{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":426498950,"defaultBranch":"main","name":"dependabot-core","ownerLogin":"jeffwidman","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2021-11-10T05:44:27.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/483314?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1711136637.0","currentOid":""},"activityList":{"items":[{"before":"89ebc55dac8630574301a10917425f80a56e4763","after":"7b25e935cd0a1f9a89abf6ce865cea69090c298d","ref":"refs/heads/main","pushedAt":"2024-04-28T15:27:13.000Z","pushType":"push","commitsCount":1065,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Merge pull request #9622 from dependabot/raj/#9555\n\n#9555:sorbet error fix","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2266291640\" data-permission-text=\"Title is private\" data-url=\"https://github.com/dependabot/dependabot-core/issues/9622\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/dependabot/dependabot-core/pull/9622/hovercard\" href=\"https://github.com/dependabot/dependabot-core/pull/9622\">dependabot#9622</a> from dependabot/raj/<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2255911125\" data-permission-text=\"Title is private\" data-url=\"https://github.com/dependabot/dependabot-core/issues/9555\" data-hovercard-type=\"issue\" data-hovercard-url=\"/dependabot/dependabot-core/issues/9555/hovercard\" href=\"https://github.com/dependabot/dependabot-core/issues/9555\">dependabot#9555</a>"}},{"before":"c6ef0fe77c9369c7fd1f198a8877543b875218b9","after":null,"ref":"refs/heads/switch-from-pipfile-to-plette-lib","pushedAt":"2024-03-22T19:43:57.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"fc7a0abaeb04e70b7e1863d0c23361c68c95f5c9","after":"c6ef0fe77c9369c7fd1f198a8877543b875218b9","ref":"refs/heads/switch-from-pipfile-to-plette-lib","pushedAt":"2024-03-22T18:23:56.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"abdulapopoola","name":"AbdulFattaah Popoola","path":"/abdulapopoola","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/575065?s=80&v=4"},"commit":{"message":"Merge branch 'main' into switch-from-pipfile-to-plette-lib","shortMessageHtmlLink":"Merge branch 'main' into switch-from-pipfile-to-plette-lib"}},{"before":"5ab89f4cebe4582e6e065cfc4eac63e66cc6d3bc","after":"fc7a0abaeb04e70b7e1863d0c23361c68c95f5c9","ref":"refs/heads/switch-from-pipfile-to-plette-lib","pushedAt":"2024-03-22T17:29:57.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"abdulapopoola","name":"AbdulFattaah Popoola","path":"/abdulapopoola","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/575065?s=80&v=4"},"commit":{"message":"Merge branch 'main' into switch-from-pipfile-to-plette-lib","shortMessageHtmlLink":"Merge branch 'main' into switch-from-pipfile-to-plette-lib"}},{"before":"61ee2b8d037f3e3dae0ef93946419c4f8ea8533c","after":"5ab89f4cebe4582e6e065cfc4eac63e66cc6d3bc","ref":"refs/heads/switch-from-pipfile-to-plette-lib","pushedAt":"2024-03-21T17:27:18.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Switch from `pipfile` to `plette` lib\n\nThe main user of `pipfile` is `pipenv`, and _not_ any of the other\npython package managers.\n\nHowever, `pipfile` library has been pretty much unmaintained, so\n`pipenv` switched to using `plette` for parsing/validation of\n`Pipfile`'s:\n* https://github.com/pypa/pipenv/issues/5310\n* https://github.com/pypa/pipenv/pull/5339\n\nSo let's switch our usage as well. Today we only use `pipfile` for\ngenerating hashes, so this is effectively a silent no-op. However, down\nthe road we could leverage `plette` for `Pipfile` parsing/validation...\nfor example see how it's flagging things here:\nhttps://github.com/dependabot/dependabot-core/pull/6104#issuecomment-1356403336","shortMessageHtmlLink":"Switch from <code>pipfile</code> to <code>plette</code> lib"}},{"before":"50921a3939fc5e10ad91562cc9d3f69c8e6d0d7e","after":null,"ref":"refs/heads/make-toml-import-explicit","pushedAt":"2024-03-14T15:39:58.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"f04a6b679128f0c6f12ea8dd9229f84fc87bbd3c","after":"50921a3939fc5e10ad91562cc9d3f69c8e6d0d7e","ref":"refs/heads/make-toml-import-explicit","pushedAt":"2024-03-14T14:44:34.000Z","pushType":"push","commitsCount":35,"pusher":{"login":"abdulapopoola","name":"AbdulFattaah Popoola","path":"/abdulapopoola","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/575065?s=80&v=4"},"commit":{"message":"Merge branch 'main' into make-toml-import-explicit","shortMessageHtmlLink":"Merge branch 'main' into make-toml-import-explicit"}},{"before":"3e40ab12e25152599102b3730a6305b89b741598","after":"f04a6b679128f0c6f12ea8dd9229f84fc87bbd3c","ref":"refs/heads/make-toml-import-explicit","pushedAt":"2024-03-11T16:56:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Make `toml` an explicit requirement\n\nI couldn't figure out why the tests were failing for:\n* https://github.com/dependabot/dependabot-core/pull/7741\n\nuntil I realized that `pipfile` imports `toml`:\nhttps://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44\n\nwhich then gets used over in the unrelated file `parser.py`:\nhttps://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24\n\nSo let's make the import of `toml` explicit so that we aren't relying on\nthe side effects of importing `pipfile`. The `toml` requirement from\n`pipfile` isn't pinned, so I simply pinned to the latest release.\n\nPython `3.11` added a native `tomllib` library, so once we drop support\nfor `3.10` we can drop this 3p lib entirely.","shortMessageHtmlLink":"Make <code>toml</code> an explicit requirement"}},{"before":"2d0cb4ec0fdf4c77e6c73d1de6173e791e88efbe","after":"3e40ab12e25152599102b3730a6305b89b741598","ref":"refs/heads/make-toml-import-explicit","pushedAt":"2024-01-24T18:37:01.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Make `toml` an explicit requirement\n\nI couldn't figure out why the tests were failing for:\n* https://github.com/dependabot/dependabot-core/pull/7741\n\nuntil I realized that `pipfile` imports `toml`:\nhttps://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44\n\nwhich then gets used over in the unrelated file `parser.py`:\nhttps://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24\n\nSo let's make the import of `toml` explicit so that we aren't relying on\nthe side effects of importing `pipfile`. The `toml` requirement from\n`pipfile` isn't pinned, so I simply pinned to the latest release.\n\nPython `3.11` added a native `tomllib` library, so once we drop support\nfor `3.10` we can drop this 3p lib entirely.","shortMessageHtmlLink":"Make <code>toml</code> an explicit requirement"}},{"before":"fb42f122d3c161cd4bd55dcd2d8be45a52d9181b","after":"2d0cb4ec0fdf4c77e6c73d1de6173e791e88efbe","ref":"refs/heads/make-toml-import-explicit","pushedAt":"2024-01-23T18:16:35.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Make `toml` an explicit requirement\n\nI couldn't figure out why the tests were failing for:\n* https://github.com/dependabot/dependabot-core/pull/7741\n\nuntil I realized that `pipfile` imports `toml`:\nhttps://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44\n\nwhich then gets used over in the unrelated file `parser.py`:\nhttps://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24\n\nSo let's make the import of `toml` explicit so that we aren't relying on\nthe side effects of importing `pipfile`. The `toml` requirement from\n`pipfile` isn't pinned, so I simply pinned to the latest release.\n\nPython `3.11` added a native `tomllib` library, so once we drop support\nfor `3.10` we can drop this 3p lib entirely.","shortMessageHtmlLink":"Make <code>toml</code> an explicit requirement"}},{"before":"110d5b4a07d11a5c46f1def632d9dc655571c459","after":"fb42f122d3c161cd4bd55dcd2d8be45a52d9181b","ref":"refs/heads/make-toml-import-explicit","pushedAt":"2024-01-23T00:57:21.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Make `toml` an explicit requirement\n\nI couldn't figure out why the tests were failing for:\n* https://github.com/dependabot/dependabot-core/pull/7741\n\nuntil I realized that `pipfile` imports `toml`:\nhttps://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44\n\nwhich then gets used over in the unrelated file `parser.py`:\nhttps://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24\n\nSo let's make the import of `toml` explicit so that we aren't relying on\nthe side effects of importing `pipfile`. The `toml` requirement from\n`pipfile` isn't pinned, so I simply pinned to the latest release.\n\nPython `3.11` added a native `tomllib` library, so once we drop support\nfor `3.10` we can drop this 3p lib entirely.","shortMessageHtmlLink":"Make <code>toml</code> an explicit requirement"}},{"before":"c00c14164aa73c8ae31d5fde1d73bbb1d554d588","after":null,"ref":"refs/heads/6453-azure-devops-now-supports-html","pushedAt":"2023-12-20T05:06:05.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"e722611352302599e554d1aada2c81f7425f59c7","after":null,"ref":"refs/heads/stop-printing-pointless-git-warning-into-logs-and-tests","pushedAt":"2023-12-19T20:49:31.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"f2a8fec98a5f549cded075071fb992a07abc2d44","after":null,"ref":"refs/heads/add-barry-s-test","pushedAt":"2023-12-19T20:49:04.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"98cdad6a35db8cde4c26513148dc91e592ac44af","after":"f2a8fec98a5f549cded075071fb992a07abc2d44","ref":"refs/heads/add-barry-s-test","pushedAt":"2023-12-19T18:06:36.000Z","pushType":"push","commitsCount":14,"pusher":{"login":"jakecoffman","name":"Jake Coffman","path":"/jakecoffman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/886768?s=80&v=4"},"commit":{"message":"Merge branch 'main' into add-barry-s-test","shortMessageHtmlLink":"Merge branch 'main' into add-barry-s-test"}},{"before":"f874ffd6d7d37ddb515c1abf7e4afeb4ef3e0335","after":"c00c14164aa73c8ae31d5fde1d73bbb1d554d588","ref":"refs/heads/6453-azure-devops-now-supports-html","pushedAt":"2023-12-19T17:57:17.000Z","pushType":"push","commitsCount":7,"pusher":{"login":"jakecoffman","name":"Jake Coffman","path":"/jakecoffman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/886768?s=80&v=4"},"commit":{"message":"Merge branch 'main' into 6453-azure-devops-now-supports-html","shortMessageHtmlLink":"Merge branch 'main' into 6453-azure-devops-now-supports-html"}},{"before":"47bab6c502487105bf91c2588a55fd2a82cd9439","after":"e722611352302599e554d1aada2c81f7425f59c7","ref":"refs/heads/stop-printing-pointless-git-warning-into-logs-and-tests","pushedAt":"2023-12-19T17:24:05.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"jakecoffman","name":"Jake Coffman","path":"/jakecoffman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/886768?s=80&v=4"},"commit":{"message":"Merge branch 'main' into stop-printing-pointless-git-warning-into-logs-and-tests","shortMessageHtmlLink":"Merge branch 'main' into stop-printing-pointless-git-warning-into-log…"}},{"before":"72befb601c0bae15fc70cf4c9e486867fd05c138","after":"f874ffd6d7d37ddb515c1abf7e4afeb4ef3e0335","ref":"refs/heads/6453-azure-devops-now-supports-html","pushedAt":"2023-12-19T12:21:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jurre","name":"Jurre","path":"/jurre","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/749864?s=80&v=4"},"commit":{"message":"Azure DevOps now supports HTML in PR descriptions\n\nWhile researching https://github.com/dependabot/dependabot-core/pull/6287#discussion_r1072768837,\nI noticed that https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html\neventually leads to https://developercommunity.visualstudio.com/t/add-support-for-the-html-tag-in-markdown/609415#T-N1190213\nwhich says that Azure ADO now supports the `<details>` tag in Markdown.\n\nFurthermore, I suspect that ADO now fully supports HTML in PR\ndescriptions but it's not documented either way in https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-requests/create?view=azure-devops-rest-7.0&tabs=HTTP#request-body.\n\nSo opening this PR as the simple solution. If ADO doesn't support HTML\nbut does support the `<details>` tag, then we'll unfortunately need a\nmore complex solution of refactoring things... but I hope not.\n\nFix #6453","shortMessageHtmlLink":"Azure DevOps now supports HTML in PR descriptions"}},{"before":"25ec5e7387718e9be36541705bb30ccfc69eb0e5","after":"47bab6c502487105bf91c2588a55fd2a82cd9439","ref":"refs/heads/stop-printing-pointless-git-warning-into-logs-and-tests","pushedAt":"2023-12-18T22:37:29.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Stop printing pointless `git` default branch warning into logs/tests\n\nWhile running the `go_modules` tests, I noticed that the `git` warning\nabout an unspecified default branch was being repeatedly thrown in\ntests.\n\nOriginally I assumed it was a bad test fixture setup, but I tracked it\ndown to here... so it may be filling production logs in addition to CI\nlogs.\n\nBefore adding this line:\n```\n[dependabot-core-dev] ~/go_modules $ rspec ./spec/dependabot/go_modules/file_updater_spec.rb\n\nRandomized with seed 30583\n...................hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.\n\nFinished in 21.32 seconds (files took 2.56 seconds to load)\n24 examples, 0 failures\n\nRandomized with seed 30583\n```\n\nAfter adding this:\n```\n[dependabot-core-dev] ~/go_modules $ rspec ./spec/dependabot/go_modules/file_updater_spec.rb\n\nRandomized with seed 51472\n........................\n\nFinished in 22.24 seconds (files took 3.53 seconds to load)\n24 examples, 0 failures\n\nRandomized with seed 51472\n```","shortMessageHtmlLink":"Stop printing pointless <code>git</code> default branch warning into logs/tests"}},{"before":"4abc9e13ffd6df10077687ed9147572c5e4d0fad","after":"110d5b4a07d11a5c46f1def632d9dc655571c459","ref":"refs/heads/make-toml-import-explicit","pushedAt":"2023-12-18T22:36:59.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Make `toml` an explicit requirement\n\nI couldn't figure out why the tests were failing for:\n* https://github.com/dependabot/dependabot-core/pull/7741\n\nuntil I realized that `pipfile` imports `toml`:\nhttps://github.com/pypa/pipfile/blob/4706d2cbd35e0b47a05a6421fa17f93827bc454f/setup.py#L44\n\nwhich then gets used over in the unrelated file `parser.py`:\nhttps://github.com/dependabot/dependabot-core/blob/89ebc55dac8630574301a10917425f80a56e4763/python/helpers/lib/parser.py#L24\n\nSo let's make the import of `toml` explicit so that we aren't relying on\nthe side effects of importing `pipfile`. The `toml` requirement from\n`pipfile` isn't pinned, so I simply pinned to the latest release.\n\nPython `3.11` added a native `tomllib` library, so once we drop support\nfor `3.10` we can drop this 3p lib entirely.","shortMessageHtmlLink":"Make <code>toml</code> an explicit requirement"}},{"before":"8359acb09e323f467dfd747bc82440b7b69d9b9f","after":null,"ref":"refs/heads/patch-2","pushedAt":"2023-12-18T19:35:25.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"b4c3711b94ea4f205f53296ec5c4c1abaee73582","after":null,"ref":"refs/heads/remove-unused-imports-on-go-native-helper","pushedAt":"2023-12-18T19:35:14.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"}},{"before":"78bb625bcc2a3936c27fba3360535e75341e4c32","after":"8359acb09e323f467dfd747bc82440b7b69d9b9f","ref":"refs/heads/patch-2","pushedAt":"2023-12-18T19:18:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"Nishnha","name":"Nish Sinha","path":"/Nishnha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12107187?s=80&v=4"},"commit":{"message":"\"re-selling\" -> \"reselling\"\n\nReminder to self: No matter what, coming back to old code/text after several months away always gives fresh eyes.","shortMessageHtmlLink":"\"re-selling\" -&gt; \"reselling\""}},{"before":null,"after":"25ec5e7387718e9be36541705bb30ccfc69eb0e5","ref":"refs/heads/stop-printing-pointless-git-warning-into-logs-and-tests","pushedAt":"2023-12-16T06:36:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Stop printing pointless `git` default branch warning into logs/tests\n\nWhile running the `go_modules` tests, I noticed that the `git` warning\nabout an unspecified default branch was being repeatedly thrown in\ntests.\n\nOriginally I assumed it was a bad test fixture setup, but I tracked it\ndown to here... so it may be filling production logs in addition to CI\nlogs.\n\nBefore adding this line:\n```\n[dependabot-core-dev] ~/go_modules $ rspec ./spec/dependabot/go_modules/file_updater_spec.rb\n\nRandomized with seed 30583\n...................hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.hint: Using 'master' as the name for the initial branch. This default branch name\nhint: is subject to change. To configure the initial branch name to use in all\nhint: of your new repositories, which will suppress this warning, call:\nhint:\nhint: \tgit config --global init.defaultBranch <name>\nhint:\nhint: Names commonly chosen instead of 'master' are 'main', 'trunk' and\nhint: 'development'. The just-created branch can be renamed via this command:\nhint:\nhint: \tgit branch -m <name>\n.\n\nFinished in 21.32 seconds (files took 2.56 seconds to load)\n24 examples, 0 failures\n\nRandomized with seed 30583\n```\n\nAfter adding this:\n```\n[dependabot-core-dev] ~/go_modules $ rspec ./spec/dependabot/go_modules/file_updater_spec.rb\n\nRandomized with seed 51472\n........................\n\nFinished in 22.24 seconds (files took 3.53 seconds to load)\n24 examples, 0 failures\n\nRandomized with seed 51472\n```","shortMessageHtmlLink":"Stop printing pointless <code>git</code> default branch warning into logs/tests"}},{"before":null,"after":"b4c3711b94ea4f205f53296ec5c4c1abaee73582","ref":"refs/heads/remove-unused-imports-on-go-native-helper","pushedAt":"2023-12-16T01:51:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Remove unused `requires` of deleted `go` native helper functionality\n\nOver the past couple of years, we've significantly thinned out the `go`\nnative helper functionality in favor of leveraging `go mod` CLI.\n\nI'm reasonably confident we've removed the ruby calls in these two files\nto the native helper, so this removes the orphaned/leftover `require`\nstatements.","shortMessageHtmlLink":"Remove unused <code>requires</code> of deleted <code>go</code> native helper functionality"}},{"before":"c762fc2747feb18bfec86ec100db489604578a5c","after":"74f3942c7d2341798c12ee6c7018b83de5cf04e6","ref":"refs/heads/add-defensive-checks-to-prevent-inscrutable-error-messages","pushedAt":"2023-12-16T01:38:29.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Add defensive checks to prevent inscrutable error messages\n\nPart of the reason\nhttps://github.com/dependabot/dependabot-core/issues/4625 was so\ndifficult to debug was the original error messages were a total red\nherring. They appeared to be related to IPs, but digging deeper realized\nthey were actually due to errors happening earlier in the processing\npipeline but not caught until several steps down the line.\n\nSo this adds some defensive checks so that if there's an upstream error,\nwe catch it sooner and report the proper error message(s).","shortMessageHtmlLink":"Add defensive checks to prevent inscrutable error messages"}},{"before":null,"after":"98cdad6a35db8cde4c26513148dc91e592ac44af","ref":"refs/heads/add-barry-s-test","pushedAt":"2023-12-16T01:32:10.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Add a test on azure sources","shortMessageHtmlLink":"Add a test on azure sources"}},{"before":"ea8d2bf92147502eabc40cd699dda828f9902214","after":"72befb601c0bae15fc70cf4c9e486867fd05c138","ref":"refs/heads/6453-azure-devops-now-supports-html","pushedAt":"2023-12-16T01:28:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Azure DevOps now supports HTML in PR descriptions\n\nWhile researching https://github.com/dependabot/dependabot-core/pull/6287#discussion_r1072768837,\nI noticed that https://developercommunity.visualstudio.com/content/problem/608769/add-support-for-in-markdown.html\neventually leads to https://developercommunity.visualstudio.com/t/add-support-for-the-html-tag-in-markdown/609415#T-N1190213\nwhich says that Azure ADO now supports the `<details>` tag in Markdown.\n\nFurthermore, I suspect that ADO now fully supports HTML in PR\ndescriptions but it's not documented either way in https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-requests/create?view=azure-devops-rest-7.0&tabs=HTTP#request-body.\n\nSo opening this PR as the simple solution. If ADO doesn't support HTML\nbut does support the `<details>` tag, then we'll unfortunately need a\nmore complex solution of refactoring things... but I hope not.\n\nFix #6453","shortMessageHtmlLink":"Azure DevOps now supports HTML in PR descriptions"}},{"before":null,"after":"ea8d2bf92147502eabc40cd699dda828f9902214","ref":"refs/heads/6453-azure-devops-now-supports-html","pushedAt":"2023-12-16T01:26:55.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"Add a test on azure sources","shortMessageHtmlLink":"Add a test on azure sources"}},{"before":"988c755900816b850a8a49a572312b766170a942","after":"89ebc55dac8630574301a10917425f80a56e4763","ref":"refs/heads/main","pushedAt":"2023-12-16T01:07:41.000Z","pushType":"push","commitsCount":605,"pusher":{"login":"jeffwidman","name":"Jeff Widman","path":"/jeffwidman","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/483314?s=80&v=4"},"commit":{"message":"fix exception when Action is pinned to a SHA with no tags (#8621)","shortMessageHtmlLink":"fix exception when Action is pinned to a SHA with no tags (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2044285174\" data-permission-text=\"Title is private\" data-url=\"https://github.com/dependabot/dependabot-core/issues/8621\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/dependabot/dependabot-core/pull/8621/hovercard\" href=\"https://github.com/dependabot/dependabot-core/pull/8621\">dependabot…</a>"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEPFE0aAA","startCursor":null,"endCursor":null}},"title":"Activity · jeffwidman/dependabot-core"}