. See merge request !2343
• Revert "Merge branch 'dependabot-bundler-dependabot-omnibus-and-faraday-retry-0.226.0' into 'main'" by @andrcuns. See merge request !2319
• Correctly handle label creation for vulnerability issues by @andrcuns. See merge request !2308

📦 Dependency updates (6 changes)

• Bump dependabot-omnibus and faraday-retry by @dependabot-bot. See merge request !2342
• Bump mongoid from 8.1.1 to 8.1.2 by @dependabot-bot. See merge request !2339
• Bump anyway_config from 2.5.1 to 2.5.2 by @dependabot-bot. See merge request !2337
• Bump rails from 7.0.7 to 7.0.7.2 by @dependabot-bot. See merge request !2335
• Bump dependabot-omnibus and faraday-retry by @dependabot-bot. See merge request !2316
• Bump rails from 7.0.6 to 7.0.7 by @dependabot-bot. See merge request !2315

📦🔧 Development dependency updates (16 changes)

• Bump rspec-sidekiq from 4.0.1 to 4.0.2 by @dependabot-bot. See merge request !2347
• Bump rspec-sidekiq from 4.0.0 to 4.0.1 by @dependabot-bot. See merge request !2338
• Bump rubocop from 1.56.0 to 1.56.1 by @dependabot-bot. See merge request !2336
• Bump vitepress from 1.0.0-beta.7 to 1.0.0-rc.4 by @dependabot-bot. See merge request !2328
• Bump prettier from 3.0.1 to 3.0.2 by @dependabot-bot. See merge request !2327
• Bump @types/node from 20.4.8 to 20.5.1 by @dependabot-bot. See merge request !2326
• Bump @playwright/test from 1.36.2 to 1.37.1 by @dependabot-bot. See merge request !2325
• Bump rspec-sidekiq from 3.1.0 to 4.0.0 by @dependabot-bot. See merge request !2322
• Bump rubocop-performance from 1.18.0 to 1.19.0 by @dependabot-bot. See merge request !2323
• Bump faker from 3.2.0 to 3.2.1 by @dependabot-bot. See merge request !2318
• Bump rubocop from 1.55.1 to 1.56.0 by @dependabot-bot. See merge request !2313
• Bump rubocop-rspec from 2.23.1 to 2.23.2 by @dependabot-bot. See merge request !2314
• Bump rubocop-rspec from 2.23.0 to 2.23.1 by @dependabot-bot. See merge request !2305
• Bump prettier from 3.0.0 to 3.0.1 by @dependabot-bot. See merge request !2304
• Bump handlebars from 4.7.7 to 4.7.8 by @dependabot-bot. See merge request !2303
• Bump @types/node from 20.4.5 to 20.4.8 by @dependabot-bot. See merge request !2302

🔧 CI changes (5 changes)

• Use latest qemu emulators for image building by @andrcuns. See merge request !2344
• Fix image build rules order by @andrcuns.
• Update rules for building images and running tests by @andrcuns. See merge request !2333
• Introduce breaking changes changelog category by @andrcuns. See merge request !2332
• Remove legacy license scanning job by @andrcuns.

🧰 Maintenance (7 changes)

• Improve logging for dependency mr creation process by @andrcuns. See merge request !2348
• Use rails cache for project label caching by @andrcuns. See merge request !2340
• Use project dependencies for global setup in e2e tests by @andrcuns. See merge request !2331
• Remove redundant rspec metadata by @andrcuns. See merge request !2309
• Explicitly log when local vulnerability db is up to date by @andrcuns.
• Add logger context for background migration job by @andrcuns. See merge request !2306
• Refactor dependency vulnerability fetching by @andrcuns. See merge request !2298

📄 Documentation updates (3 changes)

• Update documentation on main-latest docker tag usage by @andrcuns.
• Document usage of images built from main branch by @andrcuns.
• Improve description of what dependabot-gitlab is or isn't by @andrcuns.

🚀 Deployment changes (7 changes)

• Reduce resource requests for backgroundTasksJob by @andrcuns.
• Remove pullPolicy from deployment by @andrcuns.
• Bump hashicorp/kubernetes from 2.22.0 to 2.23.0 in /deploy by @dependabot-bot. See merge request !2330
• Bump hashicorp/google from 4.76.0 to 4.78.0 in /deploy by @dependabot-bot. See merge request !2329
• Add sentry profiles and traces sample rates by @andrcuns.
• Ignore helm release metadata changes by @andrcuns.
• Bump hashicorp/google from 4.75.1 to 4.76.0 in /deploy by @dependabot-bot. See merge request !2300