Skip to content

Bump dependabot-omnibus from 0.115.0 to 0.124.2

NipaNipa requested to merge dependabot/bundler/dependabot-omnibus-0.124.2 into master

Bumps dependabot-omnibus from 0.115.0 to 0.124.2.

Changelog

Sourced from dependabot-omnibus's changelog.

v0.124.2, 26 October 2020

  • Add fixes_advisory? and affects_version? to security advisory
  • Bump jest from 26.6.0 to 26.6.1 in /npm_and_yarn/helpers
  • Bump composer/composer from 1.10.15 to 1.10.16 in /composer/helpers
  • Bump poetry from 1.1.2 to 1.1.4 in /python/helpers
  • Bump eslint from 7.11.0 to 7.12.0 in /npm_and_yarn/helpers

v0.124.1, 22 October 2020

  • Add lowest_security_fix_version method to update checkers

v0.124.0, 20 October 2020

  • Go: Promote experimental go mod tidy support to stable (i.e., always tidy if repo_contents_path is given)
  • Go: Promote experimental go mod vendor support to stable (i.e., always vendor if repo_contents_path is given and vendor/modules.txt is present)
  • Bump jest from 26.5.3 to 26.6.0 in /npm_and_yarn/helpers
  • Bump object-path from 0.11.4 to 0.11.5 in /npm_and_yarn/helpers
  • Bump composer/composer from 1.10.10 to 1.10.15 in /composer/helpers

v0.123.1, 19 October 2020

  • Go mod: Handle cannot find module during go mod tidy
  • Python: Add 3.9.0 and upgrade pyenv to v1.2.21 (@​ulgens)
  • Bundler: Ignore changed .gemspec from vendor/cache folder

v0.123.0, 13 October 2020

  • Bundler: Refactored Dependabot's use of Bundler commands to shell out instead of running in a forked process.
    • This aligns Bundler with other package managers and will enable us to support other Bundler versions in future.

v0.122.1, 13 October 2020

  • Bump phpstan/phpstan from 0.12.48 to 0.12.49 in /composer/helpers
  • Gracefully handle gomod package import that has changed
  • Treat .bundlecache files as binary
  • Check if files are binary using the file util
  • Bump jest from 26.5.2 to 26.5.3 in /npm_and_yarn/helpers
  • Bump eslint from 7.10.0 to 7.11.0 in /npm_and_yarn/helpers
  • Update tests and fixtures for new Cargo.lock format
  • Explicitly install version of rust toolchain
  • Rust toolchain has been upgraded to 1.47.0. This means PRs will now try to upgrade the lockfile to cargo's v2 format.
  • Update rubocop requirement from ~> 0.92.0 to ~> 0.93.0 in /common
  • Add a fingerprint to generated gitconfigs
  • If there isn't a backup gitconfig, remove the generated one
... (truncated)
Commits
  • 2fa2519 v0.124.2
  • 859df9b Merge pull request #2681 from dependabot/feelepxyz/fixes-advisory-affects-ver...
  • a0ebc5c Add fixes_advisory/affects_version to security adv
  • 22e4a86 Merge pull request #2674 from dependabot/dependabot/npm_and_yarn/npm_and_yarn...
  • 9f77a55 Bump jest from 26.6.0 to 26.6.1 in /npm_and_yarn/helpers
  • a854742 Merge pull request #2675 from dependabot/dependabot/npm_and_yarn/npm_and_yarn...
  • f28d73d Merge pull request #2678 from dependabot/dependabot/composer/composer/helpers...
  • 4700521 Merge pull request #2676 from dependabot/dependabot/pip/python/helpers/poetry...
  • 55c378c Bump composer/composer from 1.10.15 to 1.10.16 in /composer/helpers
  • 035c85b Bump poetry from 1.1.2 to 1.1.4 in /python/helpers
  • Additional commits viewable in compare view

Merge request reports