7.0.0-alpha.1 (2026-07-18)
This release brings a major architectural change (hopefully the last one) with removal of custom dependabot-core orchestration code and replacing it with orchestrating upstream updater images directly. This allows to use upstream features without having to maintain custom parallel implementation at minor cost of flexibility.
This release also brings a dedicated dbot-gitlab cli tool for running stateless updates either locally or within CI/CD jobs in a much easier and more convenient fashion.
Because of the scope of the changes, some bugs are expected.
See dependabot-gitlab/dependabot!5027+ for details on changes for multi directory config entries. Some loss of historical data will ocurr for users of deployed app version. Other than that, no manual steps should be necessary when upgrading to the latest version.
💥 Breaking changes (5 changes)
- Do not split directories config entry in to multiple update jobs by @andrcuns. See merge request dependabot-gitlab/dependabot!5027
- Remove code for migrating from mongodb to postgresql database by @andrcuns. See merge request dependabot-gitlab/dependabot!4981
- Remove workflow for update mr creation from forks by @andrcuns. See merge request dependabot-gitlab/dependabot!4866
- Enable dependency proxy by default by @andrcuns. See merge request dependabot-gitlab/dependabot!4817
- Use upstream updater architecture for dependency updates by @andrcuns. See merge request dependabot-gitlab/dependabot!4817
⚠️ Security updates (8 changes)
- [Security] Bump nokogiri from 1.19.3 to 1.19.4 by @dependabot. See merge request dependabot-gitlab/dependabot!4929
- [Security] Bump concurrent-ruby from 1.3.6 to 1.3.7 by @dependabot. See merge request dependabot-gitlab/dependabot!4928
- [Security] Bump dompurify from 3.4.10 to 3.4.11 by @dependabot. See merge request dependabot-gitlab/dependabot!4924
- [Security] Bump markdown-it from 14.1.1 to 14.2.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4909
- [Security] Bump dompurify from 3.4.0 to 3.4.10 by @dependabot. See merge request dependabot-gitlab/dependabot!4908
- [Security] Bump net-imap from 0.6.4 to 0.6.4.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4855
- Bump vite from 8.0.15 to 8.0.16 by @dependabot. See merge request dependabot-gitlab/dependabot!4847
- Bump vite from 8.0.14 to 8.0.15 by @dependabot. See merge request dependabot-gitlab/dependabot!4842
🚀 New features (3 changes)
- Cache security advisories in standalone mode by @andrcuns. See merge request dependabot-gitlab/dependabot!4982
- Add script to run dependency updates directly from updater image without proxy by @andrcuns. See merge request dependabot-gitlab/dependabot!4969
- Implement support for grouped updates by @andrcuns. See merge request dependabot-gitlab/dependabot!4892
🔬 Improvements (2 changes)
- Order jobs by package ecosystem in projects page by @andrcuns. See merge request dependabot-gitlab/dependabot!5037
- Restore full dependency update workflow by @andrcuns. See merge request dependabot-gitlab/dependabot!4877
🐞 Bug Fixes (2 changes)
- Trigger all applicable jobs in notify_release on empty project argument by @andrcuns. See merge request dependabot-gitlab/dependabot!4979
- Fix ca-certificates path ownership in updater images by @andrcuns. See merge request dependabot-gitlab/dependabot!4959
📦 Dependency updates (56 changes)
- Bump dependabot-omnibus from 0.386.0 to 0.387.0 by @dependabot. See merge request dependabot-gitlab/dependabot!5046
- Bump tzinfo-data from 1.2026.2 to 1.2026.3 by @dependabot. See merge request dependabot-gitlab/dependabot!5043
- Bump pagy from 43.5.6 to 43.6.0 by @dependabot. See merge request dependabot-gitlab/dependabot!5042
- Bump vite from 8.1.3 to 8.1.4 by @dependabot. See merge request dependabot-gitlab/dependabot!5041
- Bump lograge from 0.14.0 to 0.15.0 by @dependabot. See merge request dependabot-gitlab/dependabot!5035
- Bump @gitlab/ui from 135.0.0 to 135.0.1 by @dependabot. See merge request dependabot-gitlab/dependabot!5034
- Bump dependabot-omnibus from 0.385.0 to 0.386.0 by @dependabot. See merge request dependabot-gitlab/dependabot!5032
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!5026
- Bump grape from 3.3.1 to 3.3.2 by @dependabot. See merge request dependabot-gitlab/dependabot!5023
- Bump vite_rails from 3.11.0 to 3.11.1 by @dependabot. See merge request dependabot-gitlab/dependabot!5016
- Bump vite from 8.1.2 to 8.1.3 by @dependabot. See merge request dependabot-gitlab/dependabot!5009
- Bump vite from 8.1.1 to 8.1.2 by @dependabot. See merge request dependabot-gitlab/dependabot!5003
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!5001
- Bump dependabot-omnibus from 0.384.0 to 0.385.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4999
- Bump @gitlab/ui from 134.8.0 to 135.0.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4998
- Bump vite from 8.1.0 to 8.1.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4997
- Bump @tailwindcss/vite from 4.3.1 to 4.3.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4993
- Bump tailwindcss from 4.3.1 to 4.3.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4992
- Bump grape from 3.3.0 to 3.3.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4985
- Bump dependabot-omnibus from 0.383.0 to 0.384.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4974
- Bump good_job from 4.19.0 to 4.19.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4964
- Bump vue from 3.5.38 to 3.5.39 by @dependabot. See merge request dependabot-gitlab/dependabot!4963
- Bump @gitlab/ui from 134.6.0 to 134.8.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4962
- Bump grape from 3.2.1 to 3.3.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4949
- Update docker Docker tag to v29.6.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4947
- Bump docker from 29.6.0-dind to 29.6.1-dind by @dependabot. See merge request dependabot-gitlab/dependabot!4946
- Bump dependabot-omnibus from 0.382.0 to 0.383.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4944
- Bump @gitlab/svgs from 3.162.1 to 3.163.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4942
- Bump @gitlab/ui from 134.4.0 to 134.6.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4941
- Bump @gitlab/svgs from 3.162.0 to 3.162.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4932
- Bump @gitlab/ui from 134.3.1 to 134.4.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4935
- Update docker Docker tag to v29.6.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4925
- Bump tailwindcss from 4.3.0 to 4.3.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4923
- Bump @tailwindcss/vite from 4.3.0 to 4.3.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4922
- Bump docker from 29.5.3-dind to 29.6.0-dind by @dependabot. See merge request dependabot-gitlab/dependabot!4919
- Bump vue from 3.5.35 to 3.5.38 by @dependabot. See merge request dependabot-gitlab/dependabot!4915
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!4913
- Bump dependabot-omnibus from 0.381.0 to 0.382.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4910
- Bump @gitlab/ui from 134.2.0 to 134.3.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4907
- Bump sentry-rails from 6.6.0 to 6.6.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4904
- Bump vite-plugin-static-copy from 4.1.0 to 4.1.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4878
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!4870
- Bump dependabot-omnibus from 0.380.0 to 0.381.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4867
- Bump bootsnap from 1.24.5 to 1.24.6 by @dependabot. See merge request dependabot-gitlab/dependabot!4854
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!4852
- Bump @gitlab/svgs from 3.160.0 to 3.161.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4846
- Bump sentry-rails from 6.5.0 to 6.6.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4845
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!4838
- Update docker Docker tag to v29.5.3 by @dependabot. See merge request dependabot-gitlab/dependabot!4837
- Bump docker from 29.5.2-dind to 29.5.3-dind by @dependabot. See merge request dependabot-gitlab/dependabot!4836
- Bump andrcuns/dependabot-proxy in /config/configs/proxy by @dependabot. See merge request dependabot-gitlab/dependabot!4835
- Bump vue-router from 5.0.7 to 5.1.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4833
- Bump puma from 8.0.1 to 8.0.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4831
- Bump good_job from 4.18.2 to 4.19.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4830
- Bump vue from 3.5.34 to 3.5.35 by @dependabot. See merge request dependabot-gitlab/dependabot!4829
- Bump @gitlab/ui from 134.1.3 to 134.2.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4828
📦🔧 Development dependency updates (35 changes)
- Bump @types/node in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!5033
- Bump ruby-lsp in the ruby-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!5030
- Bump the npm-development-dependencies group with 3 updates by @dependabot. See merge request dependabot-gitlab/dependabot!5028
- Bump the ruby-development-dependencies group with 2 updates by @dependabot. See merge request dependabot-gitlab/dependabot!5022
- Bump the npm-development-dependencies group with 4 updates by @dependabot. See merge request dependabot-gitlab/dependabot!5008
- Bump rubocop from 1.88.0 to 1.88.1 in the rubocop-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!5005
- Remove typescript-eslint package by @andrcuns.
- Bump the npm-development-dependencies group with 2 updates by @dependabot. See merge request dependabot-gitlab/dependabot!4996
- Bump typescript-eslint in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4991
- Bump solargraph in the ruby-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4984
- Bump js-yaml in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4976
- Bump the npm-development-dependencies group with 8 updates by @dependabot. See merge request dependabot-gitlab/dependabot!4971
- Bump solargraph in the ruby-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4948
- Bump rubocop from 1.87.0 to 1.88.0 in the rubocop-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4940
- Bump the npm-development-dependencies group with 3 updates by @dependabot. See merge request dependabot-gitlab/dependabot!4938
- Bump solargraph in the ruby-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4936
- Bump js-yaml in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4927
- Update playwright version to 1.61.0 by @andrcuns.
- Bump @types/node in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4921
- Bump simplecov-cobertura in the ruby-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4918
- Bump @types/node in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4914
- Bump allure-playwright in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4912
- Bump typescript-eslint in the npm-development-dependencies group by @dependabot. See merge request dependabot-gitlab/dependabot!4906
- Bump the development-dependencies group with 2 updates by @andrcuns. See merge request dependabot-gitlab/dependabot!4902
- Bump @types/node from 25.9.1 to 25.9.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4879
- Bump rubocop-rspec from 3.9.0 to 3.10.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4875
- Bump eslint-plugin-vue from 10.9.1 to 10.9.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4853
- Bump vue-eslint-parser from 10.4.0 to 10.4.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4850
- Bump typescript-eslint from 8.60.0 to 8.60.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4849
- Bump concurrently from 10.0.1 to 10.0.3 by @dependabot. See merge request dependabot-gitlab/dependabot!4848
- Bump js-yaml from 4.1.1 to 4.2.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4844
- Bump concurrently from 10.0.0 to 10.0.1 by @dependabot. See merge request dependabot-gitlab/dependabot!4843
- Bump rubocop from 1.86.2 to 1.87.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4839
- Bump @readme/openapi-parser from 6.1.1 to 6.1.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4834
- Bump rubocop-rails from 2.35.2 to 2.35.3 by @dependabot. See merge request dependabot-gitlab/dependabot!4832
🔧 CI changes (4 changes)
- Add auth for schema generation/validation job by @andrcuns. See merge request dependabot-gitlab/dependabot!5007
- Enable standalone-tests child pipeline by @andrcuns. See merge request dependabot-gitlab/dependabot!4959
- Fix ruby installs on CI by @andrcuns. See merge request dependabot-gitlab/dependabot!4930
- Update gitlab-ci by @dependabot. See merge request dependabot-gitlab/dependabot!4926
🧰 Maintenance (27 changes)
- Remove fork related columns from database by @andrcuns. See merge request dependabot-gitlab/dependabot!5039
- Add initial configuration entry association to job model by @andrcuns. See merge request dependabot-gitlab/dependabot!5024
- Improve sentry error reporting by @andrcuns. See merge request dependabot-gitlab/dependabot!5012
- Update local e2e testing setup by @andrcuns. See merge request dependabot-gitlab/dependabot!5011
- Simplify logging and remove RequestStore gem by @andrcuns. See merge request dependabot-gitlab/dependabot!5010
- Conditionally load swagger docs by @andrcuns. See merge request dependabot-gitlab/dependabot!4990
- Invert ServiceModeConcern and define classes as service mode compatible by default by @andrcuns. See merge request dependabot-gitlab/dependabot!4990
- Add tools for code graph generation by @andrcuns. See merge request dependabot-gitlab/dependabot!4989
- Improve vulnerability issue template by @andrcuns. See merge request dependabot-gitlab/dependabot!4987
- Add additional logging for mr create/update workflow by @andrcuns. See merge request dependabot-gitlab/dependabot!4986
- Improve namespace structure for dependency update related code by @andrcuns. See merge request dependabot-gitlab/dependabot!4986
- Remove devcontainer setup by @andrcuns. See merge request dependabot-gitlab/dependabot!4973
- Remove ecosystem shell setup by @andrcuns. See merge request dependabot-gitlab/dependabot!4973
- Add standalone dev update run mise task by @andrcuns. See merge request dependabot-gitlab/dependabot!4973
- Use upstream log format in standalone mode by @andrcuns. See merge request dependabot-gitlab/dependabot!4966
- Rename kube folder to entrypoints by @andrcuns. See merge request dependabot-gitlab/dependabot!4965
- Update sqlite db location by @andrcuns. See merge request dependabot-gitlab/dependabot!4937
- Fix all mise tasks paths by @andrcuns. See merge request dependabot-gitlab/dependabot!4931
- Ensure deterministic sorting for jobs with identical cron config by @andrcuns.
- Use sqlite instead of nulldb adapter for standalone mode by @andrcuns. See merge request dependabot-gitlab/dependabot!4901
- Use separate release cycle for standalone repository by @andrcuns. See merge request dependabot-gitlab/dependabot!4911
- Switch from eslint and prettier to ox stack by @andrcuns. See merge request dependabot-gitlab/dependabot!4895
- Correctly handle all produced logs from worker container by @andrcuns. See merge request dependabot-gitlab/dependabot!4860
- Update error handling to correctly support new architecture by @andrcuns. See merge request dependabot-gitlab/dependabot!4858
- Improve updater multiline log handling by @andrcuns. See merge request dependabot-gitlab/dependabot!4857
- Update k8s orchestration, remove compose based standalone orchestration by @andrcuns. See merge request dependabot-gitlab/dependabot!4856
- Add standalone test repo cleanup code by @andrcuns. See merge request dependabot-gitlab/dependabot!4817
📄 Documentation updates (3 changes)
- Add warnings on running updates directly within updater container by @andrcuns. See merge request dependabot-gitlab/dependabot!5047
- Update documentation for v7 release by @andrcuns. See merge request dependabot-gitlab/dependabot!5040
- update standalone mode guide (#672) by @cortlepp. See merge request dependabot-gitlab/dependabot!4951
🚀 Deployment changes (13 changes)
- Bump gitlab-org/cluster-integration/gitlab-agent/agentk in /deploy/agent by @dependabot. See merge request dependabot-gitlab/dependabot!5044
- Update dependency helm to v4.2.3 by @dependabot. See merge request dependabot-gitlab/dependabot!5015
- Bump gitlab-org/cluster-integration/gitlab-agent/agentk in /deploy/agent by @dependabot. See merge request dependabot-gitlab/dependabot!5014
- Bump hashicorp/kubernetes from 3.2.0 to 3.2.1 in /deploy by @dependabot. See merge request dependabot-gitlab/dependabot!4988
- Bump gitlab-org/cluster-integration/gitlab-agent/agentk in /deploy/agent by @dependabot. See merge request dependabot-gitlab/dependabot!4970
- Revert postgresql deployment changes by @andrcuns. See merge request dependabot-gitlab/dependabot!4945
- Migrate to external postgresql instance by @andrcuns. See merge request dependabot-gitlab/dependabot!4943
- Bump gitlab-org/cluster-integration/gitlab-agent/agentk in /deploy/agent by @dependabot. See merge request dependabot-gitlab/dependabot!4920
- Update k8s-tools to v4.2.2 by @dependabot. See merge request dependabot-gitlab/dependabot!4916
- Update k8s-tools by @dependabot. See merge request dependabot-gitlab/dependabot!4874
- Update dependency components/opentofu to v4.7.0 by @dependabot. See merge request dependabot-gitlab/dependabot!4851
- Bump hashicorp/kubernetes from 3.1.0 to 3.2.0 in /deploy by @dependabot. See merge request dependabot-gitlab/dependabot!4841
- Bump hashicorp/helm from 3.1.2 to 3.2.0 in /deploy by @dependabot. See merge request dependabot-gitlab/dependabot!4840