v0.256.0

What's Changed

• Bump @npmcli/arborist from 7.4.2 to 7.5.1 in /npm_and_yarn/helpers in the npm-dependencies group across 1 directory by @dependabot in #9655
• Dependabot core issue npe composer fileparser by @GarryHurleyJr in #9643
• Use pnpm@9 for lockfile >= 9.0 by @tusbar in #9668
• Bump eslint from 9.1.1 to 9.2.0 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot in #9674
• experimental glob support by @jakecoffman in #9646
• Update bundler module to ruby 3.3.1 by @DuncSmith in #9679
• Bump library/rust from 1.77.2-bookworm to 1.78.0-bookworm in /cargo by @dependabot in #9675
• Bump the sorbet group across 2 directories with 3 updates by @dependabot in #9686
• Bump actions/create-github-app-token from 1.9.3 to 1.10.0 in the all-actions group by @dependabot in #9676
• allow 4 part version numbers for transitive dependencies by @brettfo in #9689
• fix exceptions from integration tests due to no metadata finders by @jakecoffman in #9697
• v0.256.0 by @dependabot-core-action-automation in #9691

New Contributors

• @GarryHurleyJr made their first contribution in #9643
• @tusbar made their first contribution in #9668
• @DuncSmith made their first contribution in #9679

Full Changelog: v0.255.0...v0.256.0

v0.255.0

What's Changed

• Bump composer/composer from 2.7.2 to 2.7.4 in /composer/helpers/v2 in the prod-dependencies group across 1 directory by @dependabot in #9590
• #5246:removing the leading underscore restriction in the package naming. by @raj-meka in #9569
• allow updating package without assemblies from packages.config by @brettfo in #9542
• Bump library/rust from 1.75.0-bookworm to 1.77.2-bookworm in /cargo by @dependabot in #9585
• chore(python): target latest python versions 3.12.3, 3.11.9 by @nimirium in #9526
• Fix error thrown when updating dependencies in poetry non-package mode by @ewilliamson-patreon in #9400
• Update version_resolver to support yarn v4 by @jpandersen87 in #9405
• #9508: Recreating and Handling "Name contains illegal characters" in package.json by @thavaahariharangit in #9611
• don't sent dotnet telemetry by @brettfo in #9614
• Add simplecov to track test coverage by @JamieMagee in #9595
• Add scorecards analysis by @JamieMagee in #9589
• #9555:sorbet error fix by @raj-meka in #9622
• Bump plette from 0.4.4 to 2.0.2 in /python/helpers by @dependabot in #9630
• Bump the sorbet group across 1 directory with 2 updates by @dependabot in #9632
• Sign remaining images with cosign by @JamieMagee in #9615
• Enable Docker content trust by @JamieMagee in #9620
• Bump Ruby to 3.3.1 by @jurre in #9597
• Bump toml-rb from 2.2.0 to 3.0.1 by @dependabot in #9580
• Resolve some Sorbet errors in Terraform by @JamieMagee in #9635
• Strict type Dependabot::NpmAndYarn::FileUpdater::NpmrcBuilder by @JamieMagee in #9637
• Specify patch levels for previous Rubies by @landongrindheim in #9645
• Add support for Cargo private registries by @CodingAnarchy in #8719
• Allow NuGet dependencies to exist with duplicate names but different dependency types by @DavidBoike in #9642
• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #9562
• Bump the pnpm-dependencies group across 1 directory with 2 updates by @dependabot in #9651
• Improve handling for hashing unknown packages by @jurre in #9556
• Enable YJIT for even-numbered update jobs by @landongrindheim in #9663
• log base commit for easier debugging by @jakecoffman in #9654
• v0.255.0 by @dependabot-core-action-automation in #9649

New Contributors

• @nimirium made their first contribution in #9526
• @ewilliamson-patreon made their first contribution in #9400
• @jpandersen87 made their first contribution in #9405
• @CodingAnarchy made their first contribution in #8719
• @DavidBoike made their first contribution in #9642

Full Changelog: v0.254.0...v0.255.0

v0.254.0

What's Changed

• Harry/hh170424 by @thavaahariharangit in #9514
• hh170424: Fixing the sorbet type errors. by @thavaahariharangit in #9517
• hh170424: Fixing the sorbet type errors. by @thavaahariharangit in #9521
• Bump es5-ext from 0.10.53 to 0.10.63 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/nested by @dependabot in #9146
• Bump @dependabot/yarn-lib from 1.22.19 to 1.22.22 in /npm_and_yarn/helpers in the yarn-dependencies group by @dependabot in #9531
• Fix global.json being mangled by @martincostello in #9413
• allow packages.config update when project file doesn't list assembly version by @brettfo in #9534
• add functionality to ignore comments in .python-version file and fetch minimum Python version successfully by @mohammadalizabihitari in #9519
• Bump the sorbet group with 2 updates by @dependabot in #9512
• Request gzip'ed responses from rubygems API by @jurre in #9539
• Bump the pipenv group in /python/helpers with 1 update by @dependabot in #9032
• Bump ip and socks in /npm_and_yarn/helpers by @dependabot in #9086
• Maven: Handle Malformed expressions or Invalid values present in properties section of the pom.xml file by @thavaahariharangit in #9538
• Bump sorbet from 0.5.11349 to 0.5.11352 in the sorbet group by @dependabot in #9552
• Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #9550
• Bump eslint from 8.56.0 to 9.1.0 in /npm_and_yarn/helpers by @dependabot in #9549
• Replace hardcoded "sanitized-package" with the actual package name by @mohammadalizabihitari in #9563
• fix ignore conditions nil error by @jakecoffman in #9560
• Bump the dev-dependencies group in /updater with 10 updates by @dependabot in #9520
• use multi-directory config by @jakecoffman in #9574
• fix the directory name in dependabot.yml by @jakecoffman in #9578
• prevent sorbet from bumping in dev-dependencies by @jakecoffman in #9584
• Bump the sorbet group across 2 directories with 2 updates by @dependabot in #9586
• Bump excon from 0.109.0 to 0.110.0 by @dependabot in #9583
• Add multi-dir to composer by @abdulapopoola in #9588
• Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in #9575
• cache results of the discovery tool by @brettfo in #9566
• Allow version parameter to be nilable in Dependabot::NpmAndYarn::FileParser.semver_version_for by @JamieMagee in #9390
• Update bundler to 2.5.9 by @jurre in #9596
• Sign branch images with cosign by @Nishnha in #9571
• Bump the sorbet group across 2 directories with 1 update by @dependabot in #9591
• Ignoring the fixture files in workflow (dependency review and code QL) runs by @thavaahariharangit in #9600
• fix fragment in suggested_changelog_url causing exceptions by @jakecoffman in #9604
• v0.254.0 by @dependabot-core-action-automation in #9607

New Contributors

• @mohammadalizabihitari made their first contribution in #9519

Full Changelog: v0.253.0...v0.254.0

v0.253.0

What's Changed

• fix smoke tests not running by @jakecoffman in #9487
• fix pub build not using lockfile by @jakecoffman in #9491
• asynchronously create PRs by @jakecoffman in #9485
• use MSBuild-evaluated property values for TFM by @brettfo in #9417
• Bump psych from 5.1.1.1 to 5.1.2 in /updater by @dependabot in #8854
• Bump the npm-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in #9499
• Bump nokogiri from 1.15.4 to 1.16.4 in /updater by @dependabot in #9479
• 5856: nokogiri stack level is too deep error by @thavaahariharangit in #9472
• Bump the all-actions group with 2 updates by @dependabot in #9488
• Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in #9465
• fix smoke test download failing by @jakecoffman in #9510
• remove implicit group behavior from the Updater by @jakecoffman in #9506
• handle all instances of global.json when initializing MSBuild by @brettfo in #9511
• Ensure stackprof is only required once by @jurre in #9516
• Bump the common group in /python/helpers with 2 updates by @dependabot in #9393
• Bump es5-ext from 0.10.53 to 0.10.63 in /npm_and_yarn/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot in #9142
• update all packages with dependencies on the target package when possible by @brettfo in #9507
• v0.253.0 by @dependabot-core-action-automation in #9525

Full Changelog: v0.252.0...v0.253.0

v0.252.0

What's Changed

• Fix Duplicate Dependencies Showing in PR summary table by @honeyankit in #9436
• automatically download the latest Go when needed by @jakecoffman in #9435
• bundler: avoid reparsing same gemspec by @jakecoffman in #9458
• Bump Swift version from 5.9 to 5.10 by @swiftyfinch in #9459
• Update how we record Bundler versions by @landongrindheim in #9462
• build(deps): bump terraform from 1.6.6 to 1.7.5 by @HorizonNet in #9013
• Bump composer/composer from 2.6.5 to 2.7.2 in /composer/helpers/v2 by @dependabot in #9316
• Avoid passing empty strings as versions by @bdragon in #9461
• Bump library/golang from 1.22.1-bookworm to 1.22.2-bookworm in /go_modules by @dependabot in #9449
• Handle more branch protection errors by @jurre in #9454
• yarn: replace credentials with dummy creds by @jakecoffman in #9466
• [NuGet] Add NuGetUpdater Discover command by @JoeRobich in #9267
• Point smoke-test branch back at main by @Nishnha in #9473
• build(deps): bump Yarn to 3.8.1 by @yeikel in #8964
• Avoid passing empty strings as versions, part 2 by @bdragon in #9471
• Gitlab: Properly forward author details by @ylecuyer in #9188
• Switch VCR record mode to :none by @Nishnha in #4822
• Treat pep-621 deps as prod if no requirement_type is specified by @jurre in #9470
• Actions: allow less precise semver updates by @jakecoffman in #9474

New Contributors

• @swiftyfinch made their first contribution in #9459
• @ylecuyer made their first contribution in #9188

Full Changelog: v0.251.0...v0.252.0

v0.251.0

What's Changed

• Handle requests for review from dependabot by @landongrindheim in #9398
• only report dependencies whose version numbers can be resolved by @brettfo in #9387
• Table doesn't properly end for multi-directory GSU by @honeyankit in #9364
• allow flamegraph gathering by @jakecoffman in #9423
• remove redundant parsing of original files by @jakecoffman in #9424
• Prevent comparison of Integer with String in group update creation by @bdragon in #9367
• Check for nil Dependency#previous_requirements before passing to T.must by @bdragon in #9428
• fix multi-version ecosystem security vulnerability failure by @jakecoffman in #9434
• If only 1 dep in group is updated, use solo title by @pavera in #9416
• Better support around bundler changelogs by @Nishnha in #9429
• Add a note about assumptions being made by @landongrindheim in #9427
• Handle force push restrictions from repository rules by @jurre in #9439
• bundler: avoid repeat lockfile parsing with caching by @jakecoffman in #9443
• speed up bundler updates by parsing gemspecs concurrently by @jakecoffman in #9425
• Explicitly state if dependency was removed in the dependency updates table for grouped updates by @Nishnha in #9437
• v0.251.0 by @dependabot-core-action-automation in #9447

Full Changelog: v0.250.0...v0.251.0

v0.250.0

What's Changed

• Update npm sorbet types by @ryanbrandenburg in #9343
• don't fail loading build files that don't exist by @brettfo in #9385
• remove unused boolean from input of tests by @jakecoffman in #9401
• fix really long branch names by @jakecoffman in #9410
• v0.250.0 by @dependabot-core-action-automation in #9412

Full Changelog: v0.249.0...v0.250.0

v0.249.0

What's Changed

• Set Style/AccessorGrouping to separated by @JamieMagee in #9336
• Start strict typing gradle by @JamieMagee in #9346
• Cover parts of go_modules code with Sorbet by @ByAgenT in #9338
• Strict type remainder of NuGet by @JamieMagee in #9337
• Fix Invalid .yarnrc.yml File due to Missing Double Quotes by @honeyankit in #9322
• Switch from pipfile to plette lib by @jeffwidman in #8627
• @target_version can be String or Dependabot::Nuget::Version by @JamieMagee in #9352
• Bump the poetry group in /python/helpers with 2 updates by @dependabot in #9291
• Support Poetry non-package mode by @onlined in #9323
• add and update tests around group update failures by @jakecoffman in #9363
• swap language when closing group refresh PR to be less specific by @jakecoffman in #9371
• fix: parse plugin artifactItem dependencies by @yeikel in #9313
• Prevent NoMethodError in group update creation by @bdragon in #9366
• only report dependencies from project files that have a target framework by @brettfo in #9347
• Fix CodeCommit 'fetch_repo_contents' strict type enforcement from Aws::CodeCommit::Types::GetFolderOutput to Seahorse::Client::Response by @dwc0011 in #9334
• test for exclude patterns by @jakecoffman in #9377
• package_version may be nil by @bdragon in #9365
• don't allow global.json from repo to affect MSBuild discovery by @brettfo in #9374
• Add require 'sorbet-runtime' where missing by @JamieMagee in #9379
• honor packageSourceMapping from NuGet.Config by @brettfo in #9381
• Avoid including group in PR titles twice by @jurre in #9384
• v0.249.0 by @dependabot-core-action-automation in #9382

New Contributors

• @ByAgenT made their first contribution in #9338
• @onlined made their first contribution in #9323

Full Changelog: v0.248.0...v0.249.0

v0.248.0

What's Changed

• Strict type Dependabot::Nuget::UpdateChecker::VersionFinder by @JamieMagee in #9284
• Type more classes by @ryanbrandenburg in #9275
• Make toml an explicit requirement by @jeffwidman in #8626
• Update stalebot.yml by @jonjanego in #9295
• Update stalebot.yml by @jonjanego in #9298
• make dependency file not found message more specific by @brettfo in #9294
• Strict type some more nuget by @JamieMagee in #9293
• Update stalebot.yml by @jonjanego in #9302
• Bump the sorbet group with 1 update by @dependabot in #9274
• Create issue-labeler.yml by @abdulapopoola in #9305
• Create add-to-core-project.yml by @abdulapopoola in #9307
• Update add-to-core-project.yml by @abdulapopoola in #9310
• Update PNPM to 8.15.5 by @abdulapopoola in #9320
• report discovered dependencies and requirement metadata by @brettfo in #9303
• chore(python): target latest python versions 3.12.2, 3.11.8 by @sileht in #9328
• Switch to official GitHub action for managing app tokens by @jeffwidman in #9340
• v0.248.0 by @dependabot-core-action-automation in #9339

New Contributors

• @sileht made their first contribution in #9328

Full Changelog: v0.247.0...v0.248.0

v0.247.0

What's Changed

• Resolve errors from Sorbet todo.rbi by @JamieMagee in #9177
• Only use credentials which have registry configured by @JamieMagee in #9159
• fix type of requirements_update_strategy by @jakecoffman in #9197
• Require typed: true for cargo by @JamieMagee in #9194
• Record Sorbet errors with OpenTelemetry by @JamieMagee in #9202
• remove tests that are covered by smoke or silent tests by @jakecoffman in #9205
• use built-in file downloader to get .nupkg by @brettfo in #9204
• Strict type most of github_actions by @JamieMagee in #9186
• Ensure T::Set from NuGetClient.get_package_versions by @JamieMagee in #9180
• build(deps): bump node to v20 by @yeikel in #8275
• support multi-directory update with no groups by @jakecoffman in #9148
• Avoid instantiating a dependency with nil requirements by @bdragon in #9216
• Bump library/golang from 1.22.0-bookworm to 1.22.1-bookworm in /go_modules by @dependabot in #9226
• fix exception during all-versions-ignored handling by @jakecoffman in #9214
• Add handling for nil source_url in IssueLinker when generating PR text by @bdragon in #9220
• Add and configure rubocop-rspec by @JamieMagee in #9206
• always directly download nupkg and cache the tfms by @brettfo in #9230
• report the current version as latest if nothing can be found by @brettfo in #9234
• ↔️ Report Errors to the Service by @landongrindheim in #9208
• Allow on as a YAML key by @landongrindheim in #9229
• Update NuGet.Client from 6.8.0.131 to 6.9.1.3 by @JamieMagee in #9222
• don't assume the Include attribute is present on a <ProjectReference> node by @brettfo in #9238
• Fix Nuget grouped PR's by @sebasgomez238 in #9228
• improve robustness of parsing odd-looking version ranges by @brettfo in #9239
• Simplify type parameters for Gem::Version by @JamieMagee in #9232
• Avoid comparison with nil version by @bdragon in #9242
• Strict type nuget file_fetcher, file_parser, and file_updater classes. by @JoeRobich in #9225
• Filter out NuGet files where lines were only deleted by @JamieMagee in #9162
• Set branch for NuGet.Client submodule by @JamieMagee in #9223
• use safe navigation through resolvable version by @brettfo in #9243
• prevent both directory and directories from being in the job definition by @jakecoffman in #9227
• Fix the number of updated directories in a group update by @Nishnha in #9240
• allow interactive debugging of tests in the updater by @jakecoffman in #9250
• when resolving MSBuild properties, don't throw if it can't be resolved by @brettfo in #9252
• ensure nupkg zip entry contains a tfm before adding to the list by @brettfo in #9263
• multi-dir rebase of a single dependency by @jakecoffman in #9212
• ⏩ Send Remaining Exceptions to the Service by @landongrindheim in #9237
• Create stalebot.yml, update contributors to explain its existence by @jonjanego in #9264
• Suppress yamlint warning by @abdulapopoola in #9273
• Bump the pip-tools group in /python/helpers with 1 update by @dependabot in #9256
• requirements_update_strategy is String not Symbol by @JamieMagee in #9179
• Type more of nuget by @JamieMagee in #9244
• Allow files to be nilable in solo_strategy by @JamieMagee in #9280
• update dotnet sdk by @brettfo in #9282
• improve update-not-possible logging by @jakecoffman in #9269
• 📏 Standardize Error Keys by @landongrindheim in #9251
• Silence non-file fetching errors by @landongrindheim in #9279
• always recurse submodules when cloning by @jakecoffman in #9278
• Handle local nuget repositories by @ryanbrandenburg in #9253
• Update stalebot.yml by @jonjanego in #9285
• v0.247.0 by @dependabot-core-action-automation in #9235

New Contributors

• @jonjanego made their first contribution in #9264

Full Changelog: v0.246.0...v0.247.0