1 Release published by 1 person

• v0.311.0

  published May 1, 2025

20 Pull requests merged by 5 people

• don't crash when checking for updated dependencies for SDKs

  #12213 merged May 6, 2025

• Strict type some of cargo

  #12214 merged May 6, 2025

• combine dependency tfms

  #12212 merged May 6, 2025

• Update json gem to version 2.11.3

  #12154 merged May 5, 2025

• Simplify gemspec dependency version ranges

  #12167 merged May 4, 2025

• allow forcing legacy updater for pr update jobs

  #12194 merged May 2, 2025

• report content from server error messages in exception

  #12193 merged May 2, 2025

• Use explicit uri parser when fetching abs_uri regexp

  #12170 merged May 2, 2025

• Complete strict typing composer ecosystem

  #12182 merged May 2, 2025

• surface json parse errors from nuget

  #12185 merged May 1, 2025

• add pattern for missing package

  #12184 merged May 1, 2025

• move .NET callstack to the message field

  #12186 merged May 1, 2025

• call separate endpoints for unknown errors

  #12178 merged May 1, 2025

• v0.311.0

  #12181 merged May 1, 2025

• Strict type some more composer

  #12175 merged May 1, 2025

• ensure all errors can be surfaced

  #12177 merged May 1, 2025

• escape dependency url spaces with %20 before querying

  #12173 merged Apr 30, 2025

• Upgrade uv to the latest 0.7.1

  #12129 merged Apr 30, 2025

• Upgrade from xunit to xunit.v3

  #12168 merged Apr 30, 2025

• make long title and commit messages easier to read

  #12174 merged Apr 30, 2025

11 Pull requests opened by 4 people

• ensure update request is honored by mirroring the dependency set

  #12190 opened May 1, 2025

• Bump the prod-dependencies group across 1 directory with 17 updates

  #12201 opened May 4, 2025

• Bump the dev-dependencies group across 1 directory with 6 updates

  #12203 opened May 4, 2025

• Bump the dev-dependencies group in /npm_and_yarn/helpers with 2 updates

  #12204 opened May 4, 2025

• Bump nuget/helpers/lib/NuGet.Client from `95a470a` to `1902df1`

  #12205 opened May 4, 2025

• Bump nuget/helpers/lib/dotnet-core from `218ef74` to `c95d43a`

  #12206 opened May 4, 2025

• [Part of] [Cooldown] send cooldown meta to service request

  #12210 opened May 5, 2025

• include all stack information for unknown errors

  #12215 opened May 6, 2025

• Remove YJIT experiment

  #12217 opened May 6, 2025

• ensure out-of-proc changes to CPM are recorded

  #12218 opened May 6, 2025

• report transitive packages with no assembly assets

  #12219 opened May 6, 2025

9 Issues closed by 4 people

• Support repositories hash in composer.json

  #7186 closed May 4, 2025

• Alternative to identify the `digest` of a docker image

  #7148 closed May 4, 2025

• Yarn classic private registry authentication not working as expected

  #6352 closed May 4, 2025

• Transitive public dependency of private npm package not resolved

  #5288 closed May 4, 2025

• Issue with jetty-server dependency upgrade

  #7135 closed May 3, 2025

• Dependabot opens multiple PR's for the same dependencies

  #10293 closed May 2, 2025

• Support of GitHub Issue Types

  #11370 closed May 2, 2025

• `package-lock.json` with URL with spaces results in empty PR body

  #12172 closed Apr 30, 2025

• Target uv version 0.6.15+

  #12127 closed Apr 30, 2025

18 Issues opened by 13 people

• updating a Go project with no go directive causes an exception

  #12216 opened May 6, 2025

• Property `BuildingInsideVisualStudio` is ignored for conditional dependencies

  #12211 opened May 5, 2025

• Dependencies checks not scheduled as configured in interval cron config

  #12209 opened May 5, 2025

• Dependabot updates with empty Docker SHA

  #12208 opened May 5, 2025

• Helm values.yaml docker update fails if not docker.io registry

  #12207 opened May 4, 2025

• Helm in combination with ArgoCD Application yaml

  #12202 opened May 4, 2025

• Dependencies not updated due to Python version

  #12200 opened May 3, 2025

• `PackageReferenceUpdater.GetPackageGraphForDependencies` doesn't work with OS-specific TFMs

  #12199 opened May 2, 2025

• Dependabot not creating PRs

  #12198 opened May 2, 2025

• Remove `NuGetUpdater.Core.Run.RunResult` type

  #12197 opened May 2, 2025

• uv: Looks for updates of `package[extra]`  instead of `package`

  #12196 opened May 2, 2025

• Dependency duplicated in commit message YAML

  #12192 opened May 2, 2025

• Improve PR title prefix handling

  #12191 opened May 2, 2025

• NuGet native updater lists too many changed files

  #12189 opened May 1, 2025

• NuGet native updater doesn't honor `dependency-group-to-refresh`

  #12188 opened May 1, 2025

• Not detecting updates for preview nuget package Microsoft.Graph.Beta

  #12187 opened May 1, 2025

• Use a GH App for authentication to private registries instead of PAT

  #12180 opened Apr 30, 2025

• Dependabot updates package to a higher version than it states in the commit/PR

  #12179 opened Apr 30, 2025

48 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Remove the final remaining hardcoded `master` reference

  #7131 commented on May 1, 2025 • 1 new comment

• Upgrade Ruby to 3.4.2

  #11681 commented on May 6, 2025 • 1 new comment

• Require users to explicitly specify which python package manager they want to use

  #7188 commented on May 7, 2025 • 0 new comments

• Setup vNET environment, test dependabot updates on it

  #12171 commented on May 7, 2025 • 0 new comments

• dependabot fails to update pnpm-lock.yaml

  #8186 commented on May 7, 2025 • 0 new comments

• Path-based dependencies fail if they point to a file

  #8884 commented on May 7, 2025 • 0 new comments

• All attempts to connect to pypi.org failed. With python 3.13

  #12066 commented on May 7, 2025 • 0 new comments

• Use `dependabot/pnpm` prefix in branch names for PNPM updates

  #7222 commented on May 5, 2025 • 0 new comments

• Refresh PyPI response mocks

  #7682 commented on May 1, 2025 • 0 new comments

• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 2 updates

  #10361 commented on May 4, 2025 • 0 new comments

• Bump the common group across 1 directory with 2 updates

  #11639 commented on May 4, 2025 • 0 new comments

• Bump composer/composer from 2.7.7 to 2.8.6 in /composer/helpers/v2 in the prod-dependencies group across 1 directory

  #11708 commented on May 4, 2025 • 0 new comments

• Bump the npm-dependencies group across 1 directory with 3 updates

  #11769 commented on May 4, 2025 • 0 new comments

• Bump the dev-dependencies group across 1 directory with 2 updates

  #11771 commented on May 5, 2025 • 0 new comments

• Bump pip from 24.0 to 25.0.1 in /python/helpers in the pip group

  #11830 commented on May 4, 2025 • 0 new comments

• Bump Microsoft.NET.Test.Sdk from 17.12.0 to 17.13.0 in /nuget/helpers/lib/NuGetUpdater

  #11878 commented on Apr 30, 2025 • 0 new comments

• Bump Microsoft.CodeAnalysis.CSharp from 4.12.0 to 4.13.0 in /nuget/helpers/lib/NuGetUpdater

  #11879 commented on Apr 30, 2025 • 0 new comments

• Bump Microsoft.VisualStudio.Setup.Configuration.Interop from 3.12.2149 to 3.13.2069 in /nuget/helpers/lib/NuGetUpdater

  #11880 commented on Apr 30, 2025 • 0 new comments

• Bump poetry from 2.1.1 to 2.1.2 in /python/helpers in the poetry group

  #11931 commented on May 4, 2025 • 0 new comments

• Bump Microsoft.Extensions.FileProviders.Abstractions from 9.0.0 to 9.0.4 in /nuget/helpers/lib/NuGetUpdater

  #12044 commented on Apr 30, 2025 • 0 new comments

• Bump System.Security.Cryptography.Pkcs from 9.0.0 to 9.0.4 in /nuget/helpers/lib/NuGetUpdater

  #12045 commented on Apr 30, 2025 • 0 new comments

• Bump nokogiri from 1.16.5 to 1.18.8 in /updater

  #12108 commented on May 5, 2025 • 0 new comments

• Bump pipenv from 2024.4.1 to 2025.0.1 in /python/helpers in the pipenv group

  #12151 commented on May 4, 2025 • 0 new comments

• Bump the all-actions group across 1 directory with 8 updates

  #12152 commented on May 5, 2025 • 0 new comments

• Gradle - Stack level too deep (SystemStackError)

  #10125 commented on Apr 30, 2025 • 0 new comments

• Server responded with code 400, message: 'title' is too long (maximum is 255 characters) on MR creation

  #12157 commented on Apr 30, 2025 • 0 new comments

• Dependabot runs for 54 minutes before timing out

  #12082 commented on Apr 30, 2025 • 0 new comments

• Development shell does not work with rootless Docker

  #10585 commented on May 1, 2025 • 0 new comments

• Ability to skip parsing a statement, particularly an eval_gemfile

  #2098 commented on May 1, 2025 • 0 new comments

• Dependabot failure if `gemspec` file contains `instance_eval`

  #4174 commented on May 1, 2025 • 0 new comments

• Version number of all NuGet Dependency is 0

  #11138 commented on May 1, 2025 • 0 new comments

• Remove / fix remaining hardcoded branch reference to `"master"`

  #6202 commented on May 1, 2025 • 0 new comments

• Add support for PEP 621 in Poetry version 2 projects

  #11237 commented on May 2, 2025 • 0 new comments

• Timeout running job when updating NuGet packages after updater logic was re-written in C#

  #9375 commented on May 2, 2025 • 0 new comments

• Parse_Helm ERROR: Passed `nil` into T.must

  #11216 commented on May 2, 2025 • 0 new comments

• PEP 751 pylock.toml support

  #12094 commented on May 2, 2025 • 0 new comments

• Support PNPM v10

  #11246 commented on May 2, 2025 • 0 new comments

• Dependabot not ignoring major changes

  #12112 commented on May 3, 2025 • 0 new comments

• Does dependabot scan kubernetes manifest file and helm charts to detect deprecated api-versions?

  #7221 commented on May 4, 2025 • 0 new comments

• Incorrect ruby version being selected by dependabot

  #12114 commented on May 4, 2025 • 0 new comments

• Dependabot fails with nuget using multiple Directory.Packages.props files

  #12149 commented on May 4, 2025 • 0 new comments

• [PNPM] Branch name contains yarn

  #7220 commented on May 5, 2025 • 0 new comments

• Allow regex or glob in versions to ignore

  #7885 commented on May 5, 2025 • 0 new comments

• Dependabot does not update `Django` to version `5.2` with `uv`

  #12140 commented on May 6, 2025 • 0 new comments

• Version mentioned in uv upgrade message doesn't match the actual change in the lockfile

  #12012 commented on May 6, 2025 • 0 new comments

• Support for updating Poetry pyproject.toml, not just poetry.lock?

  #8603 commented on May 6, 2025 • 0 new comments

• Configuration of a minimum package age required before a PR is created

  #3651 commented on May 6, 2025 • 0 new comments

• Dependabot doesn't update dependency in `pyproject.toml` if it already satisfies the requirement

  #9105 commented on May 6, 2025 • 0 new comments