v0.362.0

What's Changed

• retain version wildcards when writing xml by @brettfo in #14205
• Fix workspace stash error affecting all ecosystems during group updates by @Copilot in #14165
• fix: add support for nested maven properties by @yeikel in #13746
• Fix typo in Docker SemVer docs by @Wirone in #14171
• v0.362.0 by @dependabot-core-action-automation[bot] in #14221

New Contributors

• @Wirone made their first contribution in #14171

Full Changelog: v0.361.2...v0.362.0

v0.361.2

What's Changed

• register msbuild upon entering clone command by @brettfo in #14167
• Bump the npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #13280
• use more robust tfm discovery for projects by @brettfo in #14169
• improve project discovery merging by @brettfo in #14089
• npm: Warn when install scripts change between versions by @JamieMagee in #14069
• Add comprehensive error handling for uv lock and uv pip compile failures by @thavaahariharangit in #14145
• npm: Warn when attestation/provenance is lost between versions by @JamieMagee in #14170
• Handle pnpm ERR_PNPM_TRUST_DOWNGRADE by silently skipping untrusted versions by @thavaahariharangit in #14150
• Remove gradle_wrapper_updater feature flag by @kbukum1 in #14174
• Prioritize tagged releases over latest commit in git_submodules by @etan-status in #13052
• Fix RuboCop linter errors in group PR directory matching tests by @Copilot in #14208
• Nishnha/fix pr directory comparison by @Nishnha in #13899
• Split copilot instructions into scoped files by @jurre in #14209
• Improve FileUpdater error diagnostics for support-file-only scenarios by @Copilot in #14198
• Add the Pre-Commit Ecosystem by @robaiken in #13977
• Add pre-commit gem in omnibus and updater gemfile and lockfile by @AbhishekBhaskar in #14215
• v0.361.2 by @dependabot-core-action-automation[bot] in #14220

New Contributors

• @etan-status made their first contribution in #13052

Full Changelog: v0.361.1...v0.361.2

v0.361.1

What's Changed

• Fix npm workspaces removing nested optional peer dependencies by @Copilot in #14155
• refactor: Auto-extract group-by from rules in DependencyGroup by @markhallen in #14159
• v0.361.1 by @dependabot-core-action-automation[bot] in #14166

Full Changelog: v0.361.0...v0.361.1

v0.361.0

What's Changed

• Bump Elixir 1.18.4 -> 1.19.5, hex 2.2.2 -> 2.3.1 by @vanderhoop in #14002
• Remove enable_engine_version_detection FF from dependabot-core by @Copilot in #14113
• Add docker pull to backup registry in latest-images workflow by @truggeri in #14124
• Dockerfile.development: Ignore missing bundle binstub on cleanup by @thavaahariharangit in #14120
• Bump library/golang from 1.25.0-bookworm to 1.25.7-bookworm in /go_modules by @dependabot[bot] in #14127
• Bump lodash from 4.17.21 to 4.17.23 in /bun/helpers by @dependabot[bot] in #14003
• Bump the all-actions group across 1 directory with 3 updates by @dependabot[bot] in #14162
• Bump Microsoft.CodeAnalysis.CSharp from 4.14.0 to 5.0.0 by @dependabot[bot] in #14131
• Bump sigstore/cosign/cosign from v3.0.3 to v3.0.4 in /docker in the regclient group by @dependabot[bot] in #13915
• Bump the dev-dependencies group across 1 directory with 2 updates by @dependabot[bot] in #12769
• Bump cython from 3.1.2 to 3.1.3 in /python/helpers in the common group by @dependabot[bot] in #12856
• Bump brace-expansion in /npm_and_yarn/helpers by @dependabot[bot] in #12887
• Bump tar-fs from 1.16.5 to 1.16.6 in /npm_and_yarn/helpers by @dependabot[bot] in #13181
• Bump nuget/helpers/lib/NuGet.Client from c4f23b5 to 53c7a9c by @dependabot[bot] in #13559
• Fix cooldown being incorrectly applied to security updates by @Copilot in #14050
• Bump nuget/helpers/lib/dotnet-core from 218ef74 to 28fa1c2 by @dependabot[bot] in #14016
• v0.361.0 by @dependabot-core-action-automation[bot] in #14163

New Contributors

• @vanderhoop made their first contribution in #14002
• @truggeri made their first contribution in #14124

Full Changelog: v0.360.0...v0.361.0

v0.360.0

What's Changed

• fix cargo not authenticating with org-level config due to no "registry" property by @jakecoffman in #14030
• Replace usages of http with excon by @yeikel in #13800
• Improved error handling for uv lock file updates by @thavaahariharangit in #14034
• Handling the required-version constraint error in the uv ecosystem. by @thavaahariharangit in #14055
• Update Dependabot Proxy container name by @JamieMagee in #14052
• Add support for parsing registries in vcpkg-configuration.json by @JamieMagee in #13001
• Combine base path with request path by @JamieMagee in #14058
• honor ranges in transitive pinning by @brettfo in #13987
• Add a unit test to ensure base URL with a path is handled correctly by @JamieMagee in #14063
• Upgrade Node.js version to 22 in devcontainers/Dockerfile by @jeffwidman in #14064
• feat: Add cross-directory support for group_by_dependency_name by @markhallen in #14046
• Set executable flag only for Unix version of the gradle wrapper by @yeikel in #14056
• Preserve file mode when updating pull requests by @kbukum1 in #14081
• fix: check versions across all the defined maven registries by @yeikel in #13747
• Fix Gradle lockfile support against Gradle's version catalog (Fix #12557) by @dmikurube in #12853
• docker: add support for org.opencontainers.image.version and org.opencontainers.image.revision by @yeikel in #13855
• [SECURITY] Address CodeQL regex alert by @corsonknowles in #14012
• Remove OpenStruct by @corsonknowles in #14011
• Fix github actions versions comment not updated in an edge case by @yeikel in #13985
• Prevent mislabeling pub issues by @yeikel in #13407
• Honoring configured networkTimeout when calling ./gradle wrapper by @gmazzo in #14043
• Updates terraform to 1.14.4 by @VolkerK in #14100
• test: Add tests for dynamic subgroup branch naming and refresh by @markhallen in #14086
• report package as compatible if it contains no assemblies by @brettfo in #14090
• Consider JRE/JDK suffixes and semantics for Maven/Gradle by @yeikel in #13999
• limit target framework restore parallelism by @brettfo in #13875
• add test to ensure scenario works by @brettfo in #13867
• Bump the all-actions group across 1 directory with 6 updates by @dependabot[bot] in #14068
• Bump xunit.runner.visualstudio from 3.1.2 to 3.1.3 by @dependabot[bot] in #12665
• Update TOFU_VERSION to 1.11.4 by @aochsner in #14092
• Bump library/rust from 1.89.0-bookworm to 1.93.0-bookworm in /cargo by @dependabot[bot] in #14014
• Add digest pinning for Docker images by @JamieMagee in #14071
• Bump lodash from 4.17.21 to 4.17.23 in /npm_and_yarn/helpers by @dependabot[bot] in #13994
• v0.360.0 by @dependabot-core-action-automation[bot] in #14109

New Contributors

• @dmikurube made their first contribution in #12853
• @corsonknowles made their first contribution in #14012
• @VolkerK made their first contribution in #14100
• @aochsner made their first contribution in #14092

Full Changelog: v0.359.0...v0.360.0

v0.359.0

What's Changed

• Fix TypeError when processing Poetry dependencies with explicit registry sources by @Copilot in #14009
• feat: Add group_by attribute to DependencyGroup for cross-directory grouping by @markhallen in #14007
• Fix Bazel FileFetcher for module extensions requiring from_file and missing BUILD files by @Copilot in #14023
• Fix npm authentication failure with replaces-base registry when .npmrc absent by @Copilot in #14021
• fix: Add missing require for FetchedFiles in DependencySnapshot by @markhallen in #14028
• Adding cooldown filtering for Poetry git resource dependencies. by @thavaahariharangit in #13989
• feat: Add dynamic subgroup creation in DependencyGroupEngine by @markhallen in #14008
• docs: extend documentation for the no-validate-url hack by @yeikel in #14037
• v0.359.0 by @dependabot-core-action-automation[bot] in #14042

Full Changelog: v0.358.0...v0.359.0

v0.358.0

What's Changed

• Bump httparty from 0.22.0 to 0.24.0 in /updater by @dependabot[bot] in #13871
• Support dist references for dev prefixed local packages in composer by @Lixivial in #13767
• julia: Fix compat ranges incorrectly appending redundant versions by @IanButterworth in #13942
• Add pre-release detection helper method for Docker tags by @Copilot in #13815
• add support for hatch and scm version source paths and dynamic versioning by @robaiken in #13945
• Remove dependency_change_validation FF by @pavera in #13953
• Removing vestiges of npm_fallback_version_above_v6 ff by @pavera in #13952
• Remove enable_file_parser_python_local FF by @pavera in #13954
• Remove exclude_local_composer_packages FF by @pavera in #13955
• change how top level dependencies are determined by @brettfo in #13949
• Simplify gradle installation and automate upgrades by @yeikel in #12934
• Prevent accidental updates to maven parent when dependency uses project.parent.version by @swhittaker in #13656
• Fix Sorbet error when caret requirement has all zero segments by @thavaahariharangit in #13975
• Remove Bazel from file_parser_spec.rb.erb by @robaiken in #13978
• Generate uv.lock using all project files by @robaiken in #13983
• Fixing sorbet source hash type error. by @thavaahariharangit in #13980
• Poetry Git dependencies with tag support by @thavaahariharangit in #13944
• docker: consider the tag when checking if a digest is up-to-date by @yeikel in #13842
• Fix semver parts v prefix handling by @thavaahariharangit in #13981
• v0.358.0 by @dependabot-core-action-automation[bot] in #13997

New Contributors

• @Lixivial made their first contribution in #13767
• @swhittaker made their first contribution in #13656

Full Changelog: v0.357.0...v0.358.0

v0.357.0

What's Changed

• Fix: Use correct npm environment variable for private registry configuration by @thavaahariharangit in #13904
• julia: Improve support for workspaces by @IanButterworth in #13889
• Add E2E tests for multi-ecosystem group filtering properties by @a-schur in #13721
• Dependabot Snapshots has basic metadata about "status" and "reason" by @Ahmed3lmallah in #13843
• Ruby 3.4.8 support by @taylorrf in #13908
• Allow specifying a hostname in dry-run by @jurre in #12787
• Fix Maven dependency-type grouping for build plugins by @thavaahariharangit in #13882
• Extract plugin selector logic into private method in Maven FileParser by @thavaahariharangit in #13929
• Fix uv dependency updates for packages with extras by @Copilot in #13930
• Bump Bundler to 2.7.2 by @JamieMagee in #13924
• Set snapshot status to "incomplete" when the job has a subdependency warning by @Ahmed3lmallah in #13925
• Replace CGI.parse with URI.decode_www_form for Ruby 4.0 compatibility by @JamieMagee in #13936
• Bump the all-actions group across 1 directory with 11 updates by @dependabot[bot] in #13779
• v0.357.0 by @dependabot-core-action-automation[bot] in #13943

New Contributors

• @taylorrf made their first contribution in #13908

Full Changelog: v0.356.0...v0.357.0

v0.356.0

What's Changed

• Julia: Set Julia pkgserver to eager registry flavor by @IanButterworth in #13702
• Support explicit UV index configuration in uv.lock updates by @markhallen in #13798
• Upgrade uv to v0.9.18 by @edgarrmondragon in #13811
• Upgrade to npm 11.7.0 by @yeikel in #13751
• Fix python incorrect version selection issue by @AbhishekBhaskar in #13862
• Bump bun to 1.3.5 by @yeikel in #13752
• Consider dependency suffixes for maven and gradle by @yeikel in #13818
• Fix Cargo config file fetching from parent directories by @a-schur in #13790
• Bump maven from 3.9.9 to 3.9.12 in /maven by @dependabot[bot] in #13847
• Fix provider version updates in nested Terraform local modules by @Copilot in #13884
• improve directory matcher with trailing slash by @brettfo in #13890
• fix(docker): handle version tags with v prefix correctly by @thavaahariharangit in #13894
• warn on graph processing issues instead of fail by @jakecoffman in #13888
• When there is no update needed, close the PR on refresh. by @thavaahariharangit in #13896
• case-correct web.config and app.config locations when reporting by @brettfo in #13851
• Revert "Fix python incorrect version selection issue" by @kbukum1 in #13895
• maintain pr groups across directories by @brettfo in #13873
• Extract shared file fetching logic into a SharedFileFetcher base class for Python and UV ecosystems. by @robaiken in #13799
• Strip UTF-8 BOM prefix from files read from cloned repos by @Nishnha in #13897
• v0.356.0 by @dependabot-core-action-automation[bot] in #13901

Full Changelog: v0.355.0...v0.356.0

v0.355.0

What's Changed

• v0.355.0 by @dependabot-core-action-automation[bot] in #13876

Full Changelog: v0.354.0...v0.355.0