Merge branch 'main' of https://github.com/tinglesoftware/dependabot-a…

…zure-devops

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "dotnet-ef": {
-      "version": "8.0.0",
+      "version": "8.0.1",
       "commands": [
         "dotnet-ef"
       ]

.github/dependabot.yml

@@ -12,15 +12,22 @@ updates:
     time: "04:00"
   open-pull-requests-limit: 10
 
+- package-ecosystem: "devcontainers" # See documentation for possible values
+  directory: "/" # Location of package manifests
+  schedule:
+    interval: "weekly"
+    time: "04:00"
+  open-pull-requests-limit: 10
+
 - package-ecosystem: "bundler" # See documentation for possible values
   directory: "/updater" # Location of package manifests
   schedule:
     interval: "weekly"
     time: "04:00"
   open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: "rubocop*"
-    update-types: ["version-update:semver-patch"]
+  groups:
+    rubocop:
+      patterns: ["*rubocop*"]
 
 - package-ecosystem: "docker" # See documentation for possible values
   directory: "/updater" # Location of package manifests
@@ -46,7 +53,7 @@ updates:
       patterns:
       - "Tingle.AspNetCore.*"
       - "Tingle.Extensions.*"
-    xuint:
+    xunit:
       patterns: ["Xunit*"]
 
 - package-ecosystem: "npm" # See documentation for possible values
@@ -55,10 +62,10 @@ updates:
     interval: "weekly"
     time: "04:00"
   open-pull-requests-limit: 10
-  ignore:
-  - dependency-name: "axios"
-    update-types: ["version-update:semver-patch"]
-  - dependency-name: "jest"
-    update-types: ["version-update:semver-patch"]
-  - dependency-name: "@types/*"
-    update-types: ["version-update:semver-patch"]
+  groups:
+    jest:
+      patterns: ["*jest*"]
+    js-yaml:
+      patterns: ["*js-yaml*"]
+    js-ts-types:
+      patterns: ["@types/*"]

.github/workflows/cleanup.yml

@@ -28,11 +28,12 @@ jobs:
         - { ecosystem: pub }
         - { ecosystem: pip }
         - { ecosystem: swift }
+        - { ecosystem: devcontainers }
         - { ecosystem: terraform }
 
     steps:
     - name: Delete old dependabot-updater-${{ matrix.suite.ecosystem }} images
-      uses: actions/delete-package-versions@v4
+      uses: actions/delete-package-versions@v5
       with:
         package-name: 'dependabot-updater-${{ matrix.suite.ecosystem }}'
         package-type: 'container'
@@ -45,7 +46,7 @@ jobs:
 
     steps:
     - name: Delete old dependabot-server images
-      uses: actions/delete-package-versions@v4
+      uses: actions/delete-package-versions@v5
       with:
         package-name: 'dependabot-server'
         package-type: 'container'

.github/workflows/dependency-review.yml

@@ -17,4 +17,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@v4

.github/workflows/extension.yml

@@ -32,13 +32,13 @@ jobs:
         fetch-depth: 0 # Required for GitVersion
 
     - name: Install GitVersion
-      uses: gittools/actions/gitversion/setup@v0
+      uses: gittools/actions/gitversion/setup@v0.10
       with:
         versionSpec: '5.x'
 
     - name: Determine Version
       id: gitversion
-      uses: gittools/actions/gitversion/execute@v0
+      uses: gittools/actions/gitversion/execute@v0.10
       with:
         useConfigFile: true
 

.github/workflows/mispell.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - uses: sobolevn/[email protected]
-    - uses: peter-evans/create-pull-request@v5
+    - uses: peter-evans/create-pull-request@v6
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: 'Fixes by misspell-fixer'

.github/workflows/server.yml

@@ -33,12 +33,12 @@ jobs:
         fetch-depth: 0 # Required for GitVersion
 
     - name: Install GitVersion
-      uses: gittools/actions/gitversion/setup@v0
+      uses: gittools/actions/gitversion/setup@v0.10
       with:
         versionSpec: '5.x'
 
     - name: Determine Version
-      uses: gittools/actions/gitversion/execute@v0
+      uses: gittools/actions/gitversion/execute@v0.10
       with:
         useConfigFile: true
 

.github/workflows/updater.yml

@@ -40,6 +40,7 @@ jobs:
         - { ecosystem: pub }
         - { ecosystem: pip }
         - { ecosystem: swift }
+        - { ecosystem: devcontainers }
         - { ecosystem: terraform }
 
     env:
@@ -55,12 +56,12 @@ jobs:
         fetch-depth: 0 # Required for GitVersion
 
     - name: Install GitVersion
-      uses: gittools/actions/gitversion/setup@v0
+      uses: gittools/actions/gitversion/setup@v0.10
       with:
         versionSpec: '5.x'
 
     - name: Determine Version
-      uses: gittools/actions/gitversion/execute@v0
+      uses: gittools/actions/gitversion/execute@v0.10
       with:
         useConfigFile: true
 

.vscode/settings.json

@@ -1,6 +1,7 @@
 {
     "cSpell.words": [
         "azuredevops",
+        "devcontainers",
         "fabrikam",
         "Kubernetes"
     ]

README.md

@@ -17,7 +17,7 @@ In this repository you'll find:
 
 ## Using a configuration file
 
-Similar to the GitHub native version where you add a `.github/dependabot.yml` file, this repository adds support for the same official [configuration options](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) via a file located at `.github/dependabot.yml`. This support is only available in the Azure DevOps extension and the [managed version](https://managd.dev). However, the extension does not currently support automatically picking up the file, a pipeline is still required. See [docs](./extension/README.md#usage).
+Similar to the GitHub native version where you add a `.azuredevops/dependabot.yml` or `.github/dependabot.yml` file, this repository adds support for the same official [configuration options](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) via a file located at `.azuredevops/dependabot.yml` or `.github/dependabot.yml`. This support is only available in the Azure DevOps extension and the [managed version](https://managd.dev). However, the extension does not currently support automatically picking up the file, a pipeline is still required. See [docs](./extension/README.md#usage).
 
 We are well aware that ignore conditions are not explicitly passed and passed on from the extension/server to the container. It is intentional. The ruby script in the docker container does it automatically. If you are having issues, search for related issues such as https://github.com/tinglesoftware/dependabot-azure-devops/pull/582 before creating a new issue. You can also test against various reproductions such as https://dev.azure.com/tingle/dependabot/_git/repro-582
 

docs/server.md

@@ -81,11 +81,11 @@ The script becomes:
 ```bash
 az deployment group create --resource-group DEPENDABOT \
                            --template-file main.bicep \
-                           --parameters dependabot.parameters.json \
+                           --parameters main.parameters.json \
                            --confirm-with-what-if
 ```
 
-The parameters file (`dependabot.parameters.json`):
+The parameters file (`main.parameters.json`):
 
 ```json
 {

extension/README.md

@@ -4,7 +4,7 @@ This is the unofficial [dependabot](https://github.com/Dependabot/dependabot-cor
 
 ## Usage
 
-Add a configuration file stored at `.github/dependabot.yml` or  `.github/dependabot.yaml` conforming to the [official spec](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates).
+Add a configuration file stored at `.azuredevops/dependabot.yml` or `.github/dependabot.yml` conforming to the [official spec](https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates).
 
 To use in a YAML pipeline: