1 Release published by 1 person

• v0.300.0

  published Mar 6, 2025

21 Pull requests merged by 11 people

• report pr status messages as appropriate

  #11757 merged Mar 7, 2025

• Remove cooldown parameter from update checker for security updates

  #11758 merged Mar 7, 2025

• Make setup-go inherit go version from the go.mod file

  #11717 merged Mar 6, 2025

• Add/Update Specs for Job & Fix Dry-Run to Pass Cooldown Through Env Variables

  #11753 merged Mar 6, 2025

• align version checking code with the parse method

  #11742 merged Mar 6, 2025

• Revert "Downgrade Rust Docker image from 1.85.0-bookworm to 1.84.0-bookworm to restore missing dependencies"

  #11746 merged Mar 6, 2025

• v0.300.0

  #11744 merged Mar 6, 2025

• Remove FF and tests for npm6 deprecation and unsupported error

  #11622 merged Mar 6, 2025

• Handle uv pyproject.toml without a requirements.txt lock file

  #11735 merged Mar 6, 2025

• Better: Prepend .gitconfig with random hash to allow concurrency

  #9219 merged Mar 6, 2025

• Fix passing cooldown options into Python Latest Version Finder

  #11743 merged Mar 6, 2025

• Downgrade Rust Docker image from 1.85.0-bookworm to 1.84.0-bookworm to restore missing dependencies

  #11738 merged Mar 5, 2025

• detect dependencies with restore property to work around NuGet bug

  #11727 merged Mar 5, 2025

• Document why bundler-cache: true isn't needed

  #11711 merged Mar 4, 2025

• Add strict typing for the elm update checker

  #11716 merged Mar 4, 2025

• Bump pipenv from 2024.0.2 to 2024.4.1 in /python/helpers in the pipenv group across 1 directory

  #11409 merged Mar 4, 2025

• use different values for $(TargetPlatformVersion) for TFM and dependency discovery

  #11718 merged Mar 3, 2025

• Add Generic Cooldown Filtering and Enable for Python Package Manager

  #11693 merged Mar 3, 2025

• Use Poetry v2

  #11642 merged Mar 3, 2025

• Simplify the "version already exists" check by using RubyGems v2 API

  #11712 merged Mar 3, 2025

• Added sorbet type strict for the metadata_finder

  #11660 merged Mar 3, 2025

14 Pull requests opened by 8 people

• Bump the dev-dependencies group across 1 directory with 2 updates

  #11707 opened Mar 2, 2025

• Bump composer/composer from 2.7.7 to 2.8.6 in /composer/helpers/v2 in the prod-dependencies group across 1 directory

  #11708 opened Mar 2, 2025

• Bump nuget/helpers/lib/dotnet-core from `218ef74` to `8e16b8f`

  #11709 opened Mar 2, 2025

• Private registry error handling.

  #11724 opened Mar 4, 2025

• Adding support for helm charts

  #11726 opened Mar 4, 2025

• Bump library/golang from 1.22.5-bookworm to 1.24.1-bookworm in /go_modules

  #11740 opened Mar 5, 2025

• install libssl 1.1 to support older .NET SDKs

  #11741 opened Mar 5, 2025

• Bump the prod-dependencies group across 1 directory with 27 updates

  #11749 opened Mar 6, 2025

• Fix added for sorbet type strict.

  #11754 opened Mar 6, 2025

• Bump the all-actions group across 1 directory with 9 updates

  #11755 opened Mar 6, 2025

• move back to hard-coded modes if mode is not provided

  #11760 opened Mar 7, 2025

• Fix pub ecosystem Flutter dependency_services execution by applying `--force` checkout

  #11762 opened Mar 7, 2025

• add simple title, commit message, and body text generation

  #11763 opened Mar 7, 2025

• Support ruby style requirements as gradle requirements

  #11764 opened Mar 8, 2025

12 Issues closed by 7 people

• Specific image tag version fails parsing and breaks updater

  #11739 closed Mar 6, 2025

• cargo 1.85.0 required for edition 2024 crates

  #11745 closed Mar 6, 2025

• Dependabot don't create PR's

  #11720 closed Mar 6, 2025

• cargo depedanbot jobs currently failing with "No such file or directory - cargo"

  #11722 closed Mar 5, 2025

• Dependabot::SharedHelpers::HelperSubprocessFailed: No such file or directory - cargo

  #11737 closed Mar 5, 2025

• Dependabot ignore "ignore list"

  #11721 closed Mar 5, 2025

• Dependabot failed to create a pull request: 422 - Must supply a valid tree.mode

  #11715 closed Mar 5, 2025

• NuGet updater doesn't properly handle `-windows` TFM suffix

  #11719 closed Mar 3, 2025

• dependency_file_not_found - No files found in /src

  #11520 closed Mar 3, 2025

• Yank/delete the accidental `dependabot-javascript` gem

  #11713 closed Mar 3, 2025

• Runtime error on terraform updating a private github terraform module

  #6716 closed Mar 2, 2025

• Terraform provider versions are sometimes parsed as empty string ""

  #5772 closed Mar 2, 2025

15 Issues opened by 14 people

• Dependabot should ignore `testdata/` directories

  #11759 opened Mar 7, 2025

• Dependabot lies about which dependencies and versions it has updated

  #11756 opened Mar 6, 2025

• Report bad SDK version requested in `global.json` for SDK install

  #11752 opened Mar 6, 2025

• NuGet updater should detect `404` on base package feed

  #11751 opened Mar 6, 2025

• pip no longer updates requirement files along with pyproject

  #11750 opened Mar 6, 2025

• Dependabot failed to create a pull request: 422 - Sorry, your input was too large to process.

  #11747 opened Mar 6, 2025

• Ability to name Dependabot update jobs

  #11736 opened Mar 5, 2025

• Elixir: consider running `mix deps.unlock --unused` when bumping

  #11734 opened Mar 5, 2025

• dependabot downgrading Microsoft packages to latest major versions "verbally" but does not include actual related changes

  #11733 opened Mar 5, 2025

• no longer updatable - PR closed. dependency is updatable, however

  #11732 opened Mar 5, 2025

• `Gemfile` with `dependabot-omnibus` fails to install the `dependabot-uv` dep

  #11731 opened Mar 5, 2025

• submodules are not properly updated

  #11723 opened Mar 4, 2025

• Grouped dependabot comments after superseding

  #11714 opened Mar 3, 2025

• Dependabot not updating all versions in package.json

  #11706 opened Mar 1, 2025

• Upper case commit message after prefix

  #11705 opened Mar 1, 2025

50 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add support for dotnet `.slnx` solution files

  #11694 commented on Mar 3, 2025 • 4 new comments

• build(deps): bump terraform from 1.10.5 to 1.11.0

  #11696 commented on Mar 3, 2025 • 3 new comments

• Fails with `private_source_authentication_failure` for a public repository

  #11686 commented on Mar 7, 2025 • 0 new comments

• [NuGet] ignore semver-major doesn't appear to work

  #11398 commented on Mar 7, 2025 • 0 new comments

• Fails to find latest version of Maven plugins from Apache

  #8329 commented on Mar 7, 2025 • 0 new comments

• Problem with nested local modules in terraform

  #11203 commented on Mar 7, 2025 • 0 new comments

• Directory with special characters incorrectly flagged as containing glob

  #10525 commented on Mar 7, 2025 • 0 new comments

• Support vendoring for Maven

  #485 commented on Mar 8, 2025 • 0 new comments

• Ignores not being applied for Gradle

  #6532 commented on Mar 8, 2025 • 0 new comments

• Ignores not being applied for Cargo

  #6802 commented on Mar 8, 2025 • 0 new comments

• Cargo: Support ignoring git dependencies

  #4388 commented on Mar 8, 2025 • 0 new comments

• Remove two more hardcoded `master` references

  #7131 commented on Mar 4, 2025 • 0 new comments

• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates

  #10361 commented on Mar 2, 2025 • 0 new comments

• Bump Yarn to 4.7.0

  #11470 commented on Mar 7, 2025 • 0 new comments

• Bump the npm-dependencies group across 1 directory with 3 updates

  #11537 commented on Mar 2, 2025 • 0 new comments

• adding increase logging around flakey test

  #11538 commented on Mar 4, 2025 • 0 new comments

• Use `dependabot-common` gem if available

  #11558 commented on Mar 4, 2025 • 0 new comments

• Fixes [1.2k weekly] [terraform] Adds handler for terraform file updater errors

  #11560 commented on Mar 5, 2025 • 0 new comments

• Bump pip from 24.0 to 25.0.1 in /python/helpers in the pip group across 1 directory

  #11596 commented on Mar 4, 2025 • 0 new comments

• Bump nokogiri from 1.16.5 to 1.18.3 in /updater

  #11635 commented on Mar 6, 2025 • 0 new comments

• Bump the common group across 1 directory with 2 updates

  #11639 commented on Mar 4, 2025 • 0 new comments

• Bump the dev-dependencies group across 1 directory with 2 updates

  #11665 commented on Mar 2, 2025 • 0 new comments

• Upgrade Ruby to 3.4.2

  #11681 commented on Mar 7, 2025 • 0 new comments

• mount the SSH_AUTH_SOCK socket for ssh-agent

  #11683 commented on Mar 7, 2025 • 0 new comments

• Bump the dev-dependencies group across 1 directory with 6 updates

  #11688 commented on Mar 6, 2025 • 0 new comments

• Allow lower case commit message.

  #10586 commented on Mar 1, 2025 • 0 new comments

• Create semver labels if they don't exist

  #6754 commented on Mar 2, 2025 • 0 new comments

• Gradle - Stack level too deep (SystemStackError)

  #10125 commented on Mar 3, 2025 • 0 new comments

• Configure a trusted publisher for RubyGems

  #9786 commented on Mar 3, 2025 • 0 new comments

• Ignored Dependecies are not ignored

  #11649 commented on Mar 3, 2025 • 0 new comments

• Dependabot is failing to authenticate against a private Hex Repisotiry

  #11031 commented on Mar 4, 2025 • 0 new comments

• Support private go-registry in dependabot.yml

  #11148 commented on Mar 4, 2025 • 0 new comments

• GO Modules Proxy support

  #7362 commented on Mar 4, 2025 • 0 new comments

• Dependabot encountered an error performing the update

  #11168 commented on Mar 4, 2025 • 0 new comments

• Timeout running job when updating NuGet packages after updater logic was re-written in C#

  #9375 commented on Mar 4, 2025 • 0 new comments

• Access to repository vars

  #6677 commented on Mar 5, 2025 • 0 new comments

• Pull request not created for group

  #11657 commented on Mar 5, 2025 • 0 new comments

• Dependabot is not superseding older PRs

  #11450 commented on Mar 5, 2025 • 0 new comments

• Dependabot crashing when evaluating netstandard project NETSDK1005

  #11625 commented on Mar 5, 2025 • 0 new comments

• Support for Helm chart dependencies

  #2237 commented on Mar 5, 2025 • 0 new comments

• Support Nested Terraform Code (HCL)

  #649 commented on Mar 6, 2025 • 0 new comments

• Python: Support PEP 735 `[dependency-groups]` in `pyproject.toml`

  #10847 commented on Mar 6, 2025 • 0 new comments

• Dependabot requires private repo auth when it is unnecessary

  #9712 commented on Mar 6, 2025 • 0 new comments

• Support updating `uv.lock`

  #10478 commented on Mar 6, 2025 • 0 new comments

• dependabot fails to update pnpm-lock.yaml

  #8186 commented on Mar 6, 2025 • 0 new comments

• Notify when Dependabot jobs encounter an error

  #3509 commented on Mar 6, 2025 • 0 new comments

• Add support for PEP 621 in Poetry version 2 projects

  #11237 commented on Mar 6, 2025 • 0 new comments

• Support PNPM v10

  #11246 commented on Mar 7, 2025 • 0 new comments

• Dependabot encountered an unknown error, Dependabot failed to update your dependencies because an unexpected error occurred. See the logs for more details.

  #8004 commented on Mar 7, 2025 • 0 new comments

• Dependabot keeps timing out

  #10309 commented on Mar 7, 2025 • 0 new comments