Latest changes from dependabot-core main #439
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fix: Parse multiple requirements from a poetry dependency
chore: run builds on a regular basis to detect anomolies
…patible-versions Python: Raise resolvability error with explanation when update is not possible
handle terraform module versions with a 'v' prefix
Python: Upgrade pyenv to 2.0.6
…equires-dev-shell bin/dry-run.rb requires a development container to run
Paths in packages could be constructed to perform command, when not properly escaped those could be executed. ``` (byebug) `file -b --mime-encoding t&&[email protected]&&.go` % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to 0.0.0.0 port 80: Connection refused "cannot open `t' (No such file or directory)\n" ``` ``` (byebug) `#{Dependabot::SharedHelpers.escape_command("file -b --mime-encoding t&&[email protected]&&.go")}` "cannot open `t&&[email protected]&&.go' (No such file or directory)\n" ```
…r-updater-cmd Escape paths passed to VendorUpdater
Improved support `apply from` in gradle files
Bumps [github.com/dependabot/gomodules-extracted](https://github.com/dependabot/gomodules-extracted) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/dependabot/gomodules-extracted/releases) - [Commits](dependabot/gomodules-extracted@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/dependabot/gomodules-extracted dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bump golang from 1.17 to 1.17.1
…les/go_modules/helpers/github.com/dependabot/gomodules-extracted-1.4.2 build(deps): bump github.com/dependabot/gomodules-extracted from 1.4.1 to 1.4.2 in /go_modules/helpers
Bitbucket doesn't yet supports PR labels. dependabot throught this issue whenever I try to use it with bitbucket labeler.rb:241:in `labels': Unsupported provider bitbucket (RuntimeError)
Fix minor typos in changelog
Treat tokens after underscore as numeric if possible
…tras Python: Honour `--strip-extras` flag of `pip-compile`
Use redirect.github.com for redirect service
…els-creation [Azure] Check & Raise TagsCreationForbidden Exception
python: Upgrade to pip 21.3.1
…-versions Use `go list -m -versions` to determine available versions of a go module
This isn't strictly necessary, but since the rest of the infra bumped to 1.17, might as well bump it here too. Esp since the `go.mod` behavior changed a bit in `1.17`... so if more libs get added ever, this makes it so `go.mod`/`go.sum` will follow the new behavior...
Bump minimum to 1.17
Bumps [pipenv](https://github.com/pypa/pipenv) from 2021.11.15 to 2021.11.23. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2021.11.15...v2021.11.23) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
milind009
approved these changes
Nov 24, 2021
…hon/helpers/pipenv-2021.11.23 build(deps): bump pipenv from 2021.11.15 to 2021.11.23 in /python/helpers
…_yarn/npm_and_yarn/helpers/eslint-8.3.0 build(deps-dev): bump eslint from 8.0.0 to 8.3.0 in /npm_and_yarn/helpers
…r/composer/helpers/v1/phpstan/phpstan-1.2.0 build(deps-dev): bump phpstan/phpstan from 0.12.99 to 1.2.0 in /composer/helpers/v1
…r/composer/helpers/v2/phpstan/phpstan-1.2.0 build(deps-dev): bump phpstan/phpstan from 0.12.93 to 1.2.0 in /composer/helpers/v2
These helpers exist to support npm 6, so we require that specific major version and should not update it.
…ib-major-updates Dependabot config: ignore npm lib major version updates
AlekhyaYalla
force-pushed
the
test_failures
branch
from
d92e166 to
f6b86cc
Compare
milind009
approved these changes
Nov 26, 2021
GiriB
approved these changes
Nov 29, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The latest changes from the dependabot-core contains the fixes for