v0.292.0

What's Changed

• Return deprecated version if user requests it so that we can trigger warning or logging by @amazimbe in #11155
• don't use transitive dependency version as top level version by @brettfo in #11151
• Upgrade to latest Ruby patchlevels by @deivid-rodriguez in #10250
• elevate formatting issues to build failure by @brettfo in #11098
• Python 3.13 Support by @ulgens in #10829
• ignore semver condition is ignored when the version is nil in dependency by @thavaahariharangit in #11156
• Set EnableWindowsTargeting to true when updating the lock file by @na1307 in #11037
• bump corepack to fix freezes by @jakecoffman in #11126
• capture and report analyzer failures by @brettfo in #11167
• Bump phpstan/phpstan from 1.10.67 to 2.0.4 in /composer/helpers/v2 by @dependabot in #11173
• Add support for python 3.8 deprecation warning and unsupported error by @amazimbe in #11166
• Fixes pip-compile file matcher for metric collection by @sachin-sandhu in #11174
• Add @dependabot/azure-dev-ops as owners of dotnet_sdk by @JamieMagee in #11189
• Add support for language deprecation notices, warnings and errors by @amazimbe in #11199
• Add Detected Version to Base Version Manager and Update Ecosystem Package Managers and Languages by @kbukum1 in #11190
• Metric collection for Dotnet SDK by @sachin-sandhu in #11183
• Add Package Manager for GitHub Actions by @kbukum1 in #11043
• Fix typos by @jeffwidman in #11210
• [BUG FIX] Only use the major.patch version to check deprecation status by @amazimbe in #11214
• Prevent forks from trying (and failing) to push latest images to GHCR by @jeffwidman in #11213
• Skip earlier when run on forks by @jeffwidman in #11212
• Treat Python Package managers as distinct groups by @jeffwidman in #11129
• Ensure additional commits after approval are rejected by @jeffwidman in #11223
• Adds metric collection support for Docker by @sachin-sandhu in #11217
• Update Bundler deprecation unsupported check to use detected version by @kbukum1 in #11222
• Selecting the correct requirement based on the given marker condition. by @thavaahariharangit in #11204
• Remove composer v1 test fixtures following its deprecation by @amazimbe in #11235
• Update Composer deprecation unsupported check to use detected version by @kbukum1 in #11225
• Type the workflow input as a number, not a string by @jeffwidman in #11239
• expand pattern to filter out Microsoft.WebApplication.targets by @brettfo in #11236
• Update Python 3.8 Detection Logic to Use Detected Version by @kbukum1 in #11241
• Drop warnings from output of git rev-parse HEAD by @jonabc in #11224
• Remove composer v1 from Dockerfile by @abdulapopoola in #11177
• expand pattern to report missing files by @brettfo in #11238
• Handling markers with multiple condition joined with and/or logic. by @thavaahariharangit in #11244
• Bump pnpm to 9.15.3 by @yeikel in #11242
• Update npm_and_yarn deprecation and unsupported checks for npm, pnpm, and yarn package managers by @kbukum1 in #11240
• capture and report job deserialization errors by @brettfo in #11179
• merge SDK and packages.config references in discovery by @brettfo in #11099
• Delete stale composer v1 specs by @abdulapopoola in #11178
• Remove unnecessary references to composer v1 by @amazimbe in #11245
• change type of property job.commit-message-options.include-scope to bool by @brettfo in #11249
• expand pattern to report unauthorized feed by @brettfo in #11251
• Bump xunit.runner.visualstudio from 2.8.2 to 3.0.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11172
• Bump dotnet-sdk from 9.0.100 to 9.0.101 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11081
• v0.292.0 by @dependabot-core-action-automation in #11184

Full Changelog: v0.291.0...v0.292.0

v0.291.0

What's Changed

• Dotnet ecosystem metric collection by @sachin-sandhu in #11097
• Fix unsupported PNPM error message by @deivid-rodriguez in #10094
• Bump poetry version from 1.8.3 to 1.8.5 by @noorul in #11107
• chore(python): Target latest Python 3.12 version to 3.12.7 by @HrMathematiker in #10831
• Bump pnpm to 9.15.0 by @jeffwidman in #11114
• Bump symfony/process from 5.4.40 to 5.4.47 in /composer/helpers/v2 by @dependabot in #11117
• Bump friendsofphp/php-cs-fixer from 3.54.0 to 3.65.0 in /composer/helpers/v2 in the dev-dependencies group across 1 directory by @dependabot in #11034
• Bump nock from 13.5.5 to 13.5.6 in /npm_and_yarn/helpers in the npm-dependencies group by @dependabot in #10922
• Bump the dev-dependencies group across 1 directory with 2 updates by @dependabot in #11078
• Raise a proper user error when package.json includes just a dummy string by @deivid-rodriguez in #8747
• Stop checking for Composer 1 dependencies by @jeffwidman in #11120
• Bump the all-actions group across 1 directory with 5 updates by @dependabot in #11118
• Add support for NPM V6 deprecation warning and unsupported error by @amazimbe in #11112
• Bump hashin from 1.0.1 to 1.0.3 in /python/helpers in the poetry group across 1 directory by @dependabot in #11115
• Bump yarn to 4.5.3 by @jeffwidman in #11123
• If overridden file exists, then process it and find the missing key values from base file. by @thavaahariharangit in #11137
• fix(terraform): update less-than/less-than/equals version constraints by @bryan-bar in #8983
• install .NET SDKs as specified by repo's global.json files by @brettfo in #11090
• Containerfile is a thing. by @shyouhei in #11141
• Throw appropriate error when failing to parse project file by @sebasgomez238 in #11139
• WIP: Set timeout for helper subprocesses to enhance stability by @kbukum1 in #11125
• To support for "containerFiles" more robust by @randhircs in #11145
• Increase default timeout for helper subprocess commands from 2 minutes to 15 minutes by @kbukum1 in #11153
• Improve error handling for missing dependency versions for github actions by @robaiken in #11144
• v0.291.0 by @dependabot-core-action-automation in #11154

New Contributors

• @HrMathematiker made their first contribution in #10831
• @bryan-bar made their first contribution in #8983
• @shyouhei made their first contribution in #11141
• @randhircs made their first contribution in #11145

Full Changelog: v0.290.0...v0.291.0

v0.290.0

What's Changed

• allow for differing package and assembly names when finding packages path by @brettfo in #11064
• download nuget packages to well-known location by @brettfo in #11056
• remove unnecessary log messages by @brettfo in #11065
• Add support for terraform ecosystem metrics collection by @amazimbe in #11059
• Metric collection for Dart ecosystem by @sachin-sandhu in #11070
• parse and honor ignore-conditions from job file by @brettfo in #11066
• Add fallback to local package manager when Corepack installation fails by @kbukum1 in #11072
• detect byte order mark in YAML and report error by @brettfo in #11073
• patch DotnetSdk::Requirement by @JamieMagee in #11075
• remove old update checker and stale code by @brettfo in #11076
• make directory crawling unit-testable by @brettfo in #11071
• add concrete types to job deserializer by @brettfo in #11088
• add missing test for scenario by @brettfo in #11087
• Fix Composer v1 Unsupported Error Handling in Dependabot Core by @kbukum1 in #11091
• Add argument to parser to allow trailing comma in json. by @sebasgomez238 in #11086
• Bump nuget/helpers/lib/NuGet.Client from c097388 to 7a84f1e by @dependabot in #11082
• Bump Microsoft.CodeAnalysis.CSharp from 4.11.0 to 4.12.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11083
• Add support for swift ecosystem metrics collection by @amazimbe in #11094
• pass job file path to analyze command by @brettfo in #11089
• Enable CorePack Installing Package Managers from Private Registries by @kbukum1 in #11077
• Throwing an appropriate error, when private registry response with 200 status and empty array response by @thavaahariharangit in #11095
• v0.290.0 by @dependabot-core-action-automation in #11104

Full Changelog: v0.289.0...v0.290.0

v0.289.0

What's Changed

• Remove dedup_branch_names ff and existing_branches array by @Nishnha in #10976
• Add Dependabot configuration for NuGet and git submodule by @JamieMagee in #10984
• Set Default npm Version to 10 Under enable_corepack_for_npm_and_yarn Feature Flag by @kbukum1 in #10985
• Bump MSBuildPackageVersion from 17.5.0 to 17.12.6 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10989
• Bump Microsoft.VisualStudio.Setup.Configuration.Interop from 3.4.2244 to 3.12.2149 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10990
• Bump Microsoft.Extensions.FileSystemGlobbing from 6.0.0 to 9.0.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10991
• Bump Microsoft.CodeAnalysis.CSharp from 4.9.2 to 4.11.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10992
• Bump Newtonsoft.Json from 13.0.1 to 13.0.3 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10993
• project discovery reports its own imported and additional files by @brettfo in #10994
• Bump NuGet.Core from 2.14.0-rtm-832 to 2.14.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10996
• Fix: Ensure Compatibility with npm >= 8 to Prevent Lockfile Downgrades by @kbukum1 in #11001
• Bump System.ComponentModel.Composition from 7.0.0 to 9.0.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10998
• Bump System.Security.Cryptography.ProtectedData from 8.0.0 to 9.0.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10999
• gracefully exit if we can't solve an issue with peer dependencies by @brettfo in #11000
• Enables python ecosystem metric collection by @sachin-sandhu in #10986
• Add support for cargo ecosystem metrics collection by @amazimbe in #11009
• Bump xunit from 2.4.2 to 2.9.2 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #10997
• Bump Microsoft.CSharp from 4.3.0 to 4.7.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11002
• Bump Microsoft.Extensions.FileProviders.Abstractions from 6.0.0 to 9.0.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11003
• Handle paths with multiple case-insenstive matches on disk. by @sebasgomez238 in #10980
• Bump Microsoft.Web.Xdt from 3.0.0 to 3.1.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11004
• Add npm_and_yarn package managers' requirements to ecosystem metrics by @kbukum1 in #10977
• Store Language Name, Version, and Requirements for npm, pnpm, and yarn by @kbukum1 in #11017
• Bump xunit.runner.visualstudio from 2.4.5 to 2.8.2 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11005
• Bump DiffPlex from 1.7.1 to 1.7.2 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11014
• Bump Microsoft.NET.Test.Sdk from 17.5.0 to 17.12.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11015
• Bump System.Threading.Tasks.Dataflow from 6.0.0 to 9.0.0 in /nuget/helpers/lib/NuGetUpdater by @dependabot in #11016
• Bump nuget/helpers/lib/NuGet.Client from 1975634 to c097388 by @dependabot in #11007
• Refactor Composer: Code Cleanup, Constants, and Helper Functions by @kbukum1 in #11021
• Running yarn install before running the update checkoer by @thavaahariharangit in #11011
• Python metric collection by @sachin-sandhu in #11013
• Add support for hex ecosystem metrics collection by @amazimbe in #11023
• Add support for gradle ecosystem metrics collection by @amazimbe in #11030
• build(deps): bump terraform from 1.9.1 to 1.10.0 by @HorizonNet in #11029
• Reorders package managers for python ecosystem metric collection by @sachin-sandhu in #11040
• Try to find pnpm-lock.yaml file upwards on tree structure by @Yurickh in #10806
• Update System.Security.Cryptography.Pkcs from 5.0.0 to 9.0.0 by @JamieMagee in #11039
• Add support for devcontainers ecosystem metrics collection by @amazimbe in #11047
• use content of discovery JSON to report dependency files by @brettfo in #11026
• Add Metrics Collection for Composer Ecosystem: Package Manager and Language Details by @kbukum1 in #11025
• Add Package Manager and Language Version Detection for Elm by @kbukum1 in #11041
• remove duplicate Directory.Packages.props by @brettfo in #11042
• align C# log messages with Ruby by @brettfo in #11044
• filter out invalid requirement strings from array by @brettfo in #11049
• Adding retries interval to registry client by @robaiken in #11048
• Add support for git-submodules ecosystem metrics collection by @amazimbe in #11053
• store discovery files under $HOME so they're not cleaned up by the OS by @brettfo in #11054
• allow discovery to re-run if files are missing; log errors by @brettfo in #11055
• Cleaning up lfs environment variable as it is not being used by @thavaahariharangit in #11058
• v0.289.0 by @dependabot-core-action-automation in #11027

New Contributors

• @Yurickh made their first contribution in #10806

Full Changelog: v0.288.0...v0.289.0

v0.288.0

What's Changed

• use MSBuild binlog to report dependencies by @brettfo in #10597
• Store raw installed versions for npm, pnpm, and yarn package managers instead of detected version by @kbukum1 in #10938
• allow null when parsing job.debug field by @brettfo in #10974
• Fix Sorbet Typings for npm_and_yarn Ecosystem Package Manager and Helpers by @kbukum1 in #10975
• Add support for go ecosystem metrics collection by @amazimbe in #10953
• remove duplicate TFMs when considering updates by @brettfo in #10981
• v0.288.0 by @dependabot-core-action-automation in #10978

Full Changelog: v0.287.0...v0.288.0

v0.287.0

What's Changed

• Update .NET SDKs by @martincostello in #10752
• Remove Composer v1 Code and Related Feature Flags by @sachin-sandhu in #10934
• Add support for centralized package manager & language abstraction fo… by @amazimbe in #10929
• only report a package as existing if the actual .nupkg can be downloaded by @brettfo in #10939
• make NuGet tests more stable by @brettfo in #10931
• Handle semicolons in packageReferences by @sebasgomez238 in #10909
• Ensure Corepack Usage for npm, pnpm, and yarn Command Execution by @kbukum1 in #10944
• Update hcl2json to version 0.6.4 by @Zawadidone in #10952
• [pub] Fix update fails when project contains dependency from Dart SDK by @chika3742 in #10947
• still allow package analysis to continue even if metadata isn't valid by @brettfo in #10956
• Make DiscoveryWorker project path check case insensitive by @sebasgomez238 in #10958
• Adds conditional for no pull request for existing branch by @sachin-sandhu in #10963
• v0.287.0 by @dependabot-core-action-automation in #10965

New Contributors

• @Zawadidone made their first contribution in #10952
• @chika3742 made their first contribution in #10947

Full Changelog: v0.286.0...v0.287.0

v0.286.0

What's Changed

• manage C#-only experiments with ExperimentsManager by @brettfo in #10868
• create interfaces for workers to make testing more direct by @brettfo in #10910
• clean up warnings from NuGet.Client submodule by @brettfo in #10911
• Adding support for build-system.requires in pyproject.toml by @gopidesupavan in #10899
• improve packages directory detection by @brettfo in #10912
• Send Ecosystem Metrics to Dependabot-API on Update Job Completion by @kbukum1 in #10905
• Add Ruby Language Requirement Collection for Bundler Ecosystem Metrics by @kbukum1 in #10932
• Fix bug related to empty package manager name in npm_and_yarn package manager by @kbukum1 in #10936
• v0.286.0 by @dependabot-core-action-automation in #10933

New Contributors

• @gopidesupavan made their first contribution in #10899

Full Changelog: v0.285.0...v0.286.0

v0.285.0

What's Changed

• Add support for centralized package manager abstraction for npm_and_yarn ecosystem by @kbukum1 in #10862
• Expand Centralized Ecosystem Format with Language Version Information for Bundler by @kbukum1 in #10867
• Check for packages.config in pure C# updater. by @sebasgomez238 in #10858
• Expand Centralized Ecosystem Format with Requirements Information for Bundler Package Manager by @kbukum1 in #10897
• Adds additional logs for Github PR creator by @sachin-sandhu in #10907
• v0.285.0 by @dependabot-core-action-automation in #10906

Full Changelog: v0.284.0...v0.285.0

v0.284.0

What's Changed

• do case-insensitive comparison for lead_security_dependency experiment by @brettfo in #10861
• restrict when we add binding redirects by @brettfo in #10833
• add explicit clone command for NuGet updater by @brettfo in #10864
• Bump sorbet and tapioca versions by @JamieMagee in #10875
• Centralizing Eco-System, and Package Manager Version Information by @kbukum1 in #10826
• source_url in Maven::UpdaterChecker::RequirementsUpdater can be nil by @JamieMagee in #10876
• Convert match from MatchData to string before creating Python version by @JamieMagee in #10877
• Bump rexml from 3.3.8 to 3.3.9 in /updater by @dependabot in #10860
• Initial dotnet_sdk updater by @JamieMagee in #10756
• Docker Registry Upgrade by @lewis-strong in #10855
• Bump the all-actions group across 1 directory with 6 updates by @dependabot in #10879
• Introduce feature flag to raise exception on same branch exists by @sachin-sandhu in #10878
• Bump eslint from 9.13.0 to 9.14.0 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot in #10887
• v0.284.0 by @dependabot-core-action-automation in #10894

New Contributors

• @lewis-strong made their first contribution in #10855

Full Changelog: v0.283.0...v0.284.0

v0.283.0

What's Changed

• Add semver ignore-condition range code into python version by @amazimbe in #10844
• Bump eslint from 9.12.0 to 9.13.0 in /npm_and_yarn/helpers in the dev-dependencies group by @dependabot in #10819
• v0.283.0 by @dependabot-core-action-automation in #10869

Full Changelog: v0.282.0...v0.283.0