Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the dependabot-core-images group in /docker with 16 updates #991

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 6, 2023

Bumps the dependabot-core-images group in /docker with 16 updates:

Package Update
dependabot/dependabot-updater-bundler v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-cargo v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-composer v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-docker v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-elm v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-github-actions v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-gitsubmodule v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-gomod v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-gradle v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-maven v2.0.20230616172454 to v2.0.20230704144800
dependabot/dependabot-updater-mix v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-npm v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-nuget v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-pip v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-pub v2.0.20230619205056 to v2.0.20230704144800
dependabot/dependabot-updater-terraform v2.0.20230619205056 to v2.0.20230704144800

Updates dependabot/dependabot-updater-bundler from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-bundler's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-cargo from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-cargo's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-composer from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-composer's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-docker from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-docker's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-elm from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-elm's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-github-actions from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-github-actions's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-gitsubmodule from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-gitsubmodule's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-gomod from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-gomod's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-gradle from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-gradle's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-maven from v2.0.20230616172454 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-maven's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

Updates dependabot/dependabot-updater-mix from v2.0.20230619205056 to v2.0.20230704144800

Changelog

Sourced from dependabot/dependabot-updater-mix's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump ruboco...

    Description has been truncated

@dependabot dependabot bot requested a review from a team as a code owner July 6, 2023 16:20
@dependabot dependabot bot added dependencies Pull requests that update a dependency file docker Pull requests that update Docker code Fanout labels Jul 6, 2023
@landongrindheim landongrindheim enabled auto-merge July 6, 2023 16:21
@dependabot dependabot bot force-pushed the dependabot/docker/docker/dependabot-core-images-439dcf9ffd branch from 6135224 to 91b8595 Compare July 6, 2023 16:25
@bdragon
Copy link
Contributor

bdragon commented Jul 6, 2023

@dependabot rebase

Bumps the dependabot-core-images group in /docker with 16 updates:

| Package | Update |
| --- | --- |
| [dependabot/dependabot-updater-bundler](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-cargo](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-composer](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-docker](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-elm](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-github-actions](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-gitsubmodule](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-gomod](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-gradle](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-maven](https://github.com/dependabot/dependabot-core) | v2.0.20230616172454 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-mix](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-npm](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-nuget](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-pip](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-pub](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |
| [dependabot/dependabot-updater-terraform](https://github.com/dependabot/dependabot-core) | v2.0.20230619205056 to v2.0.20230704144800 |


Updates `dependabot/dependabot-updater-bundler` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-cargo` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-composer` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-docker` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-elm` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-github-actions` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-gitsubmodule` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-gomod` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-gradle` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-maven` from v2.0.20230616172454 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-mix` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-npm` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-nuget` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-pip` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-pub` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

Updates `dependabot/dependabot-updater-terraform` from v2.0.20230619205056 to v2.0.20230704144800
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](https://github.com/dependabot/dependabot-core/commits)

---
updated-dependencies:
- dependency-name: dependabot/dependabot-updater-bundler
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-cargo
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-composer
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-docker
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-elm
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-github-actions
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-gitsubmodule
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-gomod
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-gradle
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-maven
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-mix
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-npm
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-nuget
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-pip
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-pub
  dependency-type: direct:production
  dependency-group: dependabot-core-images
- dependency-name: dependabot/dependabot-updater-terraform
  dependency-type: direct:production
  dependency-group: dependabot-core-images
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/docker/docker/dependabot-core-images-439dcf9ffd branch from 07f78b1 to 829371e Compare July 6, 2023 16:35
@landongrindheim landongrindheim merged commit e40f5e7 into main Jul 6, 2023
@landongrindheim landongrindheim deleted the dependabot/docker/docker/dependabot-core-images-439dcf9ffd branch July 6, 2023 16:44
@honeyankit honeyankit mentioned this pull request Sep 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file docker Pull requests that update Docker code Fanout
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants