Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump dependabot-omnibus from 0.209.0 to 0.224.0 #930

Closed
wants to merge 1 commit into from
Closed

Bump dependabot-omnibus from 0.209.0 to 0.224.0 #930

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 31, 2023

Bumps dependabot-omnibus from 0.209.0 to 0.224.0.

Release notes

Sourced from dependabot-omnibus's releases.

v0.224.0

What's Changed

New Contributors

Full Changelog: dependabot/dependabot-core@v0.223.0...v0.224.0

v0.223.0

What's Changed

Full Changelog: dependabot/dependabot-core@v0.222.0...v0.223.0

v0.222.0

What's Changed

... (truncated)

Changelog

Sourced from dependabot-omnibus's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

  • Run UpdateAllVersions with ungrouped dependencies #7110
  • [Updater] Ensure we no longer test the legacy code path #7136
  • [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
  • [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

  • Pull Request names are Dependency Group aware #7115
  • 🛑 Stop clobbering Octokit middleware #7121
  • Fix more order dependent spec failures #7114
  • Fix flaky specs in updater #7113
  • Run Dependency Group updates #7075
  • [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
  • [Updater] Grouped updates will not include ignored dependencies #7091
  • Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

  • [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
  • Fix incorrect detection of top level gemspecs #7085
  • Improve some exception error messages #7068
  • Bundle the updater when bumping versions #7070
  • Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

  • Allow updating gemspecs loaded from a Gemfile #7051
  • Update README.md to include link to the public Dependabot Core board #7054
  • Fix update checking in Yarn repositories using workspaces #7024
  • Don't try to resolve pinned sha's to versions when updating docker images #6150
  • [Updater] Inform the backend metric service which operation class is used for each update #7009
  • [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
  • [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
  • Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
  • Generate proper PR summary table for docker digest updates #6996
  • [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
  • [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
  • Fix "no files were updated!" errors in workspaces #6950
  • Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits
  • 10e20a4 Merge pull request #7631 from dependabot/bump-to-v0.224.0
  • 063b19d v0.224.0
  • c5aef3b Merge pull request #7596 from dependabot/dependabot/bundler/updater/licensed-...
  • ba92624 Bump licensed from 4.3.1 to 4.4.0 in /updater
  • ef7e872 Merge pull request #7649 from ggawryal/5864-fix-rust-cargo-workspace-dep-disc...
  • b7603a1 Merge branch 'main' into 5864-fix-rust-cargo-workspace-dep-discovery
  • 8c3b7e2 Implement security update support for Swift (#7638)
  • 20930c0 Adapt expectation to external release (#7650)
  • d8eead7 Merge branch 'main' into 5864-fix-rust-cargo-workspace-dep-discovery
  • 29eea58 Add test for fetching workspace dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump dependabot-omnibus from 0.209.0 to 0.224.0
b5cf787 
Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.209.0 to 0.224.0.
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](dependabot/dependabot-core@v0.209.0...v0.224.0)

---
updated-dependencies:
- dependency-name: dependabot-omnibus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner July 31, 2023 20:03
@dependabot dependabot bot added dependencies ruby Pull requests that update Ruby code labels Jul 31, 2023
@dependabot dependabot bot mentioned this pull request Jul 31, 2023
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 7, 2023

Superseded by #931.

@dependabot dependabot bot closed this Aug 7, 2023
@dependabot dependabot bot deleted the dependabot/bundler/dependabot-omnibus-0.224.0 branch August 7, 2023 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies ruby Pull requests that update Ruby code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants