5 Releases published by 4 people

• v0.282.0

  published Oct 24, 2024

• v0.283.0

  published Oct 31, 2024

• v0.284.0

  published Nov 5, 2024

• v0.285.0

  published Nov 7, 2024

• v0.286.0

  published Nov 14, 2024

55 Pull requests merged by 15 people

• Adds conditional for no pull request for existing branch

  #10963 merged Nov 19, 2024

• Make DiscoveryWorker project path check case insensitive

  #10958 merged Nov 19, 2024

• still allow package analysis to continue even if metadata isn't valid

  #10956 merged Nov 19, 2024

• [pub] Fix update fails when project contains dependency from Dart SDK

  #10947 merged Nov 19, 2024

• Update hcl2json to version 0.6.4

  #10952 merged Nov 19, 2024

• Ensure Corepack Usage for npm, pnpm, and yarn Command Execution

  #10944 merged Nov 18, 2024

• Handle semicolons in packageReferences

  #10909 merged Nov 18, 2024

• make NuGet tests more stable

  #10931 merged Nov 18, 2024

• only report a package as existing if the actual .nupkg can be downloaded

  #10939 merged Nov 15, 2024

• Add support for centralized package manager & language abstraction fo…

  #10929 merged Nov 15, 2024

• Remove Composer v1 Code and Related Feature Flags

  #10934 merged Nov 14, 2024

• Update .NET SDKs

  #10752 merged Nov 14, 2024

• v0.286.0

  #10933 merged Nov 14, 2024

• Fix bug related to empty package manager name in npm_and_yarn package manager

  #10936 merged Nov 14, 2024

• Add Ruby Language Requirement Collection for Bundler Ecosystem Metrics

  #10932 merged Nov 14, 2024

• Send Ecosystem Metrics to Dependabot-API on Update Job Completion

  #10905 merged Nov 13, 2024

• improve packages directory detection

  #10912 merged Nov 11, 2024

• Adding support for build-system.requires in pyproject.toml

  #10899 merged Nov 8, 2024

• clean up warnings from NuGet.Client submodule

  #10911 merged Nov 7, 2024

• create interfaces for workers to make testing more direct

  #10910 merged Nov 7, 2024

• manage C#-only experiments with ExperimentsManager

  #10868 merged Nov 7, 2024

• v0.285.0

  #10906 merged Nov 7, 2024

• Adds additional logs for Github PR creator

  #10907 merged Nov 7, 2024

• Expand Centralized Ecosystem Format with Requirements Information for Bundler Package Manager

  #10897 merged Nov 7, 2024

• Check for packages.config in pure C# updater.

  #10858 merged Nov 6, 2024

• Expand Centralized Ecosystem Format with Language Version Information for Bundler

  #10867 merged Nov 5, 2024

• Add support for centralized package manager abstraction for npm_and_yarn ecosystem

  #10862 merged Nov 5, 2024

• v0.284.0

  #10894 merged Nov 5, 2024

• Bump eslint from 9.13.0 to 9.14.0 in /npm_and_yarn/helpers in the dev-dependencies group

  #10887 merged Nov 5, 2024

• Introduce feature flag to raise exception on same branch exists

  #10878 merged Nov 4, 2024

• Bump the all-actions group across 1 directory with 6 updates

  #10879 merged Nov 4, 2024

• Docker Registry Upgrade

  #10855 merged Nov 1, 2024

• Initial dotnet_sdk updater

  #10756 merged Nov 1, 2024

• Bump rexml from 3.3.8 to 3.3.9 in /updater

  #10860 merged Nov 1, 2024

• Convert match from MatchData to string before creating Python version

  #10877 merged Oct 31, 2024

• source_url in Maven::UpdaterChecker::RequirementsUpdater can be nil

  #10876 merged Oct 31, 2024

• Centralizing Eco-System, and Package Manager Version Information

  #10826 merged Oct 31, 2024

• Bump sorbet and tapioca versions

  #10875 merged Oct 31, 2024

• add explicit clone command for NuGet updater

  #10864 merged Oct 31, 2024

• restrict when we add binding redirects

  #10833 merged Oct 31, 2024

• do case-insensitive comparison for lead_security_dependency experiment

  #10861 merged Oct 31, 2024

• v0.283.0

  #10869 merged Oct 31, 2024

• Bump eslint from 9.12.0 to 9.13.0 in /npm_and_yarn/helpers in the dev-dependencies group

  #10819 merged Oct 25, 2024

• Add semver ignore-condition range code into python version

  #10844 merged Oct 25, 2024

• v0.282.0

  #10839 merged Oct 24, 2024

• Adds telemetry collection logs for existing branches information

  #10840 merged Oct 24, 2024

• Remove replacement of plus with dot in python latest version

  #10838 merged Oct 24, 2024

• Remove python_new_version feature flag and irrelevant code

  #10797 merged Oct 24, 2024

• Add lowest_prerelease_suffix method

  #10832 merged Oct 23, 2024

• fix(dotnet): Ensure that packages can be updated when referencing .NET workloads

  #10649 merged Oct 22, 2024

• Update python patch versions

  #10742 merged Oct 22, 2024

• split artifacts on OS

  #10816 merged Oct 22, 2024

• report unix-friendly packages path

  #10815 merged Oct 22, 2024

• Upgrade Nuget.Client from 6.11.1.2 to 6.12.0.127

  #10814 merged Oct 22, 2024

• Bump library/rust from 1.79.0-bookworm to 1.82.0-bookworm in /cargo

  #10822 merged Oct 21, 2024

21 Pull requests opened by 8 people

• Python 3.13 Support

  #10829 opened Oct 22, 2024

• chore(python): Target latest Python 3.12 version to 3.12.7

  #10831 opened Oct 22, 2024

• Add updater job flag to update the dependency list without updating the dependency files

  #10836 opened Oct 23, 2024

• Bump rubocop-rspec from 2.29.1 to 3.2.0 in /updater

  #10851 opened Oct 27, 2024

• Fixes issue where dependabot can push changes to existing branches

  #10856 opened Oct 28, 2024

• Fix git add command to handle paths with spaces

  #10866 opened Oct 30, 2024

• Bump the poetry group across 1 directory with 2 updates

  #10889 opened Nov 3, 2024

• Bump the common group across 1 directory with 3 updates

  #10890 opened Nov 3, 2024

• Bump symfony/process from 5.4.40 to 5.4.46 in /composer/helpers/v2

  #10903 opened Nov 6, 2024

• Bump golang.org/x/mod from 0.19.0 to 0.22.0 in /go_modules/helpers

  #10916 opened Nov 10, 2024

• Bump pipenv from 2024.0.2 to 2024.4.0 in /python/helpers in the pipenv group across 1 directory

  #10920 opened Nov 10, 2024

• Bump library/golang from 1.22.5-bookworm to 1.23.3-bookworm in /go_modules

  #10921 opened Nov 10, 2024

• Bump nock from 13.5.5 to 13.5.6 in /npm_and_yarn/helpers in the npm-dependencies group

  #10922 opened Nov 10, 2024

• Bump the prod-dependencies group across 1 directory with 20 updates

  #10937 opened Nov 14, 2024

• Store raw installed versions for npm, pnpm, and yarn package managers instead of detected version

  #10938 opened Nov 14, 2024

• Bump eslint from 9.14.0 to 9.15.0 in /npm_and_yarn/helpers in the dev-dependencies group

  #10948 opened Nov 17, 2024

• Bump the dev-dependencies group across 1 directory with 4 updates

  #10949 opened Nov 17, 2024

• Bump friendsofphp/php-cs-fixer from 3.54.0 to 3.64.0 in /composer/helpers/v2 in the dev-dependencies group across 1 directory

  #10950 opened Nov 17, 2024

• Bump the all-actions group across 1 directory with 2 updates

  #10951 opened Nov 17, 2024

• Add support for go ecosystem metrics collection

  #10953 opened Nov 18, 2024

• Bump cross-spawn and npm in /npm_and_yarn/helpers

  #10959 opened Nov 19, 2024

23 Issues closed by 15 people

• Difference in casing in `.sln` file can cause project not to be discovered

  #10957 closed Nov 19, 2024

• Consider Using asdf

  #5781 closed Nov 17, 2024

• Dependabot Ruby/Bundler doesn't work with all ruby versions in gem file

  #8102 closed Nov 15, 2024

• NoMethodError: undefined method `to_sym' for an instance of Hash

  #10935 closed Nov 15, 2024

• Drop support for PHP Composer v1

  #6298 closed Nov 14, 2024

• Dependabot sometimes only edits package-lock.json, not package.json

  #9071 closed Nov 13, 2024

• Wrong type when using the Conventional Commits and GitHub Actions

  #2996 closed Nov 13, 2024

• cargo git dependencies with git tag are not updated correctly

  #10913 closed Nov 10, 2024

• Dependabot doesn't support pnpm versions > 9.4.0

  #10871 closed Nov 8, 2024

• Dependabot not following pagination on quay.io, again

  #10347 closed Nov 1, 2024

• Add support for updating the .NET Core SDK specified by global.json

  #2442 closed Nov 1, 2024

• Dependabot reverses the original requirement order in the PR title

  #5961 closed Nov 1, 2024

• Dependabot stopped working with private sonatype nexus hosted npm registry

  #7793 closed Oct 31, 2024

• @Dependabot API ignore major version not working

  #10798 closed Oct 31, 2024

• Update dependabot ignore semantic version range for python

  #10845 closed Oct 31, 2024

• Remove python_new_version feature flag

  #10777 closed Oct 29, 2024

• Support mason/Brickhub

  #5912 closed Oct 29, 2024

• Dependencies failed to update - Unknown error in pip

  #10598 closed Oct 25, 2024

• Python illformed_requirement

  #10813 closed Oct 24, 2024

• Support for dotnet project requiring workload installation for builds

  #10117 closed Oct 22, 2024

• Graphs or statistics!

  #2216 closed Oct 22, 2024

• Improve backtrace for spec failures caused by empty native helper output

  #4948 closed Oct 21, 2024

• Private repositories not used for version checks -> missing updates for internal libs/plugins

  #10274 closed Oct 21, 2024

42 Issues opened by 38 people

• Don't allow NuGet tasks to call vulnerability APIs

  #10964 opened Nov 19, 2024

• Dependabot suggests version bump that conflicts with version spec in pyproject.toml

  #10962 opened Nov 19, 2024

• [berry] when `.yarnrc.yml` have plugin, fail as `dependency_file_not_resolvable`

  #10961 opened Nov 19, 2024

• NuGet dependency discovery is missing an opportunity to report `dependency_file_not_parsable`

  #10954 opened Nov 18, 2024

• Dependabot fails with unknown error

  #10945 opened Nov 16, 2024

• NuGet updater needs to sideline `Directory.Build.rsp` files with environment variables

  #10943 opened Nov 15, 2024

• Certificate in GitHub repo for fastlane match can't be loaded

  #10942 opened Nov 15, 2024

• Can not upgrade docker base image correctly while using os and arch tag

  #10941 opened Nov 15, 2024

• Dependabot group for patterns "rack" and "rack-*" including unexpected gems

  #10940 opened Nov 15, 2024

• Dependabot updates the all images in a yaml spec that have the same tag (despite for only one the new tag exists)

  #10930 opened Nov 13, 2024

• dependabot version update is failing with yarn

  #10928 opened Nov 12, 2024

• Dependabot doesn't use pre-install hook

  #10927 opened Nov 12, 2024

• Update version and comment for SHA-pinned Terraform modules

  #10926 opened Nov 11, 2024

• Bump Golang group deps with replace directive

  #10925 opened Nov 11, 2024

• dependabot not picking up github-actions updates using semver

  #10924 opened Nov 11, 2024

• @Dependabot API ignore major version seemingly not working

  #10923 opened Nov 11, 2024

• Pull request title and body do not mention all the updated versions

  #10901 opened Nov 6, 2024

• Add HTTP support (for private, self-hosted project management systems like gitlab)

  #10898 opened Nov 6, 2024

• getaddrinfo EAI_AGAIN error when attempting to update packages

  #10893 opened Nov 4, 2024

• You are running out of disk space. The runner will stop working when the machine runs out of disk space.

  #10886 opened Nov 3, 2024

• Create dependabot PRs as a custom user

  #10885 opened Nov 2, 2024

• globstar directory path for github-actions ecosystem makes duplicate PRs

  #10884 opened Nov 1, 2024

• NuGet fails to update implicitly added dependency with `Update` attribute.

  #10883 opened Nov 1, 2024

• Unify around a single HTTP library

  #10881 opened Nov 1, 2024

• Dependabot not recreating or rebasing

  #10874 opened Oct 31, 2024

• DBot proposed update of maven plugin dependency to non-existent version

  #10870 opened Oct 31, 2024

• Rewriting the NuGet updater

  #10865 opened Oct 30, 2024

• Dependabot Nuget with Lockfiles fails to update lockfiles in other dependent projects

  #10863 opened Oct 29, 2024

• Dependabot generates broken PRs for NuGet when lockfiles, private GitHub feeds and package source mappings are used

  #10859 opened Oct 28, 2024

• Update Dependabot Terraform to 1.9

  #10857 opened Oct 28, 2024

• 'registries' key can not take wildcard even though documentation uses as example.

  #10854 opened Oct 28, 2024

• Python: Support PEP 735 `[dependency-groups]` in `pyproject.toml`

  #10847 opened Oct 27, 2024

• Latest version of `org.junit:junit-bom` not picked up

  #10846 opened Oct 26, 2024

• "Dependabot is rebasing this PR" but nothing happens

  #10841 opened Oct 24, 2024

• Floating version notation is causing the build to break

  #10837 opened Oct 23, 2024

• Allow Dependabot to create draft PRs by default via configuration

  #10835 opened Oct 23, 2024

• NuGet `update_not_possible` for group update

  #10834 opened Oct 23, 2024

• Python 3.12.7 not supported by Dependabot

  #10830 opened Oct 22, 2024

• Python 3.13 Support

  #10828 opened Oct 22, 2024

• Reviewer assignment requests from team and single person from team

  #10827 opened Oct 22, 2024

• Create Dependabot security update Fails - proxy | exec /bin/sh: exec format error

  #10824 opened Oct 21, 2024

• "Sub-patch" version grouping (useful for python `types-xxxx` packages)

  #10823 opened Oct 20, 2024

80 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• `quarterly` option for `schedule.interval`

  #7552 commented on Oct 21, 2024 • 0 new comments

• Dependabot unable to fetch transitive dependencies from private repo

  #10267 commented on Oct 22, 2024 • 0 new comments

• Cannot reach private Azure Repo git URL with composer

  #9978 commented on Oct 22, 2024 • 0 new comments

• Azure POST push returns 500 error

  #7107 commented on Oct 22, 2024 • 0 new comments

• Error when found version update in dockerfile

  #7668 commented on Oct 22, 2024 • 0 new comments

• Nuget from private ProGet feed: found dependencies to update but Package.csproj restore fails

  #9098 commented on Oct 22, 2024 • 0 new comments

• Use <summary> and <details> tags for azure PR description.

  #2537 commented on Oct 22, 2024 • 0 new comments

• pnpm: support v9 lockfile format for dependabot alerts - and/or warn that it is unsupported

  #10534 commented on Oct 22, 2024 • 0 new comments

• NuGet updater doesn't handle `<PackageReference>` nodes in `.props`/`.targets` files

  #9136 commented on Oct 22, 2024 • 0 new comments

• Dependabot creates multiple PRs due to transitive dependencies in .NET

  #10808 commented on Oct 23, 2024 • 0 new comments

• NuGet Package With wildcard version throws error

  #9442 commented on Oct 23, 2024 • 0 new comments

• No longer able to update multiple nuget packages in a group

  #9288 commented on Oct 23, 2024 • 0 new comments

• Update NPM & Yarn version to use semver 2 version in dependabot common

  #10424 commented on Oct 23, 2024 • 0 new comments

• Update GO version to use semver 2 version in dependabot common

  #10425 commented on Oct 23, 2024 • 0 new comments

• Maven downgrading a dependency in one POM which really is an upgrade in another POM

  #10669 commented on Oct 23, 2024 • 0 new comments

• Support PDM: https://github.com/frostming/pdm

  #3190 commented on Oct 24, 2024 • 0 new comments

• Support python uv as pip-compile compatible replacement

  #10039 commented on Oct 24, 2024 • 0 new comments

• Support for updating devcontainer.json files (for dev containers)

  #7000 commented on Oct 24, 2024 • 0 new comments

• Make it possible to validate Dependabot config before it lands on `main`

  #4605 commented on Oct 24, 2024 • 0 new comments

• `dependency_file_not_found` error looking for a `package.json` from a deleted `directories:` entry

  #10684 commented on Oct 24, 2024 • 0 new comments

• Dependabot Runs successfully, Fails to create PR with /git/trees: 422 - GitRPC::BadObjectState

  #10280 commented on Oct 24, 2024 • 0 new comments

• Unable to update swift packages, update_files_error

  #9038 commented on Oct 25, 2024 • 0 new comments

• Fails to determine latest version of parent org.springframework.boot:spring-boot-starter-parent

  #10319 commented on Oct 26, 2024 • 0 new comments

• Place all ungrouped dependencies into a single pull request

  #7758 commented on Oct 26, 2024 • 0 new comments

• Dependabot ignores dependencies even if they have a higher version than the ignored version.

  #10722 commented on Oct 28, 2024 • 0 new comments

• Don't respond with `I won't notify you again about this release` when resolved by another PR

  #6161 commented on Oct 29, 2024 • 0 new comments

• Group updates by `direct` and `indirect` updates

  #7959 commented on Oct 29, 2024 • 0 new comments

• version-update:semver-major not working with pytest

  #10573 commented on Oct 29, 2024 • 0 new comments

• Revisit how responsibilities are split up between `UpdateChecker` and `Version` in docker ecosystem

  #5911 commented on Oct 30, 2024 • 0 new comments

• Dependabot adding index to Pipfile.lock causes issue in newest version of pipenv

  #7936 commented on Oct 30, 2024 • 0 new comments

• NPM check fails with whitespace in path

  #10527 commented on Oct 30, 2024 • 0 new comments

• Dependabot couldn't fetch path-based dependencies (pip)

  #9554 commented on Oct 30, 2024 • 0 new comments

• Dependabot locked a dependency to a version with conflicts

  #7947 commented on Oct 30, 2024 • 0 new comments

• Dependabot failing to update pnpm monorepo when using groups (NoChangeError)

  #8351 commented on Oct 30, 2024 • 0 new comments

• Not respecting groups' `exclude-pattern` config for sub-dependencies/implicit dependencies

  #10508 commented on Oct 31, 2024 • 0 new comments

• dependabot fails to update pnpm-lock.yaml

  #8186 commented on Nov 1, 2024 • 0 new comments

• update_not_possible message

  #8903 commented on Nov 5, 2024 • 0 new comments

• Dependabot PRs don't have appropriate links anymore to track the diff of the change being integrated.

  #10383 commented on Nov 5, 2024 • 0 new comments

• Fix ArgumentError Malformed version number string in NPM & Yarn

  #10369 commented on Nov 5, 2024 • 0 new comments

• Dependabot frequently failing to raise PR for pub packages

  #7223 commented on Nov 6, 2024 • 0 new comments

• [Feature request] New rule: Prevent merge of PR if vulnerability with a certain severity is found

  #10904 commented on Nov 6, 2024 • 0 new comments

• Add Support for Separate Pull Requests for Major, Minor, and Patch Version Updates

  #6957 commented on Nov 6, 2024 • 0 new comments

• Ignore manifests in specific subdirectories

  #4364 commented on Nov 7, 2024 • 0 new comments

• Support updating `uv.lock`

  #10478 commented on Nov 7, 2024 • 0 new comments

• Dependabot for github actions considering closed PR's in existing-pull-requests list

  #9920 commented on Nov 8, 2024 • 0 new comments

• Offer to update `package.json` in addition to the lock file

  #10863 commented on Nov 8, 2024 • 0 new comments

• Allow access/configure authentication to private (python/poetry) registries hosted by Google Artifact Repository

  #9421 commented on Nov 9, 2024 • 0 new comments

• Dependabot configured, but shows 'Dependabot version updates aren't configured yet'

  #7357 commented on Nov 11, 2024 • 0 new comments

• Some dependencies are missed in a group

  #7822 commented on Nov 11, 2024 • 0 new comments

• Go directive in go.mod not updated when a new dependency requires it

  #9527 commented on Nov 11, 2024 • 0 new comments

• Document how to make public GitHub API requests without rate limits for self-hosted Enterprise runners

  #7519 commented on Nov 12, 2024 • 0 new comments

• YAML aliases

  #1582 commented on Nov 12, 2024 • 0 new comments

• Support Swift Packages requiring Swift 6.0 only

  #10754 commented on Nov 13, 2024 • 0 new comments

• Timeout running job when updating NuGet packages after updater logic was re-written in C#

  #9375 commented on Nov 13, 2024 • 0 new comments

• Provide details for `update_not_possible`

  #10728 commented on Nov 13, 2024 • 0 new comments

• How does Dependabot looks for CHANGELOG in nuget packages?

  #3850 commented on Nov 13, 2024 • 0 new comments

• ERR_PNPM_NO_MATCHING_VERSION after adding private registry

  #9891 commented on Nov 14, 2024 • 0 new comments

• Npm packages are unexpectedly downloaded from the internal registry

  #10227 commented on Nov 14, 2024 • 0 new comments

• Provide option to configure format of branch name

  #396 commented on Nov 15, 2024 • 0 new comments

• see who or why triggered a dependabot run?

  #9925 commented on Nov 15, 2024 • 0 new comments

• Exception if 'Directory.Build.props' contains 'PropertyGroup' named 'PackageReference...'

  #6139 commented on Nov 16, 2024 • 0 new comments

• Support for python VCS package version update triggers

  #6147 commented on Nov 18, 2024 • 0 new comments

• Update badges to be compatible with the new native GitHub Dependabot

  #1912 commented on Nov 18, 2024 • 0 new comments

• Dependabot crashes on Terraform 1.8 provider-defined functions

  #10315 commented on Nov 18, 2024 • 0 new comments

• Dependabot doesn't work with monorepos using pnpm

  #10758 commented on Nov 18, 2024 • 0 new comments

• Way to view all currently applied ignored dependencies / versions

  #10286 commented on Nov 18, 2024 • 0 new comments

• `schedule.interval` support cron expressions

  #6339 commented on Nov 18, 2024 • 0 new comments

• `schedule.interval` of `fortnight` (every two weeks)

  #7490 commented on Nov 18, 2024 • 0 new comments

• Dependabot keeps timing out

  #10309 commented on Nov 19, 2024 • 0 new comments

• Incorrect TOML parsing of multi-line literal strings for `pyproject.toml`

  #10523 commented on Nov 19, 2024 • 0 new comments

• Specify Target Framework for .NET libraries

  #2733 commented on Nov 19, 2024 • 0 new comments

• Allow regex or glob in versions to ignore

  #7885 commented on Nov 19, 2024 • 0 new comments

• Specs for helmfiles with different names

  #6105 commented on Nov 15, 2024 • 0 new comments

• fix(terraform): update `less-than`/`less-than/equals` version constraints

  #8983 commented on Nov 8, 2024 • 0 new comments

• Add YAML Alias Support to Dependabot Configuration

  #9653 commented on Oct 28, 2024 • 0 new comments

• Support uv compiled requirements files

  #10040 commented on Oct 31, 2024 • 0 new comments

• Upgrade to latest Ruby patchlevels

  #10250 commented on Oct 22, 2024 • 0 new comments

• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates

  #10361 commented on Nov 17, 2024 • 0 new comments

• use MSBuild binlog to report dependencies

  #10597 commented on Nov 19, 2024 • 0 new comments

• Try to find pnpm-lock.yaml file upwards on tree structure

  #10806 commented on Nov 19, 2024 • 0 new comments