Dependabot Core Versions Save

What's Changed

• Resolve errors from Sorbet todo.rbi by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9177
• Only use credentials which have registry configured by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9159
• fix type of requirements_update_strategy by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9197
• Require typed: true for cargo by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9194
• Record Sorbet errors with OpenTelemetry by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9202
• remove tests that are covered by smoke or silent tests by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9205
• use built-in file downloader to get .nupkg by @brettfo in https://github.com/dependabot/dependabot-core/pull/9204
• Strict type most of github_actions by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9186
• Ensure T::Set from NuGetClient.get_package_versions by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9180
• build(deps): bump node to v20 by @yeikel in https://github.com/dependabot/dependabot-core/pull/8275
• support multi-directory update with no groups by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9148
• Avoid instantiating a dependency with nil requirements by @bdragon in https://github.com/dependabot/dependabot-core/pull/9216
• Bump library/golang from 1.22.0-bookworm to 1.22.1-bookworm in /go_modules by @dependabot in https://github.com/dependabot/dependabot-core/pull/9226
• fix exception during all-versions-ignored handling by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9214
• Add handling for nil source_url in IssueLinker when generating PR text by @bdragon in https://github.com/dependabot/dependabot-core/pull/9220
• Add and configure rubocop-rspec by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9206
• always directly download nupkg and cache the tfms by @brettfo in https://github.com/dependabot/dependabot-core/pull/9230
• report the current version as latest if nothing can be found by @brettfo in https://github.com/dependabot/dependabot-core/pull/9234
• ↔️ Report Errors to the Service by @landongrindheim in https://github.com/dependabot/dependabot-core/pull/9208
• Allow on as a YAML key by @landongrindheim in https://github.com/dependabot/dependabot-core/pull/9229
• Update NuGet.Client from 6.8.0.131 to 6.9.1.3 by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9222
• don't assume the Include attribute is present on a <ProjectReference> node by @brettfo in https://github.com/dependabot/dependabot-core/pull/9238
• Fix Nuget grouped PR's by @sebasgomez238 in https://github.com/dependabot/dependabot-core/pull/9228
• improve robustness of parsing odd-looking version ranges by @brettfo in https://github.com/dependabot/dependabot-core/pull/9239
• Simplify type parameters for Gem::Version by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9232
• Avoid comparison with nil version by @bdragon in https://github.com/dependabot/dependabot-core/pull/9242
• Strict type nuget file_fetcher, file_parser, and file_updater classes. by @JoeRobich in https://github.com/dependabot/dependabot-core/pull/9225
• Filter out NuGet files where lines were only deleted by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9162
• Set branch for NuGet.Client submodule by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9223
• use safe navigation through resolvable version by @brettfo in https://github.com/dependabot/dependabot-core/pull/9243
• prevent both directory and directories from being in the job definition by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9227
• Fix the number of updated directories in a group update by @Nishnha in https://github.com/dependabot/dependabot-core/pull/9240
• allow interactive debugging of tests in the updater by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9250
• when resolving MSBuild properties, don't throw if it can't be resolved by @brettfo in https://github.com/dependabot/dependabot-core/pull/9252
• ensure nupkg zip entry contains a tfm before adding to the list by @brettfo in https://github.com/dependabot/dependabot-core/pull/9263
• multi-dir rebase of a single dependency by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9212
• ⏩ Send Remaining Exceptions to the Service by @landongrindheim in https://github.com/dependabot/dependabot-core/pull/9237
• Create stalebot.yml, update contributors to explain its existence by @jonjanego in https://github.com/dependabot/dependabot-core/pull/9264
• Suppress yamlint warning by @abdulapopoola in https://github.com/dependabot/dependabot-core/pull/9273
• Bump the pip-tools group in /python/helpers with 1 update by @dependabot in https://github.com/dependabot/dependabot-core/pull/9256
• requirements_update_strategy is String not Symbol by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9179
• Type more of nuget by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9244
• Allow files to be nilable in solo_strategy by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9280
• update dotnet sdk by @brettfo in https://github.com/dependabot/dependabot-core/pull/9282
• improve update-not-possible logging by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9269
• 📏 Standardize Error Keys by @landongrindheim in https://github.com/dependabot/dependabot-core/pull/9251
• Silence non-file fetching errors by @landongrindheim in https://github.com/dependabot/dependabot-core/pull/9279
• always recurse submodules when cloning by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9278
• Handle local nuget repositories by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/9253
• Update stalebot.yml by @jonjanego in https://github.com/dependabot/dependabot-core/pull/9285
• v0.247.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/9235

New Contributors

• @jonjanego made their first contribution in https://github.com/dependabot/dependabot-core/pull/9264

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.246.0...v0.247.0

What's Changed

• Avoid passing nil url to registry client by @bdragon in https://github.com/dependabot/dependabot-core/pull/9111
• make DependencySnapshot aware of multiple directories by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8963
• Set the dependabot_updater_version docker env from the build arg by @Nishnha in https://github.com/dependabot/dependabot-core/pull/9116
• Update referenced projects during a run of NuGetUpdater. by @JoeRobich in https://github.com/dependabot/dependabot-core/pull/9097
• Strict type Dependabot::Clients::Bitbucket by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9113
• Strict type Dependabot::Clients::CodeCommit by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9121
• Strict type Dependabot::Clients::GitHubWithRetries by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9122
• Strict type Dependabot::Clients::GitLabWithRetries by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9129
• Fetch the cargo config file so we fetch registry definitions by @pavera in https://github.com/dependabot/dependabot-core/pull/9109
• Strict type Dependabot::PullRequestCreator::MessageBuilder by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9130
• add more http redirects by @brettfo in https://github.com/dependabot/dependabot-core/pull/9135
• find .nupkg URL without PackageBaseAddress by @brettfo in https://github.com/dependabot/dependabot-core/pull/9117
• Strict type Dependabot::PullRequestUpdater::Gitlab by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9132
• output job.json at the start of a run by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9133
• Strict type Dependabot::PullRequestCreator::Azure by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9131
• Strict type Dependabot::PullRequestCreator::CodeCommit by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9141
• Strict type Dependabot::PullRequestCreator::Bitbucket by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9140
• Enable Sorbet/TrueSigil rule in composer by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9139
• Enable Sorbet/TrueSigil rule in elm by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9138
• Strict type Dependabot::UpdateCheckers::Base by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8947
• Enable Sorbet/TrueSigil rule in github_actions by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9137
• make test properly fail on malformed path by @brettfo in https://github.com/dependabot/dependabot-core/pull/9104
• don't fail completely if package version cannot be parsed by @brettfo in https://github.com/dependabot/dependabot-core/pull/9153
• Bump the sorbet group with 1 update by @dependabot in https://github.com/dependabot/dependabot-core/pull/9150
• Use new Credential class in dry-run script by @noorul in https://github.com/dependabot/dependabot-core/pull/9123
• run nuget restore if the first update operation failed by @brettfo in https://github.com/dependabot/dependabot-core/pull/9157
• Strict type Dependabot::PullRequestCreator::GitHub by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9154
• Strict type Dependabot::PullRequestCreator::Gitlab by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9155
• Strict type Dependabot::PullRequestUpdater::Azure by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9163
• Strict type Dependabot::PullRequestUpdater::GitHub by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9165
• Require typed: strict for common by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9174
• Require typed: true for docker by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9175
• Require typed: true for silent by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9176
• Allow a list of properties to ignore when evaluating MSBuild values. by @JoeRobich in https://github.com/dependabot/dependabot-core/pull/9164
• improve nuget v2 handling for non- nuget.org sources by @brettfo in https://github.com/dependabot/dependabot-core/pull/9172
• Switch Open Telemetry to use in_span vs start by @jpinz in https://github.com/dependabot/dependabot-core/pull/9158
• v0.246.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/9161

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.245.0...v0.246.0

What's Changed

• Find Gradle repositories nested in dependencyResolutionManagement blocks by @eikes in https://github.com/dependabot/dependabot-core/pull/7260
• Fix hardcoded amd64 arch for git-shim by @andrcuns in https://github.com/dependabot/dependabot-core/pull/9067
• Surface out of disk/memory error message for easier visibility by @honeyankit in https://github.com/dependabot/dependabot-core/pull/9064
• fix docker credential type errors by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9091
• Report release to sentry by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8885
• NuGet: Set EnableWindowsTargeting as true by @na1307 in https://github.com/dependabot/dependabot-core/pull/9082
• Fix README image header by @davidstosik in https://github.com/dependabot/dependabot-core/pull/9095
• Bump to Bundler 2.5.5 by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8859
• nuget updater command is already space-enabled; allow unsafe execution by @brettfo in https://github.com/dependabot/dependabot-core/pull/9092
• Strict type Dependabot::Clients::BitbucketWithRetries by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9087
• Run the prepare tag step on pull_request_review by @Nishnha in https://github.com/dependabot/dependabot-core/pull/9107
• v0.245.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/9094

New Contributors

• @eikes made their first contribution in https://github.com/dependabot/dependabot-core/pull/7260
• @na1307 made their first contribution in https://github.com/dependabot/dependabot-core/pull/9082
• @davidstosik made their first contribution in https://github.com/dependabot/dependabot-core/pull/9095

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.244.0...v0.245.0

What's Changed

• Expand wildcards in nuget project references by @sebasgomez238 in https://github.com/dependabot/dependabot-core/pull/8956
• Check credentials for required properties by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9052
• Properly parse .ruby-version file by @etiennebarrie in https://github.com/dependabot/dependabot-core/pull/9012
• build(deps): bump pNPM to 8.15.2 by @yeikel in https://github.com/dependabot/dependabot-core/pull/8925
• Make container image references explicit by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9044
• add missing require statement in credential.rb by @fnoGematik in https://github.com/dependabot/dependabot-core/pull/9054
• Fix dependency typo by @fredericboyer in https://github.com/dependabot/dependabot-core/pull/9049
• Report Sorbet issue to sentry without raising by @jurre in https://github.com/dependabot/dependabot-core/pull/8998
• Fix crash when updating sha-pinned images with no "latest" tag by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8070
• Prevent attempt to create empty commit by @bdragon in https://github.com/dependabot/dependabot-core/pull/9061
• v0.244.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/9056

New Contributors

• @sebasgomez238 made their first contribution in https://github.com/dependabot/dependabot-core/pull/8956
• @fnoGematik made their first contribution in https://github.com/dependabot/dependabot-core/pull/9054
• @fredericboyer made their first contribution in https://github.com/dependabot/dependabot-core/pull/9049

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.243.0...v0.244.0

What's Changed

• Revert "Migrate from sentry-raven to sentry-ruby" by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8874
• Docker parser/updater: also support files with a . in the name by @danwkennedy in https://github.com/dependabot/dependabot-core/pull/8875
• try to perform environment variable expansion in NuGet.Confing by @brettfo in https://github.com/dependabot/dependabot-core/pull/8879
• Enable version updates for devcontainers by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8882
• Point again to latest pipenv release by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8880
• Strict type Dependabot::PullRequestCreator::PrNamePrefixer by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8866
• Strong type Dependabot::PullRequestCreator::MessageBuilder::IssueLinker by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8865
• Use proper discovery logic for dotnet-tools.json files. by @JoeRobich in https://github.com/dependabot/dependabot-core/pull/8889
• [gradle] Parse repositories from the top-level buildfile by @Nishnha in https://github.com/dependabot/dependabot-core/pull/8891
• only directly query .nuspec files from nuget and azure devops by @brettfo in https://github.com/dependabot/dependabot-core/pull/8892
• Add a guard for nil top level buildfiles by @Nishnha in https://github.com/dependabot/dependabot-core/pull/8894
• Fix milestone type for PullRequestCreator by @andrcuns in https://github.com/dependabot/dependabot-core/pull/8890
• Migrate from sentry-raven to sentry-ruby by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8878
• search all candidate packages for compatibility in descending version order by @brettfo in https://github.com/dependabot/dependabot-core/pull/8901
• add a fake ecosystem for updater integration tests by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8871
• Strict type Dependabot::MetadataFinders::CommitsFinder by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8893
• grouped security updates don't require an explicit group by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8907
• Strict type Dependabot::MetadataFinders::Base::ReleaseFinder by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8897
• Strict type Dependabot::MetadataFinders::Base::ChangelogPruner by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8902
• clean directory at job start by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8912
• build(deps): bump pNPM to 8.14.3 by @yeikel in https://github.com/dependabot/dependabot-core/pull/8667
• Handle MSBuild property conditions that have a property wrapped in single quotes in NuGetUpdater by @bording in https://github.com/dependabot/dependabot-core/pull/8913
• Don't assume .nuspec dependency group has a targetFramework attribute. by @brettfo in https://github.com/dependabot/dependabot-core/pull/8915
• fix nil directory causing NilClass exception by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8921
• tests for grouped security update rebase jobs by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8909
• Remove invalid UTF-8 characters from nuspec response body by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8929
• Always use .ruby-version for Bundler dependency resolution by @etiennebarrie in https://github.com/dependabot/dependabot-core/pull/8835
• fix token running out of API quota by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8877
• updater end-to-end helper script by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8932
• Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8920
• Bump the dev-dependencies group in /npm_and_yarn/helpers with 3 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8820
• Retry transient git clone errors by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8926
• Surround command line arguments with quotes by @TomW-Skyline in https://github.com/dependabot/dependabot-core/pull/8695
• Strict type Dependabot::PullRequestCreator::MessageBuilder::Metadata::Presenter by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8942
• Add codespell config and workflow to detect new typos, fix some already found typos by @yarikoptic in https://github.com/dependabot/dependabot-core/pull/8228
• add tests around incidental updates by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8941
• grouped security updates: use the group if one is defined by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8742
• always clone all the ecosystems by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8933
• fix smoke tests failing because Dir.entries order is not deterministic by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8945
• bump(deps): bump regclient from 0.5.1 to 0.5.6 by @yeikel in https://github.com/dependabot/dependabot-core/pull/8103
• add sorbet types to Dependabot::Job by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8943
• Do not swallow exception, print the message by @trejjam in https://github.com/dependabot/dependabot-core/pull/8928
• Bump the sorbet group with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8951
• Job ID type is always a String by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8953
• Bump the all-actions group with 3 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8952
• Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @dependabot in https://github.com/dependabot/dependabot-core/pull/8520
• Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8934
• fix security updates getting into grouped code by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8957
• Don't recursively update projects which have already been evaluated by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8940
• Add sentry-opentelemetry and configure when OTel is enabled by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8935
• fix Go prerelease ordering by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8962
• make a Credential class by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8967
• Strict type Dependabot::GitSubmodules by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8970
• Strict type Dependabot::Devcontainers by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8982
• force set Condition="false" on Microsoft.WebApplication.targets by @brettfo in https://github.com/dependabot/dependabot-core/pull/8946
• escape nuget feed urls before querying by @brettfo in https://github.com/dependabot/dependabot-core/pull/8990
• fix TypeError: no implicit conversion of Credential into Hash by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8995
• add types to DependencySnapshot by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8986
• Allow submodule_path to be nilable by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8996
• Expand Sorbet usage by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8958
• Update DevContainer by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8968
• True type Dependabot::Python::Version by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9002
• True type Dependabot::Bundler::FileFetcher to by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8997
• handle dependencies incidentally updated by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8803
• Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /go_modules by @dependabot in https://github.com/dependabot/dependabot-core/pull/9008
• fix(gitlab): pr creator missing default for target_project_id by @THETCR in https://github.com/dependabot/dependabot-core/pull/8985
• Add info on Docker tag support by @Nishnha in https://github.com/dependabot/dependabot-core/pull/9000
• Nuget lint by @trejjam in https://github.com/dependabot/dependabot-core/pull/8930
• Filter out NuGet feeds which don't have URLs by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9011
• only consider a package a development dependency if it doesn't have any other regular dependencies by @brettfo in https://github.com/dependabot/dependabot-core/pull/9017
• allow folllowing HTTP 307 when resolving .nupkg contents by @brettfo in https://github.com/dependabot/dependabot-core/pull/9022
• add types to DependencyChange by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8999
• fix directories in use for non-grouped updates by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9026
• Strict type Dependabot::MetadataFinders::Base::ChangelogFinder by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9029
• add close up-to-date updater test by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9025
• test more of the security error scenarios by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9039
• support group configs specifically for security updates or version updates by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/9040
• Strict type Dependabot::Clients::Azure by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/9042
• Fix docker variant with matching digests not updating correctly by @brbayes-msft in https://github.com/dependabot/dependabot-core/pull/9043
• v0.243.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/9047

New Contributors

• @bording made their first contribution in https://github.com/dependabot/dependabot-core/pull/8913
• @etiennebarrie made their first contribution in https://github.com/dependabot/dependabot-core/pull/8835
• @TomW-Skyline made their first contribution in https://github.com/dependabot/dependabot-core/pull/8695
• @yarikoptic made their first contribution in https://github.com/dependabot/dependabot-core/pull/8228

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.242.1...v0.243.0

What's Changed

• Strong type Dependabot::FileFetchers::Base::DependencySet by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8791
• Docker fetcher: support filenames with a . in the middle of the name by @danwkennedy in https://github.com/dependabot/dependabot-core/pull/8862
• Centralize more Nuget calls by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8849
• Unlock excon dependency range by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8850
• require related gems when initializing OpenTelemetry instrumentation by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8851
• Disable analyzers in MSBuild temp projects by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8863
• use common helper to look for Directory.Packages.props by @brettfo in https://github.com/dependabot/dependabot-core/pull/8842
• Allow BranchNamer to be passed a nil branch by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8869
• Migrate from sentry-raven to sentry-ruby by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8818
• v0.242.1 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/8870

New Contributors

• @danwkennedy made their first contribution in https://github.com/dependabot/dependabot-core/pull/8862

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.242.0...v0.242.1

What's Changed

• Handle Update PackageReferences more correctly by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8827
• Handle malformed Global.json by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8812
• standardizing exception tags by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8836
• Fix reviewers, assignees types in PullReqeustCreator by @andrcuns in https://github.com/dependabot/dependabot-core/pull/8838
• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 1 update by @dependabot in https://github.com/dependabot/dependabot-core/pull/8824
• Bump opentelemetry-instrumentation-http from 0.23.1 to 0.23.2 in /updater by @dependabot in https://github.com/dependabot/dependabot-core/pull/8823
• Handle STDOUT more correctly by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8840
• We now encourage new ecosystems by @abdulapopoola in https://github.com/dependabot/dependabot-core/pull/8844
• Strong type Dependabot::SecurityAdvisory by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8792
• Plugin devcontainers ecosystem by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8858
• Add devcontainers ecosystem by @joshspicer in https://github.com/dependabot/dependabot-core/pull/8445
• v0.242.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/8861

New Contributors

• @joshspicer made their first contribution in https://github.com/dependabot/dependabot-core/pull/8445

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.241.0...v0.242.0

What's Changed

• raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8787
• Strict type Dependabot::GitCommitChecker by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8789
• allow mismatching version in .csproj by @brettfo in https://github.com/dependabot/dependabot-core/pull/8783
• Strong type Dependabot::FileParsers::Base by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8794
• Strict type Dependabot::MetadataFinders::Base by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8774
• Strong type Dependabot::PullRequestCreator::BranchNamer by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8790
• Fix vscode rdbg launch command by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8778
• Replace extensions with up-to-date equivalents by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8784
• Allow version to be String or Gem::Version by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8809
• Bundle helpers folder into dependabot-nuget gem by @trejjam in https://github.com/dependabot/dependabot-core/pull/8589
• Bump sorbet-runtime from 0.5.11178 to 0.5.11193 in /updater by @dependabot in https://github.com/dependabot/dependabot-core/pull/8799
• update phrasing in contributing.md by @carogalvin in https://github.com/dependabot/dependabot-core/pull/8813
• Bump the npm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8811
• Bump the aws-sdk group in /updater with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8662
• Bump cython from 3.0.5 to 3.0.8 in /python/helpers by @dependabot in https://github.com/dependabot/dependabot-core/pull/8800
• Bump the dev-dependencies group in /composer/helpers/v2 with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8814
• Start removing updater coupling on specific ecosystems by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8678
• Use correct global.json discovery logic when updating. by @JoeRobich in https://github.com/dependabot/dependabot-core/pull/8815
• Handle non-matching tags by @landongrindheim in https://github.com/dependabot/dependabot-core/pull/8766
• Fix type definition for approvers in pull request creator by @andrcuns in https://github.com/dependabot/dependabot-core/pull/8793
• Bump flake8 from 6.1.0 to 7.0.0 in /python/helpers by @dependabot in https://github.com/dependabot/dependabot-core/pull/8708
• Group Python helper updates by @abdulapopoola in https://github.com/dependabot/dependabot-core/pull/8819
• Bump the common group in /python/helpers with 1 update by @dependabot in https://github.com/dependabot/dependabot-core/pull/8821
• v0.241.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/8830

New Contributors

• @JoeRobich made their first contribution in https://github.com/dependabot/dependabot-core/pull/8815

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.240.0...v0.241.0

What's Changed

• bump Cargo from 1.69.0 to 1.75.0 by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8686
• Bump Bundler to 2.5 by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8619
• Move sorbet setup from omnibus to root by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8670
• Fix building development image & running dry-run.rb script by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8694
• Add fingerprint to dynamic git commands by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8495
• Fix missing stackprof preventing dry-run.rb script from running by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8696
• Dependabot should keep Cargo up to date by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8699
• create azure nuget package urls directly from endpoint types by @brettfo in https://github.com/dependabot/dependabot-core/pull/8703
• fix unsupported Go modules preventing updates by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8702
• Check if RBIs are up-to-date by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8704
• Make sure tests use the same gem versions we use in production by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8138
• Improve root gemfile handling by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8712
• Only create PRs for dependencies in the sorbet group by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8718
• Handle missing files by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8661
• properly locate nuget.config when it's further up-directory from a project by @brettfo in https://github.com/dependabot/dependabot-core/pull/8722
• Support Python 3.12 by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8732
• Improve corepack setup by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/7134
• Raise a proper error when package-json.lock is not parseable by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8743
• Ignore packageManager field in package.json when unparseable by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8744
• Fallback to npm 6 when lockfileVersion is not parseable as an integer by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8745
• NuGet efficiency by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8679
• Fix broken nuget CI by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8752
• Detect version constraint violations in NuGet by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8624
• Test that file_parser reads .proj files by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8746
• Handle unexpected kub image shapes by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8750
• Strong type Dependabot::PullRequestCreator by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8729
• Strong type Dependabot::PullRequestUpdater by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8730
• Strong type Dependabot::RegistryClient by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8736
• Strong type Dependabot::Config::FileFetcher by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8737
• patch user-level NuGet.Config before invoking dotnet/nuget tools by @brettfo in https://github.com/dependabot/dependabot-core/pull/8748
• Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /go_modules by @rcrowe in https://github.com/dependabot/dependabot-core/pull/8757
• directory is the job directory by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8762
• Remove unnecessary gitignore rules by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8761
• Strong type Dependabot::Version by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8727
• Strict type Dependabot::PullRequestCreator::Labeler by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8758
• Added Ruby 3.3.0 to RubyRequirementSetter version requirements by @schinery in https://github.com/dependabot/dependabot-core/pull/8754
• add NuGet maintainers to CODEOWNERS by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8764
• Update CODEOWNERS by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8771
• Strong type Dependabot::BranchNamer::DependencyGroupStrategy by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8770
• Fix bin/bump-version.rb script to also handle root lockfile by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8776
• defensive programming around missing dependency files during an update by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8765
• Add missing file to version bump PR by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8779
• raise a specific exception when the FileUpdater doesn't produce a change by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8782
• v0.240.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/8781

New Contributors

• @rcrowe made their first contribution in https://github.com/dependabot/dependabot-core/pull/8757

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.239.0...v0.240.0

What's Changed

• Nuget file fetching simplifications by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8524
• Add Open Telemetry Spans throughout the codebase by @jpinz in https://github.com/dependabot/dependabot-core/pull/8488
• [NuGet] add dotnet 8.0 support by @brettfo in https://github.com/dependabot/dependabot-core/pull/8562
• Teach updater how to do multi-directory version pull requests by @brbayes-msft in https://github.com/dependabot/dependabot-core/pull/8541
• report and search *.proj files as dependencies by @brettfo in https://github.com/dependabot/dependabot-core/pull/8569
• Run spoom bump as part of CI by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8469
• resolve nupkg download link from repository base address and type by @brettfo in https://github.com/dependabot/dependabot-core/pull/8575
• update NuGet.Client submodule to latest public release, 6.8.0.131 by @brettfo in https://github.com/dependabot/dependabot-core/pull/8574
• Fix docker attempting to append digest for helm by @brbayes-msft in https://github.com/dependabot/dependabot-core/pull/8595
• fix Sorbet type error by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8606
• fix: Use portable Bash shebang by @l0b0 in https://github.com/dependabot/dependabot-core/pull/8378
• feat: Updates Hex to 2.0.6 by @isaacsanders in https://github.com/dependabot/dependabot-core/pull/7890
• consider shrinkwrap when inferring an npmrc file by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8611
• Handle Version Elements in Update by @ryanbrandenburg in https://github.com/dependabot/dependabot-core/pull/8612
• break out the ci paths filter to a file by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8604
• Fix: Typo by @localheinz in https://github.com/dependabot/dependabot-core/pull/8581
• Fix: Typo by @localheinz in https://github.com/dependabot/dependabot-core/pull/8580
• Fix: Typo by @localheinz in https://github.com/dependabot/dependabot-core/pull/8579
• Bump the dev-dependencies group in /updater with 2 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8564
• fix Python updates involving mysqlclient by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8618
• support Composer artifact repositories by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8620
• fix exception when Action is pinned to a SHA with no tags by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8621
• Remove unused requires of deleted go native helper functionality by @jeffwidman in https://github.com/dependabot/dependabot-core/pull/8630
• "re-selling" -> "reselling" by @jeffwidman in https://github.com/dependabot/dependabot-core/pull/8623
• Fix missing version in commit message for dependency group with 1 update by @martincostello in https://github.com/dependabot/dependabot-core/pull/8577
• pin Sorbet's version so it doesn't randomly break by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8649
• help customers debug Python issues like update_not_possible by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8644
• Strictly type BranchNamer::Base by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8557
• Strong type MetadataFinders by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8556
• Strictly type Experiments by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8555
• Stop printing pointless git default branch warning into logs/tests by @jeffwidman in https://github.com/dependabot/dependabot-core/pull/8632
• Azure DevOps now supports HTML in PR descriptions by @jeffwidman in https://github.com/dependabot/dependabot-core/pull/8628
• Add a test for Azure sources by @jeffwidman in https://github.com/dependabot/dependabot-core/pull/8629
• fix #8533 modify registries typing in file.rb by @lucemia in https://github.com/dependabot/dependabot-core/pull/8599
• Use a hash in the branch name for multi-directory grouped security updates by @Nishnha in https://github.com/dependabot/dependabot-core/pull/8560
• Strictly type errors by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8493
• Create abstract Dependabot::Requirement class by @JamieMagee in https://github.com/dependabot/dependabot-core/pull/8492
• Fix up some of the open telemetry issues by @jpinz in https://github.com/dependabot/dependabot-core/pull/8650
• build(deps): bump Terraform to 1.6.6 by @Nishnha in https://github.com/dependabot/dependabot-core/pull/8645
• improve how branch images skips by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8651
• group all the actions updates together by @jakecoffman in https://github.com/dependabot/dependabot-core/pull/8655
• Bump the all-actions group with 4 updates by @dependabot in https://github.com/dependabot/dependabot-core/pull/8657
• Bump actions/labeler from 4 to 5 by @dependabot in https://github.com/dependabot/dependabot-core/pull/8586
• Fix failing test for NuGet updates by @martincostello in https://github.com/dependabot/dependabot-core/pull/8485
• Normalize "lockfile" terminology by @deivid-rodriguez in https://github.com/dependabot/dependabot-core/pull/8660
• v0.239.0 by @dependabot-core-action-automation in https://github.com/dependabot/dependabot-core/pull/8607

New Contributors

• @brbayes-msft made their first contribution in https://github.com/dependabot/dependabot-core/pull/8541
• @l0b0 made their first contribution in https://github.com/dependabot/dependabot-core/pull/8378
• @isaacsanders made their first contribution in https://github.com/dependabot/dependabot-core/pull/7890

Full Changelog: https://github.com/dependabot/dependabot-core/compare/v0.238.0...v0.239.0