What's Changed

• remove unused code by @jakecoffman in #13292
• remove unused updated_files_regex by @jakecoffman in #13289
• Fix uv dependency not resolvable sentry error by @AbhishekBhaskar in #13294
• Fix hex ecosystem update by @thiagogsr in #13143
• promote experiment to production by @jakecoffman in #13297
• fix missing base_commit_sha in mark_as_processed during exceptional behavior by @jakecoffman in #13300
• Support npm-shrinkwrap in npm workspaces by @zhgzhg in #13217
• Add temporary workaround for sigstore gem installation by @markhallen in #13312
• fix cargo workspace breaking bumps by @arctic-alpaca in #13201
• Cargo: Ensure workspace root is fetched when processing workspace dependencies in subdirectories by @thavaahariharangit in #13272
• Bump poetry from 2.2.0 to 2.2.1 in /python/helpers in the poetry group by @dependabot[bot] in #13146
• v0.341.0 by @dependabot-core-action-automation[bot] in #13310

New Contributors

• @thiagogsr made their first contribution in #13143
• @zhgzhg made their first contribution in #13217
• @arctic-alpaca made their first contribution in #13201

Full Changelog: v0.340.1...v0.341.0

What's Changed

• changed structure of pull requests by @alhss in #13174
• specify which cargo update command fails by @a-schur in #13247
• Bump sigstore/cosign/cosign from v2.6.0 to v2.6.1 in /docker in the regclient group by @dependabot[bot] in #13234
• [Dependabot Graph] Retrieve dependency relationship information for Go projects by @brrygrdn in #13252
• remove separate file fetcher command by @jakecoffman in #13275
• Revert to gem exec rake gems:release by installing sorbet-runtime dynamically by @markhallen in #13285
• make fetch_files command noop by @brettfo in #13287
• remove unnecessary parameter by @brettfo in #13288
• v0.340.1 by @dependabot-core-action-automation[bot] in #13291

Full Changelog: v0.340.0...v0.340.1

What's Changed

• v0.340.0 by @dependabot-core-action-automation[bot] in #13263

Full Changelog: v0.339.1...v0.340.0

What's Changed

• Enhance pip upgrade command with extras support in Dependabot by @thavaahariharangit in #13243
• Bundle sigstore-cli for use in the gem release rake task in CI by @markhallen in #13262

Full Changelog: v0.339.0...v0.339.1

What's Changed

• v0.339.0 by @dependabot-core-action-automation[bot] in #13260

Full Changelog: v0.338.2...v0.339.0

What's Changed

• Fixes a Passed 'nil' into T.must error in the Cargo file fetcher when workspace paths are exactly "*" by @thavaahariharangit in #13221
• Fix Python version defaulting to 3.9 (lowest available) instead of latest when no explicit version specified by @thavaahariharangit in #13215
• Enforce a stricter interface between serializer and dependency data gathering by @brrygrdn in #13209
• Add explicit dependency for maven on rexml by @pavera in #13229
• v0.337.0 by @dependabot-core-action-automation[bot] in #13239

Full Changelog: v0.336.0...v0.337.0

What's Changed

• Skip the pattern Specificity calculator if there is no pattern set by @robaiken in #13180
• mark implicit packages as transitive by @brettfo in #13178
• add support for pnpm lockfile v9.0 mapping to pnpm v10 by @a-schur in #13088
• Bump tar-fs from 1.16.5 to 1.16.6 in /bun/helpers by @dependabot[bot] in #13182
• Updates terraform to 1.13.3 by @AurelieMerlo in #13156
• Add multi-directory support for UpdateGraphCommand by @brrygrdn in #13128
• Check previous version vulnerability after group update completion by @robaiken in #13203
• Fix npm invalid package manager specification error message by @AbhishekBhaskar in #13198
• Fix go mod invalid 8000 version error by @AbhishekBhaskar in #13200
• Attempting to fetch files for empty directories for graph jobs doesn't err by @Ahmed3lmallah in #13207
• Inject the file_parser and use its attributes, Add a prepare! hook by @brrygrdn in #13208
• v0.336.0 by @dependabot-core-action-automation[bot] in #13212

New Contributors

• @a-schur made their first contribution in #13088
• @AurelieMerlo made their first contribution in #13156
• @Ahmed3lmallah made their first contribution in #13207

Full Changelog: v0.335.0...v0.336.0

What's Changed

• Update Sorbet and RuboCop by @JamieMagee in #13106
• Simplify Rubocop configuration by @JamieMagee in #13116
• Fix Sorbet error in NpmAndYarn::MetadataFinder by @JamieMagee in #13117
• Structure Dependabot::DependencyGrapher as an ecosystem component with generic fallback by @brrygrdn in #12998
• local dryrun testing instructions by @theztefan in #13120
• Dependency Graphing: Update job.correlator to use the relevant manifest path by @brrygrdn in #13123
• Fix Sorbet error in Helm file parser for numeric versions by @JamieMagee in #13118
• fix NilClass exception due to ecosystem not being set by @jakecoffman in #13124
• add basic graph e2e test by @jakecoffman in #13125
• added hyphen to fix mismatch by @alhss in #13126
• Enable Layout/FirstMethodArgumentLineBreak and Layout/MultilineMethodArgumentLineBreaks by @JamieMagee in #13119
• Enable Layout/FirstMethodParameterLineBreak and Layout/MultilineMethodParameterLineBreaks by @JamieMagee in #13129
• Enable Layout/EmptyLinesAroundAttributeAccessor by @JamieMagee in #13131
• Enable Layout/SpaceAroundMethodCallOperator by @JamieMagee in #13132
• Update uv ecosystem Dependabot configuration to ignore all major version upgrades by @yeikel in #12868
• Bump poetry from 2.1.1 to 2.2.0 in /python/helpers in the poetry group by @noorul in #12929
• Enable RuboCop Layout/RescueEnsureAlignment by @JamieMagee in #13145
• Automate regclient version upgrades by @yeikel in #12943
• Example of how to safely parse TOML using Sorbet T::Struct by @JamieMagee in #13139
• Disabling Conda's file fetcher by @robaiken in #13149
• Group regclient updates by @yeikel in #13151
• Bump the regclient group in /docker with 2 updates by @dependabot[bot] in #13153
• Fix go purl generation by @brrygrdn in #13144
• Update NameNormalizer to Sorbet strong by @JamieMagee in #13152
• Fix sentry errors by @AbhishekBhaskar in #13150
• fix rebase not working by @jakecoffman in #13161
• Update NEW_ECOSYSTEMS.md by @diofeher in #13162
• use pr-number in updater tests by @jakecoffman in #13163
• Add GitHub Package Registry support for Bundler ecosystem. by @thavaahariharangit in #13155
• Fix UV dependency detection for packages without version constraints. by @thavaahariharangit in #13160
• Add support for ARM architectures in Dockerfile.updater-core by @diofeher in #13167
• fix group rebases not working by @jakecoffman in #13168
• pass arguments directly instead of double-interpolating them by @brettfo in #13171
• Allow for missing go directive in go.mod by @JamieMagee in #13175
• v0.335.0 by @dependabot-core-action-automation[bot] in #13176

New Contributors

• @diofeher made their first contribution in #13162

Full Changelog: v0.334.0...v0.335.0

What's Changed

• Force regenerate Sorbet gem RBIs by @JamieMagee in #13109
• Complete Sorbet strict typing of bundler by @JamieMagee in #13103
• Improve and update Sorbet shims by @JamieMagee in #13108
• PR number added to logs logic and test by @alhss in #13101
• Complete Sorbet strict typing of silent by @JamieMagee in #13112
• v0.334.0 by @dependabot-core-action-automation[bot] in #13115

New Contributors

• @alhss made their first contribution in #13101

Full Changelog: v0.333.0...v0.334.0

What's Changed

• Prevent generic dependency groups from capturing dependencies already handled by more specific groups by @robaiken in #13044
• Clean up cooldown feature flags - enable cooldown by default for all ecosystems by @kbukum1 in #13046
• Upgrade webmock from 3.19.1 to 3.25.1 by @JamieMagee in #13040
• Remove unnecessary RuboCop Sorbet/StrictSigil exclusions by @JamieMagee in #13054
• Autocorrectable rubocop-sorbet fixes for future version by @JamieMagee in #13029
• Complete strict typing gradle ecosystem by @JamieMagee in #13053
• Remove unnecessary custom libyaml by @deivid-rodriguez in #13008
• Revert exclude paths refactoring logic by @AbhishekBhaskar in #13035
• Resolve Sorbet runtime error: convert Bundler::Version to String for conflicting_dependencies by @thavaahariharangit in #13062
• Complete Sorbet strict typing of python ecosystem by @JamieMagee in #13061
• Remove unnecessary RuboCop merge statements by @JamieMagee in #13064
• Remove remaining Sorbet TODOs by @JamieMagee in #13065
• Add exclusion logic in ecosystem file fetcher classes for exclude-paths by @AbhishekBhaskar in #13047
• Fix Helm UpdateChecker type safety issue with cross-package requirement validation by @thavaahariharangit in #13063
• Finish Sorbet strict types in uv by @JamieMagee in #13081
• Finish Sorbet strict types in bun by @JamieMagee in #13082
• Complete strict typing cargo ecosystem by @JamieMagee in #13083
• Only report discovery for projects in the repo by @brettfo in #13050
• update devcontainer to correct sdk version by @brettfo in #13059
• Fix Python MetadataFinder URL construction for private registries by @thavaahariharangit in #13085
• Mark specs with Sorbet false type sigil by @JamieMagee in #13099
• Complete strict typing hex ecosystem by @JamieMagee in #13093
• Complete Sorbet strict typing of updater by @JamieMagee in #13100
• Remove Sorbet StrictSigil exclusions for hex by @JamieMagee in #13102
• Use a unique label for unknown graphing errors by @brrygrdn in #13096
• [Experiment] Cleanup graphing experiment within the update_files_command by @brrygrdn in #13089
• Add pattern scoring to group engine by @robaiken in #13098
• Link to new ecosystems guide in CONTRIBUTING.md by @robaiken in #13097
• Ignore conda specs in Sorbet configuration by @JamieMagee in #13105
• Enable Sorbet/ForbidTUnsafe cop from rubocop-sorbet by @JamieMagee in #13107
• v0.333.0 by @dependabot-core-action-automation[bot] in #13104

F 54CC ull Changelog: v0.332.0...v0.333.0