1 Release published by 1 person

• v0.286.0

  published Nov 14, 2024

13 Pull requests merged by 9 people

• [pub] Fix update fails when project contains dependency from Dart SDK

  #10947 merged Nov 19, 2024

• Update hcl2json to version 0.6.4

  #10952 merged Nov 19, 2024

• Ensure Corepack Usage for npm, pnpm, and yarn Command Execution

  #10944 merged Nov 18, 2024

• Handle semicolons in packageReferences

  #10909 merged Nov 18, 2024

• make NuGet tests more stable

  #10931 merged Nov 18, 2024

• only report a package as existing if the actual .nupkg can be downloaded

  #10939 merged Nov 15, 2024

• Add support for centralized package manager & language abstraction fo…

  #10929 merged Nov 15, 2024

• Remove Composer v1 Code and Related Feature Flags

  #10934 merged Nov 14, 2024

• Update .NET SDKs

  #10752 merged Nov 14, 2024

• v0.286.0

  #10933 merged Nov 14, 2024

• Fix bug related to empty package manager name in npm_and_yarn package manager

  #10936 merged Nov 14, 2024

• Add Ruby Language Requirement Collection for Bundler Ecosystem Metrics

  #10932 merged Nov 14, 2024

• Send Ecosystem Metrics to Dependabot-API on Update Job Completion

  #10905 merged Nov 13, 2024

11 Pull requests opened by 6 people

• Bump the prod-dependencies group across 1 directory with 20 updates

  #10937 opened Nov 14, 2024

• Store raw installed versions for npm, pnpm, and yarn package managers instead of detected version

  #10938 opened Nov 14, 2024

• Bump eslint from 9.14.0 to 9.15.0 in /npm_and_yarn/helpers in the dev-dependencies group

  #10948 opened Nov 17, 2024

• Bump the dev-dependencies group across 1 directory with 4 updates

  #10949 opened Nov 17, 2024

• Bump friendsofphp/php-cs-fixer from 3.54.0 to 3.64.0 in /composer/helpers/v2 in the dev-dependencies group across 1 directory

  #10950 opened Nov 17, 2024

• Bump the all-actions group across 1 directory with 2 updates

  #10951 opened Nov 17, 2024

• Add support for go ecosystem metrics collection

  #10953 opened Nov 18, 2024

• still allow package analysis to continue even if metadata isn't valid

  #10956 opened Nov 18, 2024

• Make DiscoveryWorker project path check case insensitive

  #10958 opened Nov 18, 2024

• Bump cross-spawn and npm in /npm_and_yarn/helpers

  #10959 opened Nov 19, 2024

• Adds conditional for no pull request for existing branch

  #10963 opened Nov 19, 2024

6 Issues closed by 5 people

• Consider Using asdf

  #5781 closed Nov 17, 2024

• Dependabot Ruby/Bundler doesn't work with all ruby versions in gem file

  #8102 closed Nov 15, 2024

• NoMethodError: undefined method `to_sym' for an instance of Hash

  #10935 closed Nov 15, 2024

• Drop support for PHP Composer v1

  #6298 closed Nov 14, 2024

• Dependabot sometimes only edits package-lock.json, not package.json

  #9071 closed Nov 13, 2024

• Wrong type when using the Conventional Commits and GitHub Actions

  #2996 closed Nov 13, 2024

11 Issues opened by 8 people

• Don't allow NuGet tasks to call vulnerability APIs

  #10964 opened Nov 19, 2024

• Dependabot suggests version bump that conflicts with version spec in pyproject.toml

  #10962 opened Nov 19, 2024

• [berry] when `.yarnrc.yml` have plugin, fail as `dependency_file_not_resolvable`

  #10961 opened Nov 19, 2024

• Difference in casing in `.sln` file can cause project not to be discovered

  #10957 opened Nov 18, 2024

• NuGet dependency discovery is missing an opportunity to report `dependency_file_not_parsable`

  #10954 opened Nov 18, 2024

• Dependabot fails with unknown error

  #10945 opened Nov 16, 2024

• NuGet updater needs to sideline `Directory.Build.rsp` files with environment variables

  #10943 opened Nov 15, 2024

• Certificate in GitHub repo for fastlane match can't be loaded

  #10942 opened Nov 15, 2024

• Can not upgrade docker base image correctly while using os and arch tag

  #10941 opened Nov 15, 2024

• Dependabot group for patterns "rack" and "rack-*" including unexpected gems

  #10940 opened Nov 15, 2024

• Dependabot updates the all images in a yaml spec that have the same tag (despite for only one the new tag exists)

  #10930 opened Nov 13, 2024

43 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Bump the poetry group across 1 directory with 2 updates

  #10889 commented on Nov 17, 2024 • 2 new comments

• YAML aliases

  #1582 commented on Nov 12, 2024 • 0 new comments

• `schedule.interval` support cron expressions

  #6339 commented on Nov 18, 2024 • 0 new comments

• `schedule.interval` of `fortnight` (every two weeks)

  #7490 commented on Nov 18, 2024 • 0 new comments

• Dependabot Nuget with Lockfiles fails to update lockfiles in other dependent projects

  #10863 commented on Nov 18, 2024 • 0 new comments

• Dependabot keeps timing out

  #10309 commented on Nov 19, 2024 • 0 new comments

• Incorrect TOML parsing of multi-line literal strings for `pyproject.toml`

  #10523 commented on Nov 19, 2024 • 0 new comments

• Specify Target Framework for .NET libraries

  #2733 commented on Nov 19, 2024 • 0 new comments

• Specs for helmfiles with different names

  #6105 commented on Nov 15, 2024 • 0 new comments

• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates

  #10361 commented on Nov 17, 2024 • 0 new comments

• use MSBuild binlog to report dependencies

  #10597 commented on Nov 19, 2024 • 0 new comments

• Try to find pnpm-lock.yaml file upwards on tree structure

  #10806 commented on Nov 19, 2024 • 0 new comments

• Python 3.13 Support

  #10829 commented on Nov 13, 2024 • 0 new comments

• Add updater job flag to update the dependency list without updating the dependency files

  #10836 commented on Nov 17, 2024 • 0 new comments

• Bump rubocop-rspec from 2.29.1 to 3.2.0 in /updater

  #10851 commented on Nov 14, 2024 • 0 new comments

• Fix git add command to handle paths with spaces

  #10866 commented on Nov 13, 2024 • 0 new comments

• Bump the common group across 1 directory with 3 updates

  #10890 commented on Nov 17, 2024 • 0 new comments

• Bump symfony/process from 5.4.40 to 5.4.46 in /composer/helpers/v2

  #10903 commented on Nov 13, 2024 • 0 new comments

• Bump golang.org/x/mod from 0.19.0 to 0.22.0 in /go_modules/helpers

  #10916 commented on Nov 13, 2024 • 0 new comments

• Bump pipenv from 2024.0.2 to 2024.4.0 in /python/helpers in the pipenv group across 1 directory

  #10920 commented on Nov 17, 2024 • 0 new comments

• Bump library/golang from 1.22.5-bookworm to 1.23.3-bookworm in /go_modules

  #10921 commented on Nov 13, 2024 • 0 new comments

• Bump nock from 13.5.5 to 13.5.6 in /npm_and_yarn/helpers in the npm-dependencies group

  #10922 commented on Nov 17, 2024 • 0 new comments

• dependabot version update is failing with yarn

  #10928 commented on Nov 12, 2024 • 0 new comments

• Support Swift Packages requiring Swift 6.0 only

  #10754 commented on Nov 13, 2024 • 0 new comments

• Timeout running job when updating NuGet packages after updater logic was re-written in C#

  #9375 commented on Nov 13, 2024 • 0 new comments

• Provide details for `update_not_possible`

  #10728 commented on Nov 13, 2024 • 0 new comments

• Dependabot generates broken PRs for NuGet when lockfiles, private GitHub feeds and package source mappings are used

  #10859 commented on Nov 13, 2024 • 0 new comments

• Dependabot doesn't use pre-install hook

  #10927 commented on Nov 13, 2024 • 0 new comments

• How does Dependabot looks for CHANGELOG in nuget packages?

  #3850 commented on Nov 13, 2024 • 0 new comments

• Dependabot not recreating or rebasing

  #10874 commented on Nov 14, 2024 • 0 new comments

• "Dependabot is rebasing this PR" but nothing happens

  #10841 commented on Nov 14, 2024 • 0 new comments

• ERR_PNPM_NO_MATCHING_VERSION after adding private registry

  #9891 commented on Nov 14, 2024 • 0 new comments

• Npm packages are unexpectedly downloaded from the internal registry

  #10227 commented on Nov 14, 2024 • 0 new comments

• Create Dependabot security update Fails - proxy | exec /bin/sh: exec format error

  #10824 commented on Nov 15, 2024 • 0 new comments

• Provide option to configure format of branch name

  #396 commented on Nov 15, 2024 • 0 new comments

• see who or why triggered a dependabot run?

  #9925 commented on Nov 15, 2024 • 0 new comments

• Exception if 'Directory.Build.props' contains 'PropertyGroup' named 'PackageReference...'

  #6139 commented on Nov 16, 2024 • 0 new comments

• Support for python VCS package version update triggers

  #6147 commented on Nov 18, 2024 • 0 new comments

• Update badges to be compatible with the new native GitHub Dependabot

  #1912 commented on Nov 18, 2024 • 0 new comments

• Dependabot crashes on Terraform 1.8 provider-defined functions

  #10315 commented on Nov 18, 2024 • 0 new comments

• Dependabot doesn't work with monorepos using pnpm

  #10758 commented on Nov 18, 2024 • 0 new comments

• Way to view all currently applied ignored dependencies / versions

  #10286 commented on Nov 18, 2024 • 0 new comments

• Python: Support PEP 735 `[dependency-groups]` in `pyproject.toml`

  #10847 commented on Nov 18, 2024 • 0 new comments