Insights: dependabot/dependabot-core

17 Pull requests merged by 4 people

• Migrate to `packagist`'s `v2` metadata API

  #6315 merged Dec 22, 2022

• Validate SHA256Sum for Dart

  #6319 merged Dec 19, 2022

• Generate compare path and fetch commits for Azure sources

  #6321 merged Dec 22, 2022

• Bump eslint from 8.29.0 to 8.30.0 in /npm_and_yarn/helpers

  #6323 merged Dec 19, 2022

• Bump phpstan/phpstan from 1.9.2 to 1.9.4 in /composer/helpers/v2

  #6324 merged Dec 19, 2022

• Bump friendsofphp/php-cs-fixer from 3.13.0 to 3.13.1 in /composer/helpers/v2

  #6325 merged Dec 20, 2022

• Bump phpstan/phpstan from 1.9.2 to 1.9.4 in /composer/helpers/v1

  #6326 merged Dec 19, 2022

• Bump minimatch from 3.0.4 to 3.1.2 in /npm_and_yarn/helpers

  #6331 merged Dec 22, 2022

• Remove superfluous `v` customization in test fixture

  #6332 merged Dec 19, 2022

• Update `monolog/monolog` fixture to latest packagist response

  #6334 merged Dec 19, 2022

• Stop using handcrafted fixture for packagist responses

  #6335 merged Dec 19, 2022

• Support pulling changelog and related files from Azure based repos

  #6343 merged Dec 22, 2022

• Allow optional single and double quotes in yaml versions/tags

  #6344 merged Dec 22, 2022

• Clarify `composer` `v1` `PEAR` unit test

  #6350 merged Dec 21, 2022

• Add CommitFinder tests/specs for Azure added in #6321

  #6351 merged Dec 22, 2022

• Bump debug from 1.7.0 to 1.7.1 in /updater

  #6354 merged Dec 22, 2022

• Mention `"metadata"` in `--pull-request` description

  #6356 merged Dec 22, 2022

9 Pull requests opened by 5 people

• Added support for Azure in git_submodules

  #6320 opened Dec 18, 2022

• Update pip-tools requirement from <6.11.1,>=6.4.0 to >=6.4.0,<6.12.2 in /python/helpers

  #6322 opened Dec 19, 2022

• Update excon requirement from ~> 0.75, < 0.94 to ~> 0.75, < 0.96 in /omnibus

  #6327 opened Dec 19, 2022

• Bump http from 5.1.0 to 5.1.1 in /updater

  #6328 opened Dec 19, 2022

• Bump rubocop from 1.39.0 to 1.41.1 in /updater

  #6355 opened Dec 22, 2022

• fix OOM for large metadata responses and many dependencies

  #6357 opened Dec 22, 2022

• Add `HARDBREAKS` to commonmarker config

  #6358 opened Dec 22, 2022

• Use source for GitHub client to support fetching metadata from GHES instances

  #6359 opened Dec 22, 2022

• [gomod] Support updating indirect dependencies

  #6361 opened Dec 23, 2022

11 Issues closed by 2 people

• Ignore without range should not attempt a check

  #3047 closed Dec 22, 2022

• PRs not created besides dry run report show changes

  #2003 closed Dec 22, 2022

• [Java] Version range not understood

  #1991 closed Dec 22, 2022

• [java, maven] Dependabot used wrong third party repository instead official (maven-compiler-plugin)

  #2313 closed Dec 22, 2022

• The PHP composer features should use the v2 metadata from Packagist

  #3010 closed Dec 22, 2022

• Dependabot-generated changelog is not readable without line breaks

  #2367 closed Dec 22, 2022

• Changelog file not pulled for Azure-based repositories

  #6342 closed Dec 22, 2022

• Commit diff URL and commits list missing for Azure-based sources/metadata

  #6341 closed Dec 22, 2022

• Helm file update fails when tags are marked as string

  #6313 closed Dec 22, 2022

• Throw error on same-name package checking

  #5386 closed Dec 21, 2022

• Validate SHA256Sum for Dart

  #6131 closed Dec 19, 2022

14 Issues opened by 14 people

• sinatra / sinatra-contrib (vendored) bumps leaves .gem files behind

  #6353 opened Dec 22, 2022

• Yarn classic private registry authentication not working as expected

  #6352 opened Dec 22, 2022

• Error on dependency referencing a URL

  #6348 opened Dec 20, 2022

• NuGet: Add support for .msbuildproj project file extension

  #6347 opened Dec 20, 2022

• Dependabot is not updating package-lock when bumping dependecies in a monorepo

  #6346 opened Dec 20, 2022

• Local actions in .github/actions/ are not checked

  #6345 opened Dec 20, 2022

• git-submodules does not work when referencing Azure based repositories

  #6340 opened Dec 20, 2022

• schedule.interval cron expression

  #6339 opened Dec 20, 2022

• Dependabot generate repeated update

  #6338 opened Dec 20, 2022

• Option to not display Changelog

  #6337 opened Dec 20, 2022

• Dependabot fails to update

  #6336 opened Dec 20, 2022

• Error when checking Gemfile

  #6333 opened Dec 19, 2022

• Metadata doesn't preserve newlines from plain text changelogs

  #6330 opened Dec 19, 2022

• setuptools added to Pipfile.lock

  #6329 opened Dec 19, 2022

38 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Lockfile not updated for NPM workspaces using v3 lockfiles

  #6270 commented on Dec 22, 2022 • 3 new comments

• Bumps GH actions to pre-releases

  #2303 commented on Dec 19, 2022 • 2 new comments

• Merge command is unreliable

  #5566 commented on Dec 20, 2022 • 2 new comments

• Dependabot fails to update same dependency in same pull request

  #6200 commented on Dec 21, 2022 • 2 new comments

• Not picking up changelog from ktlint-gradle

  #2638 commented on Dec 23, 2022 • 2 new comments

• Poetry version support

  #1556 commented on Dec 24, 2022 • 2 new comments

• Make `allow` and `ignore` symmetric

  #3479 commented on Dec 20, 2022 • 1 new comment

• Dependabot not ignoring major semver changes

  #5758 commented on Dec 20, 2022 • 1 new comment

• Dependabot flip-flop with python_full_version/python_version

  #6091 commented on Dec 21, 2022 • 1 new comment

• Including constraints refs in `requirements.in` makes dependabot skip updates

  #2272 commented on Dec 22, 2022 • 1 new comment

• Add global ARG support for Dockerfiles

  #2057 commented on Dec 22, 2022 • 1 new comment

• Pip-compile: Libraries with requirements in devpi not found

  #2067 commented on Dec 22, 2022 • 1 new comment

• Add grouped updates

  #1190 commented on Dec 23, 2022 • 1 new comment

• Unable to authenticate to private repository using token option

  #4502 commented on Dec 25, 2022 • 1 new comment

• Support deno

  #2417 commented on Dec 25, 2022 • 1 new comment

• Remove label filter for azure

  #5767 commented on Dec 22, 2022 • 1 new comment

• Bump pipenv to 2022.11.5

  #6104 commented on Dec 21, 2022 • 1 new comment

• Update rubocop requirement from ~> 1.39.0 to ~> 1.40.0 in /omnibus

  #6294 commented on Dec 22, 2022 • 1 new comment

• Dependabot updating major version of terraform modules even though set to ignore semver-major

  #6316 commented on Dec 21, 2022 • 0 new comments

• The lockfile might be out of sync?

  #6317 commented on Dec 21, 2022 • 0 new comments

• dependabot should prefer 'scm > url' instead of just the 'url' otherwise uses wrong repo (link) in MR

  #2084 commented on Dec 22, 2022 • 0 new comments

• Composer: can't install packages from local ZIP files

  #2096 commented on Dec 22, 2022 • 0 new comments

• Prioritize dependencies based on likelyhood that CI run will succeed

  #2114 commented on Dec 22, 2022 • 0 new comments

• Support pip-compile-multi

  #536 commented on Dec 22, 2022 • 0 new comments

• Version parsing for Maven `PRD` tag to treat as a pre-release tag may be incorrect

  #2044 commented on Dec 22, 2022 • 0 new comments

• Docker release notes

  #2085 commented on Dec 22, 2022 • 0 new comments

• Allow option to use full dependency name for gradle `display_name` property

  #3353 commented on Dec 22, 2022 • 0 new comments

• Remove `@` from PR description intro

  #3378 commented on Dec 22, 2022 • 0 new comments

• `ignore` by version regex

  #3746 commented on Dec 22, 2022 • 0 new comments

• Mark security pull requests with respective vulnerability severity labels

  #5825 commented on Dec 23, 2022 • 0 new comments

• Bump activesupport from 6.1.4.4 to 7.0.4 in /updater

  #5900 commented on Dec 22, 2022 • 0 new comments

• Bump wheel from 0.37.1 to 0.38.4 in /python/helpers

  #6099 commented on Dec 22, 2022 • 0 new comments

• Bump flake8 from 5.0.4 to 6.0.0 in /python/helpers

  #6218 commented on Dec 22, 2022 • 0 new comments

• Add support for custom pom.xml names for the child maven modules

  #6248 commented on Dec 22, 2022 • 0 new comments

• Do not convert the markdown PR description to HTML for bitbucket

  #6287 commented on Dec 23, 2022 • 0 new comments

• Update poetry requirement from <1.3.0,>=1.1.15 to >=1.1.15,<1.4.0 in /python/helpers

  #6302 commented on Dec 22, 2022 • 0 new comments

• Upgrade to Bundler 2.4.0.dev

  #6303 commented on Dec 24, 2022 • 0 new comments

• Update faraday requirement from = 2.6.0 to = 2.7.2 in /omnibus

  #6312 commented on Dec 22, 2022 • 0 new comments