Skip to content

Bump dependabot-omnibus from 0.115.0 to 0.125.1

NipaNipa requested to merge dependabot/bundler/dependabot-omnibus-0.125.1 into master

Bumps dependabot-omnibus from 0.115.0 to 0.125.1.

Changelog

Sourced from dependabot-omnibus's changelog.

v0.125.1, 5 November 2020

  • Escape SharedHelpers.run_shell_command with shellwords

v0.125.0, 5 November 2020

  • Bundler: Explain why security update was not possible
  • Raise descriptive error when update is not possible
  • Go mod: Handle post-v0 module path updates

v0.124.8, 4 November 2020

  • Add missing python versions: 3.6.12 3.6.11 3.6.10, 3.5.10 and 3.5.8

v0.124.7, 3 November 2020

  • composer: assume a helper terminated by SIGKILL is OutOfMemory
  • dry-run: handle comma separated list of deps
  • Bump jest from 26.6.1 to 26.6.2 in /npm_and_yarn/helpers
  • Bump phpstan/phpstan from 0.12.49 to 0.12.53 in /composer/helpers
  • Bump npm-user-validate from 1.0.0 to 1.0.1 in /npm_and_yarn/helpers

v0.124.6, 2 November 2020

  • Go mod: handle major version mismatch
  • Cargo: handle caret version requirements

v0.124.5, 30 October 2020

  • Go mod: Bump gomodules-extracted from commit
  • Go mod: Add/fix specs for missing meta tag and packages that 404

v0.124.4, 30 October 2020

  • Ignore go files that start with underscore or dot
  • Go mod: handle missing package url meta tags
  • Ignore go files tagged with +build
  • Handle missing VCS when converting git_source path
  • Fix relative dir on mac where tmp is in /private
  • Handle missing directory in cloned repo
  • Improve relative path code in vendor updater
  • Correctly handle vendored updates in nested directory
  • Raise generic DependabotError when all else fails
  • Mark unknown revision errors as DependencyFileNotResolvable
  • Include backtrace from native bundler helpers
  • Mount native bundler helpers in dev shell
  • Bump friendsofphp/php-cs-fixer in /composer/helpers

v0.124.3, 27 October 2020

... (truncated)
Commits
  • e089116 Merge pull request #2727 from dependabot/v0.125.1-release-notes
  • dd6928a v0.125.1
  • ab4fb10 Merge pull request #2726 from dependabot/jurre/longer-lines
  • e9a7893 Merge pull request #2725 from dependabot/feelepxyz/escape-run-shell-command
  • 10d0c3d Update spec description to say we clone the branch
  • b36a5a0 Rename escape_command_str > allow_unsafe_shell_command
  • 51ac8e1 Escape SharedHelpers.run_shell_command
  • b7c25bc Adjust rubocop max line length to 120
  • 8dc6ce1 Merge pull request #2724 from dependabot/v0.125.0-release-notes
  • 89d3cb4 v0.125.0
  • Additional commits viewable in compare view

Merge request reports