v0.331.0

What's Changed

• Do not run the gems-bump-version workflow from forks by @yeikel in #12935
• More descriptive error message for tag <tag> does not exist by @Nishnha in #12984
• Clarify error message by @jeffwidman in #12985
• Add support for vcpkg dependency constraints by @JamieMagee in #12872
• Add ecosystem metadata metrics support to Conda FileParser by @Copilot in #12978
• removing timestamp which makes it harder to smoke test by @jakecoffman in #13004
• Match release stability for dated Rust toolchain releases by @JamieMagee in #12986
• Update exclude-paths feature implementation approach by @AbhishekBhaskar in #12966
• always restore packages.config before attempting update by @brettfo in #13010
• v0.331.0 by @dependabot-core-action-automation[bot] in #13015

Full Changelog: v0.330.0...v0.331.0

v0.330.0

What's Changed

• add missing test case by @brettfo in #12776
• add end-to-end test for updating json files by @brettfo in #12963
• Fix git rewrite rules: configure SSH-to-HTTPS rewriting when credentials handled by proxy by @kbukum1 in #12971
• Bump brace-expansion in /bun/helpers by @dependabot[bot] in #12964
• Bump regclient to 0.9.1 by @yeikel in #12937
• Read maven-dependency-plugin version dynamically+ enable dependabot for maven helpers by @yeikel in #12717
• Fix KeyError in git credential configuration when host is missing by @kbukum1 in #12973
• Add early branch validation with helpful error messages for target-branch configurations by @Copilot in #12924
• Add GroupDependencySelector integration to CreateGroupUpdatePullRequest by @robaiken in #12968
• Adding GroupDependencySelector filter to refresh group pull request by @robaiken in #12969
• Add support for goproxy_server and go.env files by @jurre in #12747
• Consider the title of the issue while labeling by @yeikel in #12954
• Do not run the stalebot from forks by @yeikel in #12936
• Fix multi-directory processing to skip directories without required files by @Copilot in #12922
• v0.329.0 by @dependabot-core-action-automation[bot] in #12980
• v0.330.0 by @dependabot-core-action-automation[bot] in #12983

Full Changelog: v0.328.0...v0.330.0

v0.328.0

What's Changed

• Enable GitHub Copilot coding agent with instructions and environment setup by @markhallen in #12949
• Removes feature flag from cooldown metadata collection by @sachin-sandhu in #12955
• [Experiment] First pass of npm support for the dependency submission workflow by @brrygrdn in #12893
• Fix issues with multi-version dependency changes when refreshing security update PRs by @jasonpaulos in #12897
• Include old version number whenever possible by @brettfo in #12962
• Add type safety in UV ecosystem FileFetcher by @Copilot in #12952
• Updating registry finder priority by @thavaahariharangit in #12958
• Reset smoke test branch by @brettfo in #12967
• Add GroupDependencySelector from per-directory merge logic by @markhallen in #12911
• v0.328.0 by @dependabot-core-action-automation[bot] in #12965

New Contributors

• @Copilot made their first contribution in #12952

Full Changelog: v0.327.0...v0.328.0

v0.327.0

What's Changed

• Attach dependencies to the DependencyFile in go_modules's FileParser by @phillmv in #12837
• Fix bun metadata issues by @fcheung in #12834
• Fix version resolution discrepancies in npm vulnerability remediation by @jasonpaulos in #12821
• Bump the all-actions group across 1 directory with 5 updates by @dependabot[bot] in #12838
• filter out non-version tags in Helm update checker by @abn in #12612
• Automate maintenance of uv versions by @yeikel in #12813
• Bump github/codeql-action from 3.29.9 to 3.29.10 in the all-actions group by @dependabot[bot] in #12866
• Bump golang.org/x/mod from 0.26.0 to 0.27.0 in /go_modules/helpers by @dependabot[bot] in #12808
• Fetch exclude-paths from job definition by @AbhishekBhaskar in #12852
• bump to Go 1.25 by @jakecoffman in #12844
• prevent mislabeling Go issues by @jakecoffman in #12876
• Add dotnet-sdk, vcpkg, and rust-toolchain to issue labeler by @JamieMagee in #12886
• Fixed issue related to calculate cooldown period by providing semver major version as highest priority. by @randhircs in #12869
• Update vcpkg label color by @JamieMagee in #12884
• NPM error found on release PR is fixed here by @thavaahariharangit in #12907
• Adding registry env variable to corepack command. by @thavaahariharangit in #12865
• v0.327.0 by @dependabot-core-action-automation[bot] in #12900

New Contributors

• @fcheung made their first contribution in #12834
• @abn made their first contribution in #12612

Full Changelog: v0.326.1...v0.327.0

v0.326.1

What's Changed

• feat: support table notation for Rust workspace dependencies by @rvagg in #12780
• [Experiment] Introduce DependencyFile#priority to control graph generation by @brrygrdn in #12816
• Terraform Cooldown related Code Cleanup and added Flag to Restrict Cooldown Scan if not requested. by @randhircs in #12846
• Re-add labeler registration for NuGet in dependabot by @jonabc in #12848
• v0.326.1 by @dependabot-core-action-automation[bot] in #12849

New Contributors

• @rvagg made their first contribution in #12780

Full Changelog: v0.326.0...v0.326.1

v0.326.0

What's Changed

• Adding Rakefile to omnibus section by @robaiken in #12802
• Add support for relationship attribute in DependencySubmission payload by @phillmv in #12768
• Check credentials for configured registry before falling back to public npm registry by @thavaahariharangit in #12798
• Bump npm version from 10.5.0 to 10.9.3 latest by @thavaahariharangit in #12805
• Bump pnpm version from 10.11 to 10.14 by @thavaahariharangit in #12825
• Bump uv from 0.8.4 to 0.8.6 in /uv/helpers by @dependabot[bot] in #12804
• Bump composer/composer from 2.8.9 to 2.8.10 in /composer/helpers/v2 in the prod-dependencies group across 1 directory by @dependabot[bot] in #12721
• Adding sorbet typing for cargo file parser by @robaiken in #12817
• Bump library/rust from 1.88.0-bookworm to 1.89.0-bookworm in /cargo by @dependabot[bot] in #12806
• enable updates for repos that consume the Nerdbank.GitVersioning package by @brettfo in #12826
• use proper logical and operator by @brettfo in #12830
• [Experiment] Implement an UpdateGraphCommand as an entrypoint to dependency submission by @brrygrdn in #12791
• Add exclude-paths option to dependabot.yml by @dnlfm in #12532
• v0.326.0 by @dependabot-core-action-automation[bot] in #12840

New Contributors

• @dnlfm made their first contribution in #12532

Full Changelog: v0.325.1...v0.326.0

v0.325.1

What's Changed

• Add conda gemspec to the list of GEMSPECS in Rakefile by @kbukum1 in #12801
• v0.325.1 by @dependabot-core-action-automation[bot] in #12803

Full Changelog: v0.325.0...v0.325.1

v0.325.0

What's Changed

• use format-preserving xml editor by @brettfo in #12758
• Cache Bundler::FileParser#gemfile_dependencies by @phillmv in #12755
• use trivia to compute newline offset locations by @brettfo in #12760
• Fixes patch version constraint issue in engines version selector by @sachin-sandhu in #12763
• Bump jest from 29.7.0 to 30.0.5 in /npm_and_yarn/helpers by @dependabot[bot] in #12727
• Upgrade uv to the latest 0.8.4 by @phillipuniverse in #12759
• [Experiment] Transform the dependency list into a dependency submission payload by @brrygrdn in #12734
• allow custom hostname for github repos by @brettfo in #12774
• fix incorrect cast when adding child xml element by @brettfo in #12775
• Fixed sorbet type strict error. by @randhircs in #12761
• [Experiment] Fix incorrect method signature when calling the Dependency Submission via Dependabot service by @brrygrdn in #12781
• Improve error handling in docker yaml file parsing by @jpinz in #12777
• [Experiment] Log the submission payload at info level for now by @brrygrdn in #12783
• Add Conda support (for python packages) by @theztefan in #12767
• [Experiment] Correctly convert the Dependabot job's branch attribute into a full ref by @brrygrdn in #12789
• fix incorrect PR grouping by @brettfo in #12762
• Bump the all-actions group across 1 directory with 3 updates by @dependabot[bot] in #12785
• restore smoke test branch to 'main' by @brettfo in #12793
• Revert to light version of NuGet Ruby implementation by @kbukum1 in #12790
• v0.325.0 by @dependabot-core-action-automation[bot] in #12800

New Contributors

• @phillmv made their first contribution in #12755
• @theztefan made their first contribution in #12767

Full Changelog: v0.324.1...v0.325.0

v0.324.1

What's Changed

• Streamlines codespell rules in one place by @sachin-sandhu in #12754
• Track local dependencies from uv tool sources by @Sly1029 in #12589
• Fixes engine parsing issues for PNPM and YARN by @sachin-sandhu in #12750
• Removing nuget from omnibus by @thavaahariharangit in #12752
• v0.324.1 by @dependabot-core-action-automation[bot] in #12757

New Contributors

• @Sly1029 made their first contribution in #12589

Full Changelog: v0.324.0...v0.324.1

v0.324.0

What's Changed

• To Implement Cooldown feature for Helm ecosystem by @randhircs in #12520
• Bump nokogiri from 1.18.8 to 1.18.9 in /updater by @dependabot[bot] in #12680
• Target latest Python versions by @wktk in #12566
• Bump brace-expansion from 1.1.11 to 1.1.12 in /npm_and_yarn/helpers/test/yarn/fixtures/conflicting-dependency-parser/deeply-nested by @dependabot[bot] in #12441
• Bump the dev-dependencies group across 1 directory with 3 updates by @dependabot[bot] in #12527
• implement package update cooldown feature for nuget by @brettfo in #12709
• always honor global.json sdk version by @brettfo in #12692
• Fix broken bundler updates from sources other than RubyGems or other gem repositories by @Tabby in #12698
• Remove enable_cooldown_for_bundler feature flag check by @markhallen in #12664
• use dohead method to fetch blob metadata for Docker tags by @robaiken in #12712
• Enabled check to add feature flag, added specific exception and remov… by @randhircs in #12713
• honor cooldown values in group updates by @brettfo in #12716
• Bump gpgme from 2.0.23 to 2.0.25 by @JamieMagee in #12718
• Removed Feature Flag and Added check for the user if not willing to opt cooldown in scan. by @randhircs in #12739
• trim .git suffix from source url by @brettfo in #12737
• delete old updater code by @brettfo in #12714
• Adding support for dependency-groups (PEP 735) in pyproject.toml by @SMoraisAnsys in #12580
• Remove obsolete nuget volume mounts from docker-dev-shell by @kbukum1 in #12748
• Parse PEP 735 dependency groups in uv by @phillipuniverse in #12720
• Fix Sorbet Runtime Error due to Nil return value in Composer ecosystem by @AbhishekBhaskar in #12743
• Removing helm and oras login command by @robaiken in #12746
• v0.324.0 by @dependabot-core-action-automation[bot] in #12749

New Contributors

• @wktk made their first contribution in #12566
• @Tabby made their first contribution in #12698
• @SMoraisAnsys made their first contribution in #12580

Full Changelog: v0.323.0...v0.324.0