Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump dependabot-omnibus from 0.275.0 to 0.276.0 in /updater #1349

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 23, 2024

Bumps dependabot-omnibus from 0.275.0 to 0.276.0.

Commits
  • ed7cfd6 v0.276.0 (#10633)
  • 90257e9 Revert smoke test branch back to main (#10630)
  • 60cfd98 Use new implementation of Maven version standard (#10558)
  • 93e1827 Raise Error for Unsupported Bundler Version (#10601)
  • 95f169b Change default to Bundler v2 when unsupported feature flag is on and Gemfile....
  • 989987b Fixes issues with Dependabot::SharedHelpers::HelperSubprocessFailed - Python ...
  • a602925 registry error error handler correction (#10618)
  • 99fc141 Fixes issues with TypeError:Passed nil into T.must (#10603)
  • 902c1da Revert "Support retrieving workspace of path dependencies in cargo (#10550)" ...
  • 0b8032a Exception handling for npm and yarn errors (#10595)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.275.0 to 0.276.0.
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](dependabot/dependabot-core@v0.275.0...v0.276.0)

---
updated-dependencies:
- dependency-name: dependabot-omnibus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code labels Sep 23, 2024
@mburumaxwell mburumaxwell merged commit cc62c4b into main Sep 23, 2024
20 checks passed
@mburumaxwell mburumaxwell deleted the dependabot/bundler/updater/dependabot-omnibus-0.276.0 branch September 23, 2024 05:43
kzhuklinets added a commit to kirillcoso/dependabot-azure-devops that referenced this pull request Oct 4, 2024
* Update the server version/component to support directories and groups (tinglesoftware#1294)

* Update .gitignore

* Formatting fixes

* Update dependabot.yml

* Add prettier formatting (tinglesoftware#1304)

This will mostly format files in the extension but can format some other non-js/ts files that it supports like json, yaml, etc.

At the root `package.json` and `package-lock.json` files are added but a workspace is not used because we do not need it and it is preferred for the extension to be independent to ensure it is self-contained during deployment. This may change if we can use `tsup` to package it.

* Update packages to be included in the microsoft group

* Bump @types/node in /extension in the js-ts-types group (tinglesoftware#1296)

* Bump ts-jest from 29.2.4 to 29.2.5 in /extension in the jest group (tinglesoftware#1295)

* Bump axios from 1.7.4 to 1.7.5 in /extension (tinglesoftware#1298)

* Bump vcr from 6.2.0 to 6.3.1 in /updater (tinglesoftware#1302)

* Bump Azure.Monitor.Query from 1.4.0 to 1.5.0 in the azure group (tinglesoftware#1299)

* Add missing EFCore migration for directories and groups support (tinglesoftware#1305)

I added support for directories and groups in tinglesoftware#1294 but forgot to add the database migration. Possibly because I do not have unit tests against the actual database.

* Bump Microsoft.NET.Test.Sdk from 17.10.0 to 17.11.0 (tinglesoftware#1306)

* Bump dotnet-ef from 8.0.7 to 8.0.8 (tinglesoftware#1303)

Bumps [dotnet-ef](https://github.com/dotnet/efcore) from 8.0.7 to 8.0.8.
- [Release notes](https://github.com/dotnet/efcore/releases)
- [Commits](dotnet/efcore@v8.0.7...v8.0.8)

---
updated-dependencies:
- dependency-name: dotnet-ef
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump azure-pipelines-task-lib from 4.16.0 to 4.17.0 in /extension (tinglesoftware#1308)

Bumps [azure-pipelines-task-lib](https://github.com/Microsoft/azure-pipelines-task-lib) from 4.16.0 to 4.17.0.
- [Commits](https://github.com/Microsoft/azure-pipelines-task-lib/commits)

---
updated-dependencies:
- dependency-name: azure-pipelines-task-lib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Test that token replacement works when padded with spaces

* Update docs and README.md

* Add swift to `ECOSYSTEM_LOOKUP` for vulnerabilities (tinglesoftware#1309)

* Improvement to credentials handling (tinglesoftware#1310)

- Handle setting `index-url` instead of `url` for `python_index` registries in the server version/component.
- Handle setting both `host` and `url` for `composer_repository` registries.
- Better logic around building extra credentials.

> This is likely the last modification before we try to move to the proxy used by `dependabot-cli`.

* Merge `mv:prod` script into `build:prod`

* Formatting fixes

* Exclude .idea folders from prettier

* Regenerate Gemfile.lock which should vulnerability in Rexml

* Register span processor for sentry to fix OTel export (tinglesoftware#1311)

This should fix the OpenTelemetry export issue.
It may be reverted in the future when `dependabot-core/updater` makes other changes.

See https://docs.sentry.io/platforms/ruby/tracing/instrumentation/opentelemetry/

* Update updater.yml

* Update extension task node version from v16 to v20.1 (tinglesoftware#1313)

* Update task node version from 16 to 20.1

* Bump minimum agent version

* Fix vNext AZURE_VIRTUAL_DIRECTORY is not working bug (tinglesoftware#1316)

* Bump @types/node (tinglesoftware#1322)

* Bump YamlDotNet from 16.0.0 to 16.1.0 (tinglesoftware#1325)

* Bump Microsoft.Data.SqlClient from 5.2.1 to 5.2.2 (tinglesoftware#1324)

* Bump axios from 1.7.5 to 1.7.7 in /extension (tinglesoftware#1323)

* Bump opentelemetry-exporter-otlp in /updater in the opentelemetry group (tinglesoftware#1319)

* Restructure extension to better support multiple task versions (tinglesoftware#1326)

* Restructure extension task to better support multiple version

* Fix typos

* Fix build

* Fix build

* Bump @types/node (tinglesoftware#1327)

Bumps the js-ts-types group with 1 update in the /extension directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 22.5.2 to 22.5.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: js-ts-types
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump Microsoft.NET.Test.Sdk from 17.11.0 to 17.11.1 (tinglesoftware#1329)

Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.11.0 to 17.11.1.
- [Release notes](https://github.com/microsoft/vstest/releases)
- [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md)
- [Commits](microsoft/vstest@v17.11.0...v17.11.1)

---
updated-dependencies:
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump @types/node (tinglesoftware#1332)

Bumps the js-ts-types group with 1 update in the /extension directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 22.5.3 to 22.5.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: js-ts-types
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump dependabot-omnibus from 0.268.0 to 0.274.0 in /updater (tinglesoftware#1331)

Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.268.0 to 0.274.0.
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](dependabot/dependabot-core@v0.268.0...v0.274.0)

---
updated-dependencies:
- dependency-name: dependabot-omnibus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Format fix

* Install ice and jq inside the @azure/cli task

* Bump typescript from 5.5.4 to 5.6.2 in /extension (tinglesoftware#1337)

* Bump azure-pipelines-task-lib from 4.17.0 to 4.17.2 in /extension (tinglesoftware#1338)

* Bump dependabot-omnibus from 0.274.0 to 0.275.0 in /updater (tinglesoftware#1339)

Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.274.0 to 0.275.0.
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](dependabot/dependabot-core@v0.274.0...v0.275.0)

---
updated-dependencies:
- dependency-name: dependabot-omnibus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump YamlDotNet from 16.1.0 to 16.1.2 (tinglesoftware#1340)

Bumps [YamlDotNet](https://github.com/aaubry/YamlDotNet) from 16.1.0 to 16.1.2.
- [Release notes](https://github.com/aaubry/YamlDotNet/releases)
- [Commits](aaubry/YamlDotNet@v16.1.0...v16.1.2)

---
updated-dependencies:
- dependency-name: YamlDotNet
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump @types/jest in /extension in the jest group across 1 directory (tinglesoftware#1341)

Bumps the jest group with 1 update in the /extension directory: [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest).


Updates `@types/jest` from 29.5.12 to 29.5.13
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: jest
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump @types/node (tinglesoftware#1342)

Bumps the js-ts-types group with 1 update in the /extension directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@types/node` from 22.5.4 to 22.5.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: js-ts-types
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Sync updater files to version 0.275.0 (tinglesoftware#1343)

* Bump Azure.ResourceManager.AppContainers in the azure group (tinglesoftware#1336)

Bumps the azure group with 1 update: [Azure.ResourceManager.AppContainers](https://github.com/Azure/azure-sdk-for-net).


Updates `Azure.ResourceManager.AppContainers` from 1.2.0 to 1.3.0
- [Release notes](https://github.com/Azure/azure-sdk-for-net/releases)
- [Commits](Azure/azure-sdk-for-net@Azure.ResourceManager.AppContainers_1.2.0...Azure.ResourceManager.AppContainers_1.3.0)

---
updated-dependencies:
- dependency-name: Azure.ResourceManager.AppContainers
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: azure
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove workaround for reading ContainerApp Job execution (tinglesoftware#1344)

The library has since been updated; we no longer need a workaround.

See also, Azure/azure-sdk-for-net#38385

* Add Task V2; Use Dependabot-CLI to perform updates (tinglesoftware#1318)

* Split extension task in to V1 and V2

* Basic support for running update using dependabot-cli

* Add missing update job configs

* Move update output processing to dedicated class; Add DevOps API client

* Codespell skip package-lock.json

* Clean-up

* Implement create pull request

* Implement groups, auto-complete, auto-approve, pull request properties, and updating existing pull requests

* Clean up

* Set task V1 as deprecated, task V2 as preview

* Restructure extension task to better support multiple version

* Fix typos

* Fix build

* Fix build

* Fix merge issues

* Remove unused task inputs

* Fix for 'convertPlaceholder' not accepted built-in DevOps variable names containing '.'

* Implement closing pull requests

* Implement updating pull requests

* Use default branch name if target branch not configured

* Implement approving pull requests

* Add task inputs for pr commit author email and name

* Implement open pull request limit config

* Cleanup temporary files after task completion

* Add configuration placeholders for dependabot component images

* Implement more config options

* Implement dependency list snapshots, which are stored in the DevOps project properties

* Add task input option for storing dependency list

* Implement experiments

* Implement requirements-update-strategy and lockfile-only configs

* Fix typo

* Implement PR reviewers, work item references, and labels

* Add start commands for each task version, use V2 by default

* Update V1 task.json version numbers when publishing the extension

* Update documentation

* Update documentation

* Update documentation

* Update documentation

* Typo

* Update documentation

* Fix reference to undefined `this.cachedUserIds`

* Use case insensitive comparision when parsing "System.Debug" variable

* Fix dependabot tool path detection in agents where `$PATH` does not contain `$GOPATH/bin`

* Add more logging

* Fix for task reporting success when pull request creation failed

* Add more logging; Fix formatting

* Fix 'labels' config parsing

* Implement "targetUpdateIds" task input option

* Fix error when using multiple update blocks in dependabot.yml with the same package manager

* Only install dependabot once; cache the tool path once known

* Add migration warning to complete V1 pull requests before migrating to V2

* Process updates synchronously when using multiple update blocks in dependabot.yml

* Fix typos

* Report the total number of failed update jobs in the task result

* Include stack trace when errors are logged, to help with diagnosing issues

* Fix inverted logic for "abandonUnwantedPullRequests"

* Fix error handling

* Check formatting (prettier) in the extension workflow (tinglesoftware#1345)

* Fix version for `azure-devops-node-api`

* Set `$schema` on vss-extension.json

* Reduce nesting of tasks by one level (tinglesoftware#1346)

This is likely to help with discovery which only checks upto 1 level

https://learn.microsoft.com/en-us/azure/devops/extend/develop/integrate-build-task?toc=%2Fazure%2Fdevops%2Fmarketplace-extensibility%2Ftoc.json&view=azure-devops#multiple-versions-layout

* Change identifier for v2 task

* Revert "Change identifier for v2 task"

This reverts commit c5d84ce.

* Change name for v2 task

* Bump prettier-plugin-organize-imports from 4.0.0 to 4.1.0 (tinglesoftware#1352)

* Bump xunit from 2.9.0 to 2.9.1 in the xunit group (tinglesoftware#1351)

* Bump the tingle group with 3 updates (tinglesoftware#1350)

* Add contributing guide; update developer guides (tinglesoftware#1347)

* Add contributing guide

* Waffling

* Update toc

* Fix broken link

* Bump dependabot-omnibus from 0.275.0 to 0.276.0 in /updater (tinglesoftware#1349)

Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.275.0 to 0.276.0.
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](dependabot/dependabot-core@v0.275.0...v0.276.0)

---
updated-dependencies:
- dependency-name: dependabot-omnibus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Revert "Change name for v2 task"

This reverts commit 1e24c54.

* Set `argumentFormat`

* Do not override major version numbers in task.json files

* Fix undefined iteration

* Fix "cannot read property of undefined" error; Fix GitHub image pull rate-limiting (tinglesoftware#1353)

* Fix reading undefined reference when there is no dependency list stored for the project yet (i.e. a first-time run)

* Forward GitHub access token to dependabot-cli to avoid rate-limiting when pulling Docker images; Set Dependabot job id to aid with debugging

* Fix formatting

* Fix another "cannot read property of undefined" error (tinglesoftware#1354)

* Fix reading undefined reference when there are no existing pull requests to update yet

* Improved logging to ensure error stack traces are always dumped; helps with debugging

* Regenerate updater/Gemfile.lock, should fix some security concerns

* Sync updater files to version 0.276.0

* Attempt to fix brain fart from https://github.com/rhyskoedijk

See tinglesoftware#1354 (comment)

* Set `IncludeSourceRevisionInInformationalVersion=false` to allow GitVersion to work

See https://learn.microsoft.com/en-us/dotnet/core/compatibility/sdk/8.0/source-link

* Update known experiments list (tinglesoftware#1361)

* Fix "cannot read properties of null" (tinglesoftware#1359)

* Fix "undefined is not iterable" (tinglesoftware#1358)

* Fix GitHub rate limiting when generating pull request descriptions (tinglesoftware#1362)

* Set github registry credentials to avoid rate-limiting when generating pull request descriptions

* Set github registry credentials to avoid rate-limiting when generating pull request descriptions

* Run `go install dependabot` async so logs are streamed to task output instead of blocking until process has completed (tinglesoftware#1357)

* Log the number of pull requests that would have been updated when `skipPullRequests` is set (tinglesoftware#1360)

* Fix "cannot read properties of undefined" (reading 'filter') (tinglesoftware#1364)

* Fix "pull request cannot be activated because the source and/or the target branch no longer exists" error (tinglesoftware#1366)

* Strip reference prefix from the default branch name, the caller doesn't need to know this

* Use regex, match start of string, ignore case

* Upload flame graph report to pipeline timeline when `System.Debug` is `true` (tinglesoftware#1363)

* Attach flamegraph report to pipeline timeline when `System.Debug` is `true`

* Add documentation

* Fix formatting

* Bump xunit from 2.9.1 to 2.9.2 in the xunit group (tinglesoftware#1369)

* Bump Azure.Identity from 1.12.0 to 1.12.1 in the azure group (tinglesoftware#1368)

* Bump the sentry group in /updater with 2 updates (tinglesoftware#1373)

* Bump @types/node (tinglesoftware#1371)

* Bump YamlDotNet from 16.1.2 to 16.1.3 (tinglesoftware#1370)

* Bump azure-devops-node-api from 14.0.2 to 14.1.0 in /extension (tinglesoftware#1372)

* Bump dependabot-omnibus from 0.276.0 to 0.278.0 in /updater (tinglesoftware#1374)

Bumps [dependabot-omnibus](https://github.com/dependabot/dependabot-core) from 0.276.0 to 0.278.0.
- [Release notes](https://github.com/dependabot/dependabot-core/releases)
- [Changelog](https://github.com/dependabot/dependabot-core/blob/main/CHANGELOG_ARCHIVE_2019_TO_SWITCH_TO_GITHUB_RELEASES.md)
- [Commits](dependabot/dependabot-core@v0.276.0...v0.278.0)

---
updated-dependencies:
- dependency-name: dependabot-omnibus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix merge strategy parsing and default value (tinglesoftware#1376)

* Fix "unknown package manager" error (tinglesoftware#1377)

* Add support for the "pull-request-branch-name.separator" config option (tinglesoftware#1378)

* Add support for "pull-request-branch-name.separator" config

* Update migration documentation

* Apply suggestions from code review

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Maxwell Weru <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Rhys Koedijk <[email protected]>
Co-authored-by: Yurii Yakymenko <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file ruby Pull requests that update Ruby code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant