Update dependabot-omnibus requirement from ~> 0.363.0 to ~> 0.364.0 in /packages/runner/upstream by dependabot[bot] · Pull Request #2590 · mburumaxwell/paklo

dependabot · 2026-03-09T02:14:06Z

Updates the requirements on dependabot-omnibus to permit the latest version.

Release notes

Sourced from dependabot-omnibus's releases.

v0.364.0

What's Changed

Fix flaky Composer UpdateChecker test: mock VersionResolver instead of stubbing PHP subprocess HTTP calls by @Copilot in dependabot/dependabot-core#14266

feat: Add PR message formatting for dependency-name groups by @markhallen in dependabot/dependabot-core#14289

refactor: Remove group_by_dependency_name feature flag by @markhallen in dependabot/dependabot-core#14292

Add uv dependency grapher by @Nishnha in dependabot/dependabot-core#14295

Bump octokit from 7.2.0 to 10.0.0 in /updater by @dependabot[bot] in dependabot/dependabot-core#14241

Bump sentry-ruby from 5.23.0 to 5.28.1 in /updater by @dependabot[bot] in dependabot/dependabot-core#14242

Bump gitlab from 5.1.0 to 6.1.0 in /updater by @dependabot[bot] in dependabot/dependabot-core#14240

Bump sentry-opentelemetry and sentry-ruby in /updater by @dependabot[bot] in dependabot/dependabot-core#14308

Bump terminal-table from 3.0.2 to 4.0.0 in /updater by @dependabot[bot] in dependabot/dependabot-core#14239

Bump the dev-dependencies group across 2 directories with 1 update by @dependabot[bot] in dependabot/dependabot-core#14311

Bump the prod-dependencies group across 2 directories with 4 updates by @dependabot[bot] in dependabot/dependabot-core#14310

Bump minimatch from 3.0.4 to 3.1.5 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#14305

Bump minimatch from 3.1.2 to 3.1.5 in /bun/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#14287

Bump lodash from 4.17.21 to 4.17.23 in /bun/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#14017

Bump lodash from 4.17.21 to 4.17.23 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#13993

Bump minimatch from 3.1.2 to 3.1.5 in /npm_and_yarn/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#14303

Bump minimatch from 3.1.2 to 3.1.5 in /bun/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#14299

Bump lodash from 4.17.21 to 4.17.23 in /bun/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#13996

Bump lodash from 4.17.21 to 4.17.23 in /npm_and_yarn/helpers/test/npm6/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in dependabot/dependabot-core#13995

Bump Microsoft.Web.Xdt from 3.2.0 to 3.2.3 by @dependabot[bot] in dependabot/dependabot-core#14252

Bump the all-actions group with 3 updates by @dependabot[bot] in dependabot/dependabot-core#14316

Bump System.CommandLine from 2.0.0-beta6.25358.103 to 2.0.3 by @dependabot[bot] in dependabot/dependabot-core#14319

Bump regclient/regctl from v0.11.1 to v0.11.2 in /docker in the regclient group by @dependabot[bot] in dependabot/dependabot-core#14317

Bump Microsoft.Build.Tasks.Core and Microsoft.Build.Utilities.Core by @dependabot[bot] in dependabot/dependabot-core#14187

Bump dotnet-sdk from 9.0.302 to 9.0.303 in /nuget/helpers/lib/NuGetUpdater by @dependabot[bot] in dependabot/dependabot-core#12666

Bump Newtonsoft.Json from 13.0.3 to 13.0.4 by @dependabot[bot] in dependabot/dependabot-core#14253

Bump minimatch in /bun/helpers by @dependabot[bot] in dependabot/dependabot-core#14312

Bump minimatch in /npm_and_yarn/helpers by @dependabot[bot] in dependabot/dependabot-core#14304

Update Composer to the latest 2.9 version (2.9.5) by @T2L in dependabot/dependabot-core#14267

Bump library/rust from 1.93.0-bookworm to 1.93.1-bookworm in /cargo by @dependabot[bot] in dependabot/dependabot-core#14177

Bump library/golang from 1.25.7-bookworm to 1.26.0-bookworm in /go_modules by @dependabot[bot] in dependabot/dependabot-core#14179

Bump ajv from 6.12.6 to 6.14.0 in /npm_and_yarn/helpers by @dependabot[bot] in dependabot/dependabot-core#14244

Bump ajv from 6.12.6 to 6.14.0 in /bun/helpers by @dependabot[bot] in dependabot/dependabot-core#14245

Bump golang.org/x/mod from 0.27.0 to 0.33.0 in /go_modules/helpers by @dependabot[bot] in dependabot/dependabot-core#14178

Bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.9.0 in /maven/lib/dependabot/maven by @dependabot[bot] in dependabot/dependabot-core#13233

Bump prettier from 3.7.4 to 3.8.1 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot[bot] in dependabot/dependabot-core#14180

Bump the dev-dependencies group across 1 directory with 2 updates by @dependabot[bot] in dependabot/dependabot-core#14315

Bump js-yaml from 3.14.1 to 3.14.2 in /npm_and_yarn/helpers by @dependabot[bot] in dependabot/dependabot-core#13613

Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates by @dependabot[bot] in dependabot/dependabot-core#10361

Update ESLint configuration file to new format by @bohdanhusak in dependabot/dependabot-core#13785

Bump eslint from 9.39.1 to 10.0.0 in /npm_and_yarn/helpers by @dependabot[bot] in dependabot/dependabot-core#14182

Bump pip-tools from 7.4.1 to 7.5.0 in /python/helpers in the pip-tools group by @dependabot[bot] in dependabot/dependabot-core#12770

Bump gradle from 8.14.3-jdk21-ubi-minimal to 9.0.0-jdk21-ubi-minimal in /gradle by @dependabot[bot] in dependabot/dependabot-core#13971

Bump globals from 16.5.0 to 17.4.0 in /npm_and_yarn/helpers by @dependabot[bot] in dependabot/dependabot-core#14325

Fetch pre-commit additional dependencies language field from hook source repository by @AbhishekBhaskar in dependabot/dependabot-core#14300

fix(npm_and_yarn): avoid group refresh NoChangeError for non-pnpm support-file updates by @thavaahariharangit in dependabot/dependabot-core#14331

Set smoke test max parallelism to 10 by @JamieMagee in dependabot/dependabot-core#14307

Bump System.ComponentModel.Composition from 9.0.7 to 10.0.3 by @dependabot[bot] in dependabot/dependabot-core#14326

... (truncated)

Changelog

Sourced from dependabot-omnibus's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

Run UpdateAllVersions with ungrouped dependencies #7110

[Updater] Ensure we no longer test the legacy code path #7136

[Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128

[Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

Pull Request names are Dependency Group aware #7115

🛑 Stop clobbering Octokit middleware #7121

Fix more order dependent spec failures #7114

Fix flaky specs in updater #7113

Run Dependency Group updates #7075

[Updater] Extract UpdateVulnerableVersion as an Operation class #6961

[Updater] Grouped updates will not include ignored dependencies #7091

Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

[Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084

Fix incorrect detection of top level gemspecs #7085

Improve some exception error messages #7068

Bundle the updater when bumping versions #7070

Bump rubocop from 1.48.0 to 1.50.0 in /updater (@app/dependabot) #7064

v0.216.0, 12 April 2023

Allow updating gemspecs loaded from a Gemfile #7051

Update README.md to include link to the public Dependabot Core board #7054

Fix update checking in Yarn repositories using workspaces #7024

Don't try to resolve pinned sha's to versions when updating docker images #6150

[Updater] Inform the backend metric service which operation class is used for each update #7009

[Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005

[Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004

Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998

Generate proper PR summary table for docker digest updates #6996

[Updater] Absorb Security Advisory and Ignore Conditions into Job #6989

[Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991

Fix "no files were updated!" errors in workspaces #6950

Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

fb7b8fc v0.364.0 (#14366)
444d8a4 Merge pull request #14332 from dependabot/swift-xcode-spm-file-fetcher
4a54dee Merge branch 'main' into swift-xcode-spm-file-fetcher
c1516a5 Remove enable_record_ecosystem_meta feature flag (#14353)
fd11f8c Merge branch 'main' into swift-xcode-spm-file-fetcher
e989425 fix: simplify xcodeproj scan to flat directory listing, remove nested fixture
3ca8498 cargo: strip credential-provider keys from .cargo/config.toml (#14359)
2704e65 Remove enable_shared_helpers_command_timeout feature flag (#14125)
57ab757 Merge pull request #14337 from jpinz/dev/jpinz/docker-tag-date-check
f208f14 Refactor version_related_pattern? tests to handle legacy and enabled validati...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Updates the requirements on [dependabot-omnibus](https://github.com/dependabot/dependabot-core) to permit the latest version. - [Release notes](https://github.com/dependabot/dependabot-core/releases) - [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md) - [Commits](dependabot/dependabot-core@v0.363.0...v0.364.0) --- updated-dependencies: - dependency-name: dependabot-omnibus dependency-version: 0.364.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-03-09T02:14:10Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
paklo	Ready	Preview, Comment	Mar 9, 2026 2:28am

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 9, 2026

dependabot bot requested a review from mburumaxwell as a code owner March 9, 2026 02:14

dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Mar 9, 2026

vercel bot deployed to Preview March 9, 2026 02:14 View deployment

mburumaxwell merged commit d5601a8 into main Mar 9, 2026
11 checks passed

mburumaxwell deleted the dependabot/bundler/packages/runner/upstream/dependabot-omnibus-tw-0.364.0 branch March 9, 2026 10:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependabot-omnibus requirement from ~> 0.363.0 to ~> 0.364.0 in /packages/runner/upstream#2590

Update dependabot-omnibus requirement from ~> 0.363.0 to ~> 0.364.0 in /packages/runner/upstream#2590
mburumaxwell merged 1 commit intomainfrom
dependabot/bundler/packages/runner/upstream/dependabot-omnibus-tw-0.364.0

dependabot bot commented on behalf of github Mar 9, 2026

Uh oh!

vercel bot commented Mar 9, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 9, 2026

v0.364.0

What's Changed

Deprecated in favor of GitHub releases April 24th, 2023

v0.217.0, 24 April 2023

v0.216.2, 20 April 2023

v0.216.1, 14 April 2023

v0.216.0, 12 April 2023

Uh oh!

vercel bot commented Mar 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

vercel bot commented Mar 9, 2026 •

edited

Loading