Bump the dependabot-core-images group in /docker with 16 updates

[dependabot]

Bumps the dependabot-core-images group in /docker with 16 updates:

Package	Update
dependabot/dependabot-updater-bundler	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-cargo	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-composer	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-docker	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-elm	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-github-actions	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-gitsubmodule	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-gomod	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-gradle	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-maven	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-mix	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-npm	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-nuget	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-pip	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-pub	v2.0.20230727180116 to v2.0.20230728193739
dependabot/dependabot-updater-terraform	v2.0.20230727180116 to v2.0.20230728193739

Updates dependabot/dependabot-updater-bundler from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-bundler's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-cargo from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-cargo's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-composer from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-composer's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-docker from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-docker's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-elm from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-elm's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-github-actions from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-github-actions's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-gitsubmodule from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-gitsubmodule's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-gomod from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-gomod's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-gradle from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-gradle's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-maven from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-maven's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• See full diff in compare view

Updates dependabot/dependabot-updater-mix from v2.0.20230727180116 to v2.0.20230728193739

Changelog

Sourced from dependabot/dependabot-updater-mix's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump ruboco...

  Description has been truncated

[jurre]

@dependabot rebase

[dependabot]

Superseded by #1009.