- JS: Ignore quotes in npmrc when looking for registry
- Python: Handle missing references for Poetry dependencies
- PHP: Update to minimal secure version for security updates
- Elixir: Sanitize config_path out of mixfiles
- Java: Handle branch not found errors in MetadataFinder
- Bundler: Update lockfiles which have tricky default gem handling
- JS: Bump @dependabot/yarn-lib from 1.15.2 to 1.16.0 in /npm_and_yarn/helpers
- Python: Bump pip-tools from 3.6.1 to 3.7.0 in /python/helpers
- Ruby: Better default when replacing file text
- JS: Handle packages without a name
- JS: Sanitize spaces in filenames
- Gradle: Fix VersionFinder for plugins that check maven.google.com
- Use service pack to determine existing branches
- Cache that a branch can't be found
- Don't cache a single branch_ref now that branch_exists? takes an argument
- Bundler: Always include spaces after commas
- Use updated branch name when creating PRs
- Python: Revert "Ignore irrelevant pyproject files to avoid pep517 warnings"
- Add longer sleep when creating a commit fails
- Python: Bump pip from 19.1 to 19.1.1 in /python/helpers
- Raise error for unprocessible branch names
- Python: Downgrade Poetry to avoid bug
- Bundler: Use --full-index when checking for updates and updating files
- Docker: Handle v1 dockerhub references
- Rename github_link_proxy to github_redirection_service
- Python: Don't prioritize Python 2 above lower Python 3 versions
- Python: Bump poetry from 0.12.14 to 0.12.15 in /python/helpers
- Python: Use python version indicated by markers in compiled pip-compile files
- Allow a custom GitHub link proxy to be provided to MessageBuilder
- Update Rust specs
- Handle issue linking of issue numbers prefixed with
\# - Don't sanitize @-mentions in code quotes
- Python: Handle sub-dependencies that are removed from the lockfile during update
- Allow a custom prefix to be passed to BranchNamer
- Gradle: Parse and update plugin versions
- Composer: Handle people putting strange things in their repositories hash/array
- Fix error-related rubocops
- Cargo: Handle private git dependencies that aren't parsed
- Python: Respect Python version specified in runtime.txt
- PHP: Fetch path dependencies specified in a hash (rather than an array)
- Python: Look for .python-version file at top-level, too
- Rust: Handle a resolvability issue
- Rust: Require a unique source (not just source type)
- Upgrade to PHP 7.3
- Python: Use Python 3.7.3 instead of 2.6.8
- Python: Bump poetry from 0.12.13 to 0.12.14 in /python/helpers
- Bump poetry from 0.12.12 to 0.12.13 in /python/helpers
- Update changelog finder to look in GitLab and Bitbucket directories, too
- Convert GitLab API types to match GitHub
- Sanitize all tags in commit messages
- Clean up tag sanitization and details tag creation
- Escape more tags when sanitizing lines
- Replace empty links (caused by rst processing)
- NPM: Remove extraneous git url fix
- Docker: Make self.updated_files_regex case insensitive
- NPM: Preserve indentation of lockfiles
- Python: Update to a specific version when updating Pipenv subdependencies
- Python: Update poetry sub-dependencies to a specific version
- Require minimum file size for changelogs
- Add php7.2-mysql providing pdo-mysql
- Add scope to fallback commit message
- Python: Ignore irrelevant pyproject files to avoid pep517 warnings
- Python: Bump pip from 19.0.3 to 19.1 in /python/helpers
- Python: Bump pip-tools from 3.6.0 to 3.6.1 in /python/helpers (#1120)
- NPM: Handle private registry error '403 Fobidden'
- JS: Handle git dependenices with file-path sub-dependencies
- Rust: Update target-specific dependencies
- Rust: Handle git dependencies changing version to a pre
- JS: Add floor to satisfying_versions in version resolver
- JS: Ignore aliased dependencies in lockfile parser
- Rust: Require a resolvable version, even when updating a library
- Ruby: Include a lower Ruby version in list of possible rubies (in case a < req specified)
- Add sleep before retrying commit creation
- Make commit prefixing more robust
- Pass old commit SHA when updating a PR, and use it to identify the relevant commit
- Composer: Add lowest_security_fix_version to LatestVersionFinder
- Composer: Refactor LatestVersionFinder to be more extensible
- Composer: Move tests for latest version finding to new class
- Composer: Extract latest_version logic into LatestVersionFinder class
- Composer: Stop passing latest_version to RequirementsUpdater (it was unused)
- Rust: Update to lowest fixed version for vulnerable dependencies
- Rust: Pass a single version to RequirementsUpdater
- Python: Handle subdependency resolution checking properly for pip-compile
- Stop using commit compare API endpoint when building commit diffs (it sometimes 500s)
- Python: Add
resolvable?method to version resolvers, and use in update checkers
- JS: Handle cases where requirements stay identical except for switch to private source
- Ruby: Handle Ruby lock errors correctly in LockfileUpdater
- Ruby: Update versions constant
- Python: Handle lockfile-only updates with an unrelated requirement
- Rust: Tell rustup to use cURL
- Rust: Change ownership of /opt/rust in dev dockerfile
- Rust: Add LatestVersionFinder#lowest_security_fix_version
- Rust: Extract specs for LatestVersionFinder
- Rust: Extract latest version finder logic into separate class
- JS: Handle MyGet format resolved URLs
- Python: Update to lowest fix for security vulnerabilities (all package managers)
- Python: Refactor PipCompileVersionResolver to match other resolvers
- Python: Refactor PoetryVersionResolver to match PipenvVersionResolver
- Python: Refactor PipenvVersionResolver#latest_resolvable_version to take a requirement arg
- Python: Refactor PipenvVersionResolver to make it more extensible
- PHP: Re-remove Xdebug
- Add back x-debug
- JS: Handle package.json files that specify an array of dependencies (not an object)
- Remove xdebug from container
- Rename pipfile resolver to pipenv
- Python: Refactor UpdateChecker to make it more extensible
- Python: Rename PipfileVersionResolver to PipenvVersionResolver
- Python: Update to lowest fixed version for vulnerable requirement.txt versions
- Python: Add lowest_security_fix_version to UpdateChecker::LatestVersionFinder
- Python: Pass security_advisories to LatestVersionFinder
- Add mercurial to Dockerfile
- Ruby: Minor efficiency improvement in LatestVersionFinder
- Python: Refactor LatestVersionFinder to make private methods easier to reuse
- Add tests for Python::UpdateChecker::IndexFinder
- Python: Split index finder logic into separate class
- More simplification of Bundler::UpdateChecker
- Clean up Bundler::UpdateChecker::LatestVersionFinder
- Ruby: Update to minimal version possible for security updates
- Python: Fix handling of comparisons with non-canonical segments
- Python: Support pre-releases in wildcards, and allow Python 3.8-dev
- Composer: Build path dependencies from lockfile even when whole dir is missing
- Require a dependency_name when creating a SecurityAdvisory
- Python: Bump cython from 0.29.6 to 0.29.7
- JS: Don't assume we can upgrade sub-dependencies to a secure verison
- JS: Update insecure dependencies to the minimum secure version
- Nuget: support lowercase version attributes
- JS: Pass security advisories to LatestVersionChecker
- JS: Fix update checker for deprecated deps
- Gradle: Upgrade to lowest fixed version if a dependency is vulnerable
- .NET: Upgrade to lowest fixed version if a dependency is vulnerable
- Maven: Upgrade to lowest fixed version if a dependency is vulnerable
- Maven: Cache release checks
- Ignore closed PR errors when updating a PR's branch
- Don't re-cast versions to versions in SecurityAdvisory
- Bump poetry from 0.12.11 to 0.12.12 in /python/helpers
- Add SecurityAdvisory class, used in UpdateCheckers::Base to determine if a version is vulnerable
- NPM: Remove dry-run config setting
- Add UpdateCheckers::Base#vulnerable? method, which checks against security advisories
- Accept a security_advisories argument to UpdateCheckers::Base.new
- JS: Handle build metadata in version strings
- Gradle: Handle commented out lines when updating files
- Python: Handle wildcards in requirements with a non-equality operator
- .NET: Treat dependency names as case-insensitive
- PHP: Bump composer/composer from 1.8.4 to 1.8.5
- Handle deleted target branches when creating a PR
- Python: Use pyenv v1.2.11 in Dockerfile, and update available Python versions
- Nuget: support multiple .sln files
- Git submodules: Raise parser error for trailing slashes in path
- NPM: Fix "premature close" for git dependencies
- Gradle: Better PROPERTY_REGEX
- Python: Raise error for invalid poetry requirements
- Ruby: Ignore Bundler updates if requirement is non-trivial
- Python: Bump pip-tools from 3.5.0 to 3.6.0 in /python/helpers
- NPM: Fix git dependencies with invalid requires
- JS: Handle invalid requirements better, and ignore rogue equal signs
- Docker: Treat RestClient::Exceptions::ReadTimeout exceptions the same as RestClient::Exceptions::OpenTimeout
- Better GitHub link replacement
- Maven: Handle requirements which include underscores
- Ruby: Don't ignore all > requirements in ForceUpdater
- Ruby: Only consider relevant conflicts when unlocking additional deps
- Maven: Include http:// version of central registry in special handling
- Docker: make ECR requests work w/o credentials
- Ruby: Always evaluate files from within a base directory
- Cargo: Handle additional error type that represents an unreachable git repo
- Yarn: ignore platform check
- PHP: Move back to clearer memory limit setting
- NPM: ignore prepare and prepack scripts when installing git dependencies
- Add fallback PHP environment variable
- Docker: Handle invalid file encoding
- Add an automerge label to automerge candidates if one is present
- JS: Look for dependency details in a lockfile that might match this manifest (not any lockfile)
- Revert "Bundler: Include protocol when raising PrivateSourceAuthenticationFailure errors"
- Bump semver from 5.6.0 to 6.0.0 in /npm_and_yarn/helpers
- Maven: Better dot separator regex in PropertyValueFinder
- JS: Don't mistake v-prefixed versions for distribution tags
- Python: Case insensitive check for whether dependency name is in error message
- JS: Ignore 500s from private registries
- .NET: Handle property versions that reference a function
- JS: Handle npm lockfile name substitution in post-processing
- JS: Don't replace package name when generating updated npm lockfile
- Python: Handle environment variables for Gemfury URLs
- Pass empty string token to elixir helper, again
- Ruby: Include protocol when raising PrivateSourceAuthenticationFailure errors
- Elixir: Pass empty string token to elixir helper
- JS: Better regsitry uniq-ing
- Bundler: Handle resolver returning
nilfor an unchanged git source
- Handle missing token in js registry finder
- Don't attempt to configure git creds that don't have a username or password
- Python: Handle basic auth credentials that include an
@in the username
- NPM: Optionally build npmrc without credentials
- Bundler: Handle repos without a lockfile where the dep being updated has an implicit pre-release requirement
- Python: Fetch requirement files with lines that start with a comment
- Bump @dependabot/yarn-lib from 1.13.0 to 1.15.2 in /npm_and_yarn/helpers
- Python: Handle yanked dependencies in PoetryVersionResolver
- Python: Better environment variable support in LatestVersionFinder
- Fix rubocop
- Python: Handle environment variables in LatestVersionFinder
- Python: Fix copy-paste error
- Bundler: Handle tricky ruby requirements in a gemspec when generating new lockfiles
- Python: Handle errors due to updating a dep to a version with a Python requirement issue (poetry)
- Add handling for tree creation race to pull request updater
- Handle unexpected previous versions in CommitsFinder
- Bundler: Don't add .rb suffix to require_relative files that already include it
- Python: Don't include dependencies parsed from a req.txt that are also included in Poetry
- Maven: Better file update regex (trust declaration finder more)
- JS: try/catch helper scripts
- Yarn: install specific sub-dependency version
- Composer: Serve resolvability error if required connections are disallowed
- Allow config variables without credentials wherever possible
- Python: Allow credentials to be passed with a token
- Use Bitbucket client in GitCommitChecker
- Use GitLab client when doing commit comparison
- Python: Reorganize FileUpdater#resolver_type to better handle cases where req.txt needs updating
- Python: More marker parsing improvements
- Python: Better handling of markers in requirements.txt
- Composer: Correct name for path deps starting with ../
- Yarn: handle git dependencies with token
- .NET: More sophisticated property value updater
- Maven: Handle repeated dependency declarations with different scopes
- Python: Handle updating Pipfiles which declare a version in a table
- Python: Split Pipfile manifest updater into separate class
- Use GitHub repo name defintion for GitLab and Azure
- PHP: Handle relative paths that are actually from the root
- Rebuild Dockerfile using Ruby 2.6.2
- Ruby: Update list of latest rubies
- Python: Narmalise dependency names when looking for them in poetry lockfile
- Do two retries when attempting to fetch git metadata
- Maven: Handle case where declaration_pom_name isn't found
- Python: Handle v-prefixes in versions and requirements
- PHP: Update memory limit setting again
- Python: refactor escaped command string
- Dep: escape command
- Cargo: escape command
- Fix escaped command for composer
- Escape shared helpers run subprocess cmd by default
- Python: Use original manifest instead of original compiled file when unredacting creds if required
- Python: Handle git credentials getting redacted as part of pip-compile install process
- Go: Retry transitory Go resolution issues
- Python: Remove unnecessary install
- Rust: Fetch patched path dependencies
- Use updated (clearer) style in other PHP helper
- Use Dependabot::Clients::GitlabWithRetries.for_source in labeler
- Python: Use 2.7.16
- Python: Use latest pyenv commit to get Python 2.7.16
- Python: Raise a DependencyFileNotResolvable error for unsupported pip-compile constraints
- Python: Use build isolation in FileUpdater
- Assume closing index of 0 if one can't be found
- Add test to ensure build-isolation not required in Python file updater
- Python: Build in isolation when using pip-tools (to prevent errors when using a pyproject.toml)
- Use php7.2-zmq instead of php-zmq
- .NET: Only update pre-release versions to pre-s for the same version
- Docker: Tighter regex for updating version
- Python: Don't escape spaces in pip-compile options
- Gradle: Handle multiple updates to a superstring
- .NET: Raise parser error for unparseable JSON
- Python: escape child process commands
- Stricter regex for Python file correctness
- Python: Better regex for dependency names
- Remove redundant require
- PHP: Remove overzealous use of shellwords
- Gradle: Handle property declarations in namespaces
- Gradle: Minor cleanup (uniq files)
- .NET: Update NuGet packages in global.json
- Docker: Raise custom error when private registries time out fetching tags
- Sign commits on behalf of an org
- Add support_file to DependencyFile#to_h
- Python: Avoid shelling out to Python during file fetching
- JS: Don't shell out to JavaScript during file fetching
- Ruby: Remove all calls to eval from file fetching
- JS: Fix native helper path in development and test
- Cargo: Remove lockfile duplicates
- Revert changes to JS helpers in dev and test env
- Handle 409s from GitHub when constructing commit message
- JS: Use un-built helpers in development and test env
- Short circuit update checking for dependencies being ignored
- NPM: Raise helpful error when lockfile is corrupt
- Bump pip-tools from 3.4.0 to 3.5.0 in /python/helpers
- Bump jest from 24.4.0 to 24.5.0 in /npm_and_yarn/helpers
- Elm: clean up subprocess invocation
- Dep: clean up subprocess invocation
- Composer: clean up subprocess invocation
- Cargo: clean up subprocess invocation
- Go (modules): clean up subprocess invocations
- Prefer non-app github.com token in SharedHelpers.configure_git_credentials
- Handle invalid milestones quietly
- Ignore 404s when attempting to set assignees
- JS: Bump npm from 6.8.0 to 6.9.0 in /npm_and_yarn/helpers
- Handle tags that match our version regex but don't have valid versions
- Bundler: Handle marshall errors
- Composer: Install php7.2-gmp
- Bundler: Bump rubygems from 3.0.2 to 3.0.3
- JS: Bump eslint from 5.14.1 to 5.15.1 in /npm_and_yarn/helpers
- Go (modules): handle another case of module path mismatches
- Minor version bump to signify that JS refactor (included in v0.95.85) is a breaking change, as it requires an update to the Dockerfile as well as the gem
- Fix gitignore for npm and yarn helpers
- JS: Ignore URL-style versions in npm lockfiles in NpmAndYarn::FileParser::LockfileParser
- Ruby: Handle marshal dump errors more gracefully
- Composer: Automatically retry transitory errors in VersionResolver
- Add php-zmq to Dockerfile
- JS: Simplify helper usage to only one script (#988)
- Better tag comparison in CommitsFinders
- Ruby: Handle circular dependencies at the latest version
- Terraform: Parse
[email protected]:module sources
- JS: Fetch numeric version for git dependencies with a semver requirement
- Python: Handle .zip or .whl suffices in LatestVersionFinder
- Python: Bump cython from 0.29.5 to 0.29.6 in /python/helpers
- Prefer refs to versions when generating compare URLs for git updates
- Python: Raise a resolvability error for Python version conflicts when Python version is user-defined
- Go (modules): switch back to mastermind/vsc now 1.13 is out
- Ruby: Fix gemspec sanitizer, and update test to have a Gem::Version
- Ruby: Alternative approach to sanitizing version constants in gemspecs
- Ruby: Only sanitize versions when they appear in strings
- JS: Treat projects with invalid names as non-library
- Python: handle fetching whl files dependencies
- Ruby: Handle more gemspec sanitization
- Ruby: More gemspec sanitization
- PHP: Build path dependencies from lockfile if not fetchable
- Go (modules): prevent all pseudo version updates
- Dockerfile: Add bzr to the Dockerfile
- NPM: Fix lockfile for git deps with semver version
- Handle TomlRB::ValueOverwriteError everywhere we handle TomlRB::ParseError
- Rust: Handle TomlRB::ValueOverwriteError errors in FileParser
- Rust: Handle parse errors in unprepared files in VersionResolver
- Retry GitLab 502s everywhere
- Ruby: Handle pre-releases with numeric parts in the pre-release specifier
- Fix handling of docker dependencies in ChangelogFinder
- Maven: Treat dependencies that specify their scope as
testas development dependencies
- JS: Fix peer dependency updates for libraries
- JS: Return a version instance from UpdateChecker#latest_resolvable_version_with_no_unlock when version is numberic
- JS: Handle non-JSON responses from private registries when checking git deps
- JS: Handle duplicate peer dependency error
- Fix changelog fetching with a suggested changelog URL and no source
- PHP: Automatically retry transitory errors in lockfile updater
- Ruby: Better requirement string parsing
- Python: Fix python version installed check
- Use Ruby 2.6.1
- Python: Be explicit about the python version being installed
- Python: Better Python version handling for Pipenv
- Python: List supported versions, and error if using an unsupported one
- Bump pyenv, Go and Elixir versions in Dockerfile
- Go (modules): tighten up error regex
- Go (modules): Handle module path mismatch errors
- NPM: Fix missed lerna peer dependency update
- Reduce robocop config spread and cover root files
- Python: Use user's defined Python version when compiling pip-compile files
- Retry GitHub races when creating a commit from a new tree
- Python: Treat install_requires dependencies as production dependencies
- Ruby: Don't mistake support files for evaled gemfiles
- Go (modules): handle missing sub-dependency error
- Ruby: Implement suggested_changelog_url, based on changelog_uri in gemspec
- Add suggested_changelog_url method to MetadataFinder::Base, that is passed to ChangelogFinder
- Python: Bump pip from 19.0.2 to 19.0.3 in /python/helpers
- NPM: Sanitise extra trailing slash from private registries
- Python: Don't repeatedly parse Pipfile.lock
- Python: Fetch poetry path dependencies
- Python: Only parse large lockfiles once
- Ruby: Handle another gem not found error case
- JS: Actually special case DefinitelyTyped
- JS: Don't update source from git to registry just because version isn't a SHA
- JS: Include a leading
*as a semver indicator - Python: Bump pip-tools from 3.3.2 to 3.4.0 in /python/helpers
- Ruby: Allow gemspec dependencies to have a source (in case it's git)
- Cargo: fix git credential helper issue
- .NET, Ruby and Rust: Fix directory handling for deeply nested file fetching
- Reverse commits when building a monorepo compare URL
- JS: Better special casing for gatsby
- Python: Look in project_urls for homepage
- PHP: Use the global variable $memory when freeing it
- Rust: Handle non-existent packages
- Simpler tag sorting for finding most appropriately named tag
- Better commit fetching for monorepos
- Always prefer commits URL with path for monorepos
- NPM: Fix lockfile for git dependencies using tags
- Better lowest_tag_satisfying_previous_requirements lookup
- Fetch git tags from git upload pack, rather than APIs, in CommitsFinder
- Speed up GitCommitChecker tag processor
- JS: Add special cases for Gatsby and DefinitelyTyped repos
- NPM: Speed up sub-dependency updates for big lerna projects using npm
- Composer: Bump friendsofphp/php-cs-fixer from 2.14.1 to 2.14.2 in /composer/helpers
- JS: Include details of directory in source if included in repository object
- Append directory to source URL when reliable
- Include directory details in commits URL if reliable
- Make source attributes editable, and add Source#url_with_directory method
- JS: Only assign a single credential to a scope in npmrc builder
- Ruby: Update version requirement at the same time as updating git tag
- JS: Parse full nexus private repository URLs from lockfile entries for scoped dependencies
- JS: Better handling of incorrect credentials for a private registry
- Better commit comparison links for dependencies without a previous version
- Fetch files from symlinked directories if fetching submodules
- Go (modules): more detailed error messages for unresolvable dependencies due to git errors, and for go.sum checksum mismatches.
- NPM: Prefer offline cache and turn off audits
- Go (modules): detect and handle missing/invalid dependency specified with pseudo version
- Cargo: Include all unreachable git dependencies when raising GitDependenciesNotReachable
- Fix time taken measurement for shell cmds
- Add git_repo_reachable? method to GitCommitChecker
- Cargo: Handle unreachable git dependencies
- Another @-mention sanitization improvement (better regex)
- JS: Bump npm from 6.7.0 to 6.8.0 in /npm_and_yarn/helpers
- Cleaner mention sanitizing (use a zero width character)
- Better sanitization of @mentions when wrapped in a link
- Update issue tag regex
- Add optional dependency on Pandoc that allows us to convert rst files
- PHP: Handle integer versions in composer.lock
- Add .gitignore
- Base: Convert directory to proper path before using it in file fetchers
- Python: Dig into source URL looking for reference to dependency name
- Gradle: Handle $rootDir variable in dependency script plugins
- Common: include bin files in dependabot-common packaged gem
- Require common in dry run script
- Sanitize @-mentions that are prefixed with a dash
- Python: Don't try to update 'empty' requirements.txt files as part of a Pipfile update
- PHP: Bump composer/composer from 1.8.3 to 1.8.4 in /composer/helpers
- Python: Check source project_url for a GitHub link in MetadataFinder
- Better branch naming when updating multiple deps
- JS: Handle registries that don't escape slashes in dependency names except at /latest
- Gradle: Fetch plugin script files, and update them
- PHP: Handle another error
- Python: Bump pip from 19.0.1 to 19.0.2 in /python/helpers
- Python: Bump cython from 0.29.4 to 0.29.5 in /python/helpers
- Rust: Fix method name typo
- Rust: Fix over-eager manifest file updating
- JS: Better handling of multiple git requirements
- Bundler: fix gemspec since 1ddf668
- Go (modules): handle vanity urls that return non-200 responses
- Bundler: remove unnecessary helpers
- Paginate through GitLab labels
- Python: Make post version comparison logic more explicit
- Python: Fix bug in post release version comparison
- Ruby: Handle assignment to hash attributes in sanitizer
- Fix common gemspec
- Python: Handle post-release versions properly
- PHP: Handle version requirements with a trailing dot
- Move shared code to a new
dependabot-commongem - Bump gitlab from 4.8 to 4.9
- Align GitLab PR creator with generic options
- Handle target branches that are a substring
- Python: Fetch vendored .zip files
- Correct relative links from GitHub release notes
- Cargo: Better spec construction
- Docker: Handle tags with both a prefix and a suffix
- Cargo: More specific details of dependency being updated
- Add php-mongodb to Dockerfile
- Raise normal error when submodule source isn't supported
- JS: Look for login form redirects, not 404s, when checking packages on npmjs.com
- Fetch files that are nested in submodules if asked
- Clean up file fetcher base class
- Better name for language label details
- Add class attribute_reader to Labler
- Ruby: Move bundler monkey patches
- Python: Bump cython from 0.29.3 to 0.29.4 in /python/helpers
- Add bundler to omnibus
- Reorg bundler
- JS: Better detection of whether an npm registry needs auth
- Increase max retries for GitHub client
- Python: Bump hashin from 0.14.4 to 0.14.5 in /python/helpers
- Go: Retry resolvability errors in parser
- Python: Handle Poetry solver problems
- Add workaround for GitHub bug during PR creation
- PHP: Bump composer/composer from 1.8.2 to 1.8.3 in /composer/helpers
- Python: Bump hashin from 0.14.2 to 0.14.4 in /python/helpers
- .NET: Handle Nuget sources that don't return a ProjectUrl
- JS: Return a NpmAndYarn::Version, not a string, for git semver dependencies
- PHP: Bump composer/composer from 1.8.0 to 1.8.2 in /composer/helpers
- Gradle: Handle tabs when looking for repositories
- JS: Parse the semver version, rather than the git SHA, for git reqs with a semver specification
- Python: Handle Apache Airflow 1.10.x installs with pip-compile
- Maven: Update dot separator regex
- Python: Fix sanitization and remove puts calls
- Python: Sanitize # symbols in pyproject.toml files
- Python: Bump pip-tools from 3.3.1 to 3.3.2 in /python/helpers
- Maven: Handle case where property value can't be found in MetadataFinder
- Maven: Substitute properties in the URL when fetching a parent POM file
- Python: Handle fetching gzipped path dependencies
- Python: Handle Poetry sub-deps that should be removed from the lockfile
- JS: Fix bug when updating npm@5 lockfile w/ [email protected]
- Merge branch 'fix-js-helper-location'
- Log when CIRCLE_COMPARE_URL isn't set
- Rubocop
- Fix JS helper location
- Merge branch 'hex-build-script-fix'
- Fix hex build script
- Revert "Revert "Make hex helpers obey install_dir""
- Python: Bump pip from 18.1 to 19.0.1 in /python/helpers
- Python: Bump pip-tools from 3.1.0 to 3.3.1 in /python/helpers
- Python: Fix for post-processing compiled files with reordered indices
- JS: Bump npm from 6.6.0 to 6.7.0 in /npm_and_yarn/helpers
- Make python helpers obey install_dir
- Make npm_and_yarn build script obey install_dir
- Python: Use poetry update [dep-name] --lock when updating Poetry files
- Ruby: CGI escape credentials before passing to Bundler
- PHP: Clean Composer programmatically install
- Rust: Raise PathDependenciesNotReachable errors, rather than DependencyFileNotFound errors
- JS (npm): Fix invalid from for git sub-dependencies
- Reduce "running as root" warnings with Docker image
- Update .gitignore
- Update gitignore for npm_and_yarn helpers move
- .NET, Elixir and Pythnon: Better handling of version with build/local part
- JS: Simplify npm_and_yarn helpers to yarn workspaces
- JS: Bump npm from 6.5.0 to 6.6.0 in /npm_and_yarn/helpers/npm
- JS: Handle sub-dep version resolution errors
- Python: Bump cython from 0.29.2 to 0.29.3 in /python/helpers
- Python: Bump hashin from 0.14.1 to 0.14.2 in /python/helpers
- JS: Add support for Yarn git semver
- PHP: Always pass to json_encode for secure output
- PHP: Switch to a real helper bin file
- .NET: Handle build versions
- Add php7.2-apcu to Dockerfile
- Python: Fetch cascading requirement.in files
- Better commit subject truncation
- Docker: Handle AWS auth errors
- Raise NoHistoryInCommon error if it blocks PR creation
- JS: Stop registering the wrong version class
- JS: Memoize lockfile updates
- JS: Only include relevant dependency files when updating files
- JS: Reorganise into npm_and_yarn directory
- Elixir: require fully released version of jason
- Remove possibly redundant check that npm lockfile has changed
- JS: Add error context when no files where updated
- Update license to 2.0
- Fix README typo
- Dep: Ignore indirect dependencies in latest_resolvable_version_with_no_unlock
- Dep: Ignore indirect dependencies more robustly
- .NET: Even longer timeout
- Handle git to registry PRs for libraries in PR message builder
- Fix typo
- Rust: Handle old version of resolution failure error (for when toolchain specified)
- Use Elixir 1.8.0
- PHP: Handle registries that 404 on /packages.json
- Docker: Simplify updated_digest fetching, and retry DockerRegistry2::NotFound on tags
- Rust: Handle no latest_version when updating a library
- NPM: Handle package name with invalid characters
- Python: Bump poetry from 0.12.10 to 0.12.11 in /python/helpers
- Reorg dep
- .NET: Handle wildcard requirements without any digits
- Handle 403 forbidden responses from Bitbucket
- Ruby: Handle fetching gemspecs which specify a path
- Require composer from omnibus
- Update README for refactor install instructions
- PHP: Handle blank responses from registries
- Add composer to Dockerfile.ci and loadpath in dry-run
- Add missing requires
- PHP reorg
- Change subprocess IO.popen to Open3.capture2
- Add error context when helper subprocesses fail
- Ruby: Add Ruby 2.6.0 to list of rubies in RubyRequirementSetter
- Handle git dependencies when creating PR message for libraries
- JS: Handle ~ and ^ version requirements with blank minor.patch version
- Better handling of directories in changelog finder
- Elixir reorg
- PHP: Raise resolvability issue when working with local VCS errors
- Bump @dependabot/yarn-lib from 1.12.3 to 1.13.0 in /helpers/yarn
- Handle Bitbucket 401s during changelog lookup
- Handle Bitbucket 401s during commit lookup
- Cargo: If a file is both a support_file and a dependency file, treat as a dependency file only
- Cargo: Handle aliased dependencies better in file preparer
- Ruby: Handle subdependency updates when the subdep gets removed
- PHP: Cowardly ignore of stefandoorn/sitemap-plugin error we can't figure out
- PHP: Serve resolution error for non-https requests when they're disallowed
- PHP: Improve memory limit handling in PHP helper
- Better GitHub issue sanitization
- Gradle: Handle packaging types in versions
- Elixir: Handle whitespace before commas when updating mixfiles
- Python: Order additional hashes alphabetically when updating pip-compile files
- Docker: Reduce number of calls to Dockerhub when determining latest version
- Yarn: de-duplicate indirect dependencies
- Handle empty versions properly when a build or local version is possible
- Go (dep): Handle unreachable vanity URLs in parser
- .NET: Extend timeout for .NET repos
- Maven: More tests for versions that use multiple properties
- Maven: Handle properties with a suffix better
- Reduce the number of layers in the docker image
- Register GoModules::Requirement class
- Add go_modules package to Rakefile
- Go (modules): reorg
- JS: Handle requirements with an || when bumping versions
- Raise RepoNotFound errors when creating PRs
- Python: Don't treat post-releases as pre-releases
- Python: Augment hashes from pip-compile if necessary
- Bump rubygems and bundler versions
- Revert "Patch Rubygems requirement equality"
- Bump rubygems and bundler versions
- Ruby: Less strict requirement comparison
- Add TODO to Python pip_compile file updater