CHANGELOG ARCHIVE 2017 TO 2018

v0.86.20, 31 December 2018

• Update GitLab submodules

v0.86.19, 31 December 2018

• Patch Rubygems requirement equality

v0.86.18, 30 December 2018

• PHP: Handle > requirements correctly when bumping versions
• PHP: Add widen_ranges update strategy to PHP
• PHP: Allow update strategy to be passed as an option

v0.86.17, 27 December 2018

• Add ext-sqlite3 support for PHP by adding in Dockerfile

v0.86.16, 26 December 2018

• Rust: Handle projects that are part of a workspace (but hard to detect)

v0.86.15, 26 December 2018

• Rust: Handle binary specifications when using 2018 edition

v0.86.14, 26 December 2018

• Bump rubygems and Python versions

v0.86.13, 26 December 2018

• Java: Make <=> public

v0.86.12, 26 December 2018

• Opt in to Rubygems 4 behaviour through monkey patch

v0.86.11, 25 December 2018

• Ruby: Ensure gemspec paths are always pathnames
• JS: Handle non-string entries for resolution

v0.86.10, 24 December 2018

• .NET: Filter out non-URL repos

v0.86.9, 21 December 2018

• Python: Correctly sanitize path dependency paths in pip-compile compiled files

v0.86.8, 21 December 2018

• Add python3-enchant dependency

v0.86.7, 21 December 2018

• Python: Treat no matching distribution found as suggesting bad Python version

v0.86.6, 20 December 2018

• Git: Raise a helpful error if a submodule path doesn't actually point to asubmodule

v0.86.5, 20 December 2018

• Actually cache nuget listing results

v0.86.4, 19 December 2018

• Python: Raise issue for Python URLs that contain an environment variable
• Python: Extract LatestVersionFinder tests into separate file

v0.86.3, 19 December 2018

• Ruby: Fetch gemspec to look for source if API is not available

v0.86.2, 18 December 2018

• Allow .NET repos with a src directory through

v0.86.1, 18 December 2018

• .NET: Check src directory for sln files by default

v0.86.0, 17 December 2018

• Npm: Fix issue where the wrong lockfile was updated when using both Lerna and npm lockfiles

v0.85.3, 17 December 2018

• Rust: Ignore aliased dependencies
• Bump cython from 0.29.1 to 0.29.2 in /python/helpers
• Ruby: More careful replacement of equality matcher requirements

v0.85.2, 15 December 2018

• Switch Ruby RequirementsUpdater logic to use an update strategy, which can be provided as either bump_versions or bump_versions_if_necessary

v0.85.1, 15 December 2018

• JS: Group PRs for tightly couple monorepo deps (currently just Vue)

v0.85.0, 14 December 2018

• Move Maven into separate gem

v0.84.1, 14 December 2018

• Add php72-memcached to Dockerfile

v0.84.0, 14 December 2018

• Move Gradle into separate gem
• Add safeguard for not filtering releases by nil

v0.83.2, 14 December 2018

• Rust: Handle unfetchable git refs better

v0.83.1, 13 December 2018

• Retry GitHub errors when labeling a PR
• JS: Handle relative resolved paths in shrinkwrap.json
• Go: Better file parsing (prefer revision to version for git dependencies)

v0.83.0, 13 December 2018

• Elm: Rename elm-package to elm everywhere

v0.82.4, 13 December 2018

• Elm: Register package manager as just elm, as well as elm-package
• Python: Bump hashin from 0.14.0 to 0.14.1 in /python/helpers
• JS: Bump npm from 6.4.1 to 6.5.0

v0.82.2, 12 December 2018

• Rust: recursively fetch workspace and path dependency files

v0.82.1, 12 December 2018

• Fix elm reorg by adding elm.rb

v0.82.0, 11 December 2018

• Reorg Elm
• Python: Make helpers build file executable
• Handle spaces in GitHub file paths
• Python: Test that python version error is for updating this dependency
• Python: Ignore upgrades that break Python compatibility quietly

v0.81.1, 10 December 2018

• Rust: Register cargo metadata finder

v0.81.0, 10 December 2018

• Extract Rust logic into a separate gem

v0.80.1, 10 December 2018

• Add another missing require
• Add missing require

v0.80.0, 10 December 2018

• Extract .NET logic into a separate gem

v0.79.4, 10 December 2018

• Python: Update remaining relative paths following reorg

v0.79.3, 10 December 2018

• Python: Update requirement path in PipfileVersionResolver
• Exclude merge commits when looking for latest dependabot commit message

v0.79.2, 9 December 2018

• Python: Catch ValueError and treat as a FileNotEvaluatable error

v0.79.1, 9 December 2018

• Python: Add system dependencies into Dockerfile

v0.79.0, 9 December 2018

• Extract python logic into a separate gem
• Yarn: Fix lockfile for invalid resolutions

v0.78.0, 7 December 2018

• Extract git_submodules logic into a separate gem

v0.77.2, 7 December 2018

• Add top level docker file that requires docker classes

v0.77.1, 7 December 2018

• Simplify dependabot-docker gemspec
• Add /pkg to gitignore

v0.77.0, 7 December 2018

• Move Docker support to a separate gem

v0.76.11, 7 December 2018

• Python: Ignore dependencies that we had to insert a version for
• JS(npm): Raise helpful errer for forbidden missing deps
• Gradle: Don't consider dependencies that concatenate properties to build a version
• Maven: Check distribution type when looking up declaration to update

v0.76.10, 6 December 2018

• Cache commit tag lookup in changelog finder
• Sanitize relative links in release notes

v0.76.9, 6 December 2018

• Python: Handle bare version requirements in the RequirementUpdater

v0.76.8, 6 December 2018

• JS: Build relative paths for path dependencies of unfetchable path dependencies
• JS: Get correct version for path dependencies

v0.76.7, 6 December 2018

• No code changes - testing automated releases

v0.76.6, 6 December 2018

• No code changes - testing automated releases

v0.76.5, 6 December 2018

• Add omnibus gem

v0.76.4, 6 December 2018

• No code changes - testing automated releases

v0.76.3, 6 December 2018

• Start releasing to RubyGems
• Fix gemspec warnings

v0.76.2, 6 December 2018

• Better detection of dependabot commit when updating a PR

v0.76.1, 5 December 2018

• JS: Don't check for yanked packages if using a private registry
• Rust: Ensure parsed version matches requirement source
• PHP: Bump composer/composer from 1.7.3 to 1.8.0

v0.76.0, 5 December 2018

• Terraform: (BREAKING) Split Terraform support out into a separate gem, still within the same repo. See #825 for more info.
• Maven: Handle credentials that don't include auth details
• Convert relative links in changelogs and release notes

v0.75.126, 5 December 2018

• .NET: Pass URL string (not hash) when raising PrivateSourceTimedOut

v0.75.125, 5 December 2018

• JS: Raise a resolvability error for invalid requirements

v0.75.124, 4 December 2018

• JS: Raise an authentication error for private, unscoped packages
• JS: Handle _npmUser entries without a name

v0.75.123, 4 December 2018

• Go: Use correct file path when raising DependencyFileNotParseable

v0.75.122, 4 December 2018

• JS: Recursively fetch path dependencies

v0.75.121, 4 December 2018

• Java: Handle null values in version strings

v0.75.120, 2 December 2018

• JS: Handle missing _npmUser details

v0.75.119, 2 December 2018

• Add details of new maintainers to PRs (if they are the one that released this JS package)

v0.75.118, 30 November 2018

• Detect capitalisation of first word in commit message
• Maven: Handle empty version tags
• Python: Don't error on pip-compile cascading resolution issues

v0.75.117, 30 November 2018

• Better commit prefix detection

v0.75.116, 30 November 2018

• .NET: Fetch the largest sln file, not the first
• Handle missing version/name in package.json

v0.75.115, 30 November 2018

• Retry timeouts fetching git repos from known sources
• JS: Handle blank versions in FileParser

v0.75.114, 29 November 2018

• JS: Fix check if install resolved before update
• JS: Handle versions without peer dependencies in latest_version_of_dep_with_satisfied_peer_reqs

v0.75.113, 29 November 2018

• Detect ESLint commit messages that include scopes

v0.75.112, 29 November 2018

• Docker: Handle persistent 404s from Dockerhub
• PHP: Handle updates to a manifest file where only one requirement needs to change

v0.75.111, 29 November 2018

• Fix require problem that only affected requiring FileUpdaters first
• JS: Raise a resolvability error when a scoped package can't be found

v0.75.110, 29 November 2018

• JS: Fetch path dependencies that are specified as links
• JS: Implement full unlock for resolving JS peer dependencies

v0.75.109, 29 November 2018

• Use Bundler 1.17.1 in Dockerfile
• JS: Support updating multiple dependencies at once

v0.75.108, 28 November 2018

• JS: More glob path improvements

v0.75.107, 28 November 2018

• JS: Handle Yarn ignored package globs

v0.75.106, 28 November 2018

• Don't match versions that are superstrings in changelog pruner
• Add Azure TODOs to metadata finders

v0.75.105, 27 November 2018

• Handle symlinked files in FileFetcher

v0.75.104, 27 November 2018

• Handle git dependencies for libraries

v0.75.103, 26 November 2018

• Python: More tweaks to Pipenv environment handling
• Python: Parse pip_compile results more accurately

v0.75.102, 26 November 2018

• Python: Use shared helper to switch python version
• Python: Better handling of bad python requirements (fix spec)

v0.75.101, 26 November 2018

• Python: Switch to released Pipenv
• JS: Fetch npmrc and yarnrc files from parent directories if required
• Python: Raise a resolvability error if max retries are exceeded
• Python: Better environment setup during Pipenv UpdateChecker

v0.75.100, 26 November 2018

• Correct upgrade type labeling for git dependencies

v0.75.99, 26 November 2018

• Elixir: Don't join support file names with directory

v0.75.98, 26 November 2018

• Elixir: Use supporting files when parsing, checking and updating
• Elixir: Fetch files that are evaled by mixfile

v0.75.97, 25 November 2018

• Python: Bump pipenv commit

v0.75.96, 24 November 2018

• Handle non-master bitbucket branches in ChangelogFinder

v0.75.95, 24 November 2018

• Fall back to looking for changelog on specific tag if it can't be found on master

v0.75.94, 24 November 2018

• Python: Bump Pipenv to latest commit

v0.75.93, 23 November 2018

• Docker: Retry rogue 404s from dockerhub

v0.75.92, 23 November 2018

• Python: Lock git dependencies during Pipenv updates

v0.75.91, 23 November 2018

• Python: Handle Pipfiles without a source block
• Better GitHub repo regex (taken directly from Octokit)

v0.75.90, 23 November 2018

• Python: Try setting a longer pip default timeout

v0.75.89, 23 November 2018

• Python: Raise a resolvability error for unsupported dependencies
• Go (dep): Fix fsnotify-related bug in the update checker

v0.75.88, 23 November 2018

• Python: Handle path dependencies in Pipenv everywhere

v0.75.87, 23 November 2018

• Bump poetry from 0.12.9 to 0.12.10
• Use latest Pipenv commit and remove workaround
• npm: ignore platform and engine checks on install
• Python: Fetch path dependencies listed in Pipfile
• Python: Mark fetched path dependencies as support files

v0.75.86, 22 November 2018

• Python: Workaround Pipenv bug (caused issue for new Python version installs)

v0.75.85, 22 November 2018

• Python: Use latest pipenv commit (prep for imminent release)

v0.75.84, 22 November 2018

• Dep: Silence a relatively hard-to-reproduce dep panic
• PHP: Fetch auth.json (in preparation for using it)

v0.75.83, 22 November 2018

• Handle a nil that previously wasn't being handled

v0.75.82, 22 November 2018

• Don't assume a ~/.gitconfig exists

v0.75.81, 22 November 2018

• Go (dep): handle fsnotify bug
• Fix some issues relating to git credentials configuration

v0.75.80, 21 November 2018

• Python: Interpret additional pip-compile error as tell that Python 2.7 should be used

v0.75.79, 21 November 2018

• Ruby: Handle calls to Find.find in gemspecs

v0.75.78, 21 November 2018

• Ruby: Smarter gemspec sanitization (wrap require lines in error handling, rather than deleting them)

v0.75.77, 21 November 2018

• Ruby: Better readlines replacement

v0.75.76, 21 November 2018

• .NET: Assume unfound properties are up-to-date
• Ruby: Sanitize File.readlines from gemspec

v0.75.75, 21 November 2018

• Python: Better checking of Python version when using Pipenv
• Python: Handle python requirements with an || in pyproject.toml

v0.75.74, 20 November 2018

• JS: Fix dependency updates with os requirements (npm)

v0.75.73, 20 November 2018

• Trim spec.files in gemspec, speeding up docker development
• Fix typo in Poetry updater

v0.75.72, 20 November 2018

• Python: Another attempt to fix poetry
• JS: Handle outdated git source in lockfile

v0.75.71, 20 November 2018

• Python: Try updating pip for installing requirements

v0.75.70, 20 November 2018

• Python: Install all requirements for different python versions

v0.75.69, 20 November 2018

• Go (dep): ignore some tricky git dependencies

v0.75.68, 20 November 2018

• Maven: Allow version updates that come via a parent_pom
• Python: Sanitize pyproject.toml files before running Poetry

v0.75.67, 20 November 2018

• Rust: Handle git sub-dependencies
• .NET: Handle unfound property versions in VersionFinder
• Python: Bump poetry from 0.12.8 to 0.12.9
• Elixir: Handle unevaluatable Mixfiles
• Docker: Handle Dockerhub 404s when looking up latest version digest
• JS: Handle unreachable git dependencies in Yarn lockfile updater

v0.75.66, 19 November 2018

• PHP: Raise dependency file not resolvable if tarball can't be downloaded
• Switch back to using --global for git configuration

v0.75.65, 19 November 2018

• JS: Handle no lockfile when completing npmrc
• JS: Raise git not reachable for ssh://git

v0.75.64, 19 November 2018

• JS: Handle environment variables in npmrc in unexpected places

v0.75.63, 19 November 2018

• Go (modules): catch go.mod major version issues in the parser

v0.75.62, 19 November 2018

• Ruby: Better gemspec sanitization (handle tapped blocks)

v0.75.61, 18 November 2018

• .NET: Handle ruby-stype requirement strings

v0.75.60, 18 November 2018

• Python: Better Python version error handling for pip-compile
• JS: Remove comments before parsing package.json (they shouldn't be there anyway...)

v0.75.59, 18 November 2018

• Python: Handle sub-dependency updates where the sub-dep is no longer required

v0.75.58, 18 November 2018

• .NET: Don't raise for uninterpolated versions
• Raise Dependabot::OutOfMemory if Composer runs out of memory

v0.75.57, 18 November 2018

• .NET: Handle requirement strings in .NET format

v0.75.56, 17 November 2018

• Ruby: Handle Bundler 2 lockfiles
• JS: Make tarball protocol consistent when updating from http to https

v0.75.55, 17 November 2018

• Python: Boost Pipenv timeout to 10 minutes

v0.75.54, 16 November 2018

• Python: Update unsafe requirements if specified in pip-compile manifest

v0.75.53, 16 November 2018

• Python: Protect against fetching the same file multiple times
• Python: Order pip-compile file resolution correctly when .txt outputs are imported

v0.75.52, 16 November 2018

• Ruby: Use Bundler 2.0.0.pre.1
• Try to prevent Sentry from grouping all HelperSubprocessFailed errors
• Elm: Don't perform updates that require indirect dependency changes

v0.75.51, 16 November 2018

• Handle changelogs which use a bullet point for each new version

v0.75.50, 16 November 2018

• Ruby: Prefer fetching gems.rb to Gemfile
• Python: decrease timeout from 500 to 360 seconds
• JS: Mute sub-dependency version resolve errors

v0.75.49, 15 November 2018

• Python: Set higher timeout for Pipenv

v0.75.48, 15 November 2018

• Python: Clean up Pipenv error handling

v0.75.47, 15 November 2018

• Python: Raise original error correctly depending on Python version in use
• Maven: Fix DeclarationFinder when looking up declaration in a pom with missing properties

v0.75.46, 15 November 2018

• Maven: Handle property searches that use a range for the parent pom

v0.75.45, 15 November 2018

• Python: Disable pipenv spinner in logs
• .NET: Longer timeout when hitting registries
• Rust: Retry timeouts from crates.io

v0.75.44, 15 November 2018

• PHP: Respect COMPOSER_MEMORY_LIMIT environment variable

v0.75.43, 15 November 2018

• JS: Handle tricky possible version comparisons
• Python: Switch to released version of pipenv
• Elm: Select elm resolver based on requirements

v0.75.42, 14 November 2018

• Go modules: strip whitespace from parser errors

v0.75.41, 14 November 2018

• Go: Better parser error handling for Go modules
• JS: Handle diverged npm/yarn lockfiles
• JS: Fix bug when using both npm5 and yarn lockfiles and updating a sub-dep

v0.75.40, 14 November 2018

• Python: Pin to latest pipenv commit
• JS: Handle bad peer dependency requirements

v0.75.39, 14 November 2018

• Python: Bump poetry from 0.12.7 to 0.12.8
• Python: Bump hashin from 0.13.4 to 0.14.0

v0.75.38, 13 November 2018

• JS: Support updating npm sub-dependencies
• Python: Handle transition from a single hash to multiple in requirements file updater
• JS: Handle unmet peer dependency warnings in yarn

v0.75.37, 12 November 2018

• JS: Add npm-shrinkwrap to list of files updated by file updater
• Python: More careful requirement file updating (handle no-binary flags)

v0.75.36, 10 November 2018

• JS: Handle npm switches to insecure URLs

v0.75.35, 9 November 2018

• Ruby: Simpler error message from FileFetcher

v0.75.34, 9 November 2018

• Python: Handle quote characters when fetching path dependencies
• Python: Bump poetry from 0.12.6 to 0.12.7

v0.75.33, 8 November 2018

• Python: Don't confuse git reference with path references when fetching files

v0.75.32, 8 November 2018

• Use ESLint style commit messages if they're currently in use

v0.75.31, 8 November 2018

• JS: Retry transitory errors in SubdependencyVersionResolver
• JS: Retry another transitory error in YarnLockfileUpdater
• Python: Better handling of cases when attempting a pip-compile update would cause errors

v0.75.30, 8 November 2018

• Elixir: Better error checking (raise based on original reqs)
• Elixir: Handle resolution failure for git dependencies

v0.75.29, 8 November 2018

• Elixir: Raise DependencyFileNotResolvable error for unresolvable mixfiles

v0.75.28, 7 November 2018

• JS: Better whitespace escaping
• PHP: Handle packages that require themselves

v0.75.27, 7 November 2018

• JS: Fix sanitization when a slash character is being escaped

v0.75.26, 7 November 2018

• JS: Better parsing of private registry URLs
• JS: Bump yarn from 1.12.1 to 1.12.3

v0.75.25, 7 November 2018

• .NET: Parse and update nested packages.config files

v0.75.24, 7 November 2018

• .NET: Fetch packages.config files from any directories specified in .sln files

v0.75.23, 7 November 2018

• JS: Fix yarn lockfile for githost shorthand installs

v0.75.22, 7 November 2018

• JS: Don't consider previously failing peer dependencies when finding latest resolvable version

v0.75.21, 7 November 2018

• Rejig semantic prefix detection

v0.75.20, 7 November 2018

• JS: Don't try to version resolve git dependencies
• JS: Better caching in UpdateChecker

v0.75.19, 6 November 2018

• JS: Handle complicated requirements

v0.75.18, 6 November 2018

• Python: Fetch path dependencies with paths that don't start with a '.'

v0.75.17, 6 November 2018

• Fix merge conflict issue in FileFetchers::Base

v0.75.16, 6 November 2018

• Python: Bump poetry from 0.12.5 to 0.12.6
• JS: Handle version resolution for sub-dependencies when not updating manifest
• Add a common interface for provider client (thanks @codisart)

v0.75.15, 5 November 2018

• Python: Handle or conditions in Poetry python requirements

v0.75.14, 5 November 2018

• JS: Stop downloading node_modules when checking yarn peer deps
• Docker: Handle ignored versions

v0.75.13, 5 November 2018

• Ruby: Better error handling if Gemfile isn't present
• Ruby: Fix typo in FileParser
• Ruby: Handle assignment to an integer in GemspecSanitizer

v0.75.12, 4 November 2018

• JS: Fix bug in peer dependency checks for yarn
• Ruby: Handle gems.rb and gems.locked

v0.75.11, 3 November 2018

• JS: Log all peer dependency warnings from yarn and npm

v0.75.10, 3 November 2018

• .NET: Don't assume lowest version is the current one in file parser
• Python: Handle sub-dependencies that appear in a requirements.txt

v0.75.9, 2 November 2018

• JS: Better peer dependency regex for npm
• JS: Better git dependency handling in peer dependency checker

v0.75.8, 2 November 2018

• go: only download packages with go get, don't build them

v0.75.7, 2 November 2018

• Maven: Check whether property being updated has the same source
• Maven: Store property source in metadata, as well as name

v0.75.6, 2 November 2018

• Go: Fix go.sum updating

v0.75.5, 2 November 2018

• Docker: Include registry details if auth failure happens on Docker Hub
• Maven: Handle range requirements for parent when finding custom repositories
• Rust: Raise an error when trying to operate on a non-root part of a rust workspace

v0.75.4, 2 November 2018

• JS: Add workaround for git dependency library updates

v0.75.3, 2 November 2018

• Gradle: Handle dependency set updating when the dependency set has been updated already

v0.75.2, 2 November 2018

• Python: Don't write .python-version when updating Pipfile or pip-compile files
• PHP: Bump composer/composer from 1.7.2 to 1.7.3

v0.75.1, 1 November 2018

• JS: Hot fixes for VersionResolver

v0.75.0, 1 November 2018

• JS: First attempt at handling JS peer dependencies

v0.74.26, 1 November 2018

• Handle case with no previous dependabot PRs

v0.74.25, 1 November 2018

• Use chore as semantic commit message if it is being used

v0.74.24, 1 November 2018

• Yarn: Fix resolved url in lockfile for dependencies installed from GitHub using the shorthand syntax (without host)

v0.74.23, 1 November 2018

• Python: Handle upper bound changes when new version has fewer digits than old one

v0.74.22, 31 October 2018

• Python: Handle custom python versions when using Poetry

v0.74.21, 31 October 2018

• JS: Bump yarn from 1.10.1 to 1.12.1

v0.74.20, 31 October 2018

• Python: Don't use python-version declared in .python-version file
• JS: Save some requests when fetching path dependencies
• Python: Bump poetry from 0.11.5 to 0.12.5

v0.74.19, 30 October 2018

• Add Azure as a known source
• Rust: Handle yanked versions in UpdateChecker when not using a lockfile

v0.74.18, 29 October 2018

• Python: Handle 403s more intelligently in UpdateChecker

v0.74.17, 29 October 2018

• Rust: Handle resolvability errors that exist in the initial requirements

v0.74.16, 28 October 2018

• .NET: Look up property values that include further indirection
• .NET: Store the root property name when parsing dependencies (not the top-level one)

v0.74.15, 28 October 2018

• Elixir: Ignore nonexistent apps_path
• JS: Consider global registry in RegistryFinder
• JS: Handle timeout errors from private registries in FileUpdater
• JS: Fall back to global registry, rather than registry.npmjs.org, in RegistryFinder

v0.74.14, 28 October 2018

• Maven: Raise a PrivateSourceAuthenticationFailure if auth stopped us finding any versions of a dependency
• Maven: Don't hit password protected registries without password
• Maven: More careful caching of dependency metadata in VersionFinder

v0.74.13, 27 October 2018

• Python: Make requirement updating logic depend on whether a lockfile is present

v0.74.12, 27 October 2018

• Python: Only update poetry dev dependency requirements if the update is required

v0.74.11, 26 October 2018

• Python: Raise a DependencyFileNotResolvable error for yanked dependencies

v0.74.10, 26 October 2018

• Rust: Handle invalid names in manifest files (assuming no lockfile)

v0.74.9, 26 October 2018

• Ignore merge commits when determining whether conventional commits are in use

v0.74.8, 25 October 2018

• Go: Add method to look up Go paths without using Go (for environments where we don't have the binaries)

v0.74.7, 25 October 2018

• dep: rewrite vcs remote lookup in go using native library
• Paginate through long lists of labels

v0.74.6, 25 October 2018

• JS: Don't update the attribute for git dependencies in npm6 lockfiles
• Rust: Guard against trying to update dependencies with multiple source types

v0.74.5, 25 October 2018

• Go (modules): Update the go.sum if present
• JS: Use lockfile to determine global registry if a .yarnrc exists but doesn't specify it

v0.74.4, 25 October 2018

• Python: Use pip-tools' --allow-unsafe option when required

v0.74.3, 25 October 2018

• Python: Fix typo

v0.74.2, 24 October 2018

• Python: Handle Pipenv updates that need Python two

v0.74.1, 24 October 2018

• Go: Add go_modules into the metadata finders map

v0.74.0, 24 October 2018

• Go: Less broken support for Go modules, now in a separate package manager

v0.73.87, 24 October 2018

• Python: More Python version management

v0.73.86, 24 October 2018

• Python: Don't use a user's .python-version when running our own python helpers

v0.73.85, 24 October 2018

• Elixir: Better timeout logic
• JS: Add test that having a frozen Yarn lockfile doesn't affect file updating
• Python: Better Python version detection, and management

v0.73.84, 23 October 2018

• Java: Normalise date versions before comparing

v0.73.83, 23 October 2018

• Python: Fetch .python-version files
• Elixir: Don't overwrite @latest_resolvable_version in UpdateChecker
• Python: Add an additional Pipenv retry
• Elixir: Handle (ignore) timeouts

v0.73.82, 23 October 2018

• JS: Switch all ssh URLs to ssl when updating a package-lock.json

v0.73.81, 22 October 2018

• Ruby: Handle ignore requirements which prevent the current version

v0.73.80, 22 October 2018

• Reject changelog candidates that have an invalid encoding

v0.73.79, 22 October 2018

• .NET: Ensure Directory.Build.props is fetched

v0.73.78, 22 October 2018

• Python: More robust pip config file updating
• Python: Check resolvability of all requirement files in PipCompileVersionResolver
• Python: Recursively determine order to compile pip-compile files

v0.73.77, 21 October 2018

• Python: Catch another equality matcher case

v0.73.76, 21 October 2018

• Python: Handle cascading pip-compile requirements when updating files
• Python: Better handling of pip-compile errors during version resolution
• Python: More robust child requirement file path building

v0.73.75, 21 October 2018

• Gradle: Handle dependency sets nicely in PR creator

v0.73.74, 21 October 2018

• Gradle: Add support for dependencySet dependencies
• Python: Handle Poetry file updates without a lockfile

v0.73.73, 20 October 2018

• Handle directory paths that instead point to a file
• Ruby: Handle equality matcher when determining required comment change

v0.73.72, 20 October 2018

• Java: Trim v-prefixes from version strings when comparing
• JS: Handle 401s in same way as 403s when updating npm lockfiles

v0.73.71, 20 October 2018

• JS: Raise a PrivateSourceAuthenticationFailure error when we can't find deps from private sources
• Ruby: More careful sanitization of gemspecs

v0.73.70, 19 October 2018

• Python: Raise original error if retrying on Python 2.7

v0.73.69, 19 October 2018

• Python: Add Cython as a dependency

v0.73.68, 18 October 2018

• Python: Stricter index finding regex
• Python: Ensure local version is unset after each check

v0.73.67, 17 October 2018

• Python: Support poetry.lock
• Python: Less strict suffix removal

v0.73.66, 15 October 2018

• Python: Switch to Pipenv 2018.10.13

v0.73.65, 15 October 2018

• Python: Handle unfixable requirements gracefully

v0.73.64, 14 October 2018

• JS: Ensure lockfile updates for Yarn workspace have the correct requirements

v0.73.63, 14 October 2018

• Rust: Don't unlock version is support files during update check

v0.73.62, 13 October 2018

• JS: Handle dist tags when updating the lockfile only

v0.73.61, 13 October 2018

• Handle unexpected 409s from GitHub when fetching files

v0.73.60, 12 October 2018

• JS: Better expansion of workspace paths (fix paths starting './')

v0.73.59, 12 October 2018

• JS: Handle git dependencies without a resolution in the lockfile

v0.73.58, 12 October 2018

• JS: Handle git dependencies where the resolved source uses a slash, not a #

v0.73.57, 11 October 2018

• .NET: Handle dependency_urls tags that start with a number
• Python: Handle single equality sign matcher (Poetry)

v0.73.56, 11 October 2018

• Ruby: Sanitize gemspec version property when assigned to File.read(..)

v0.73.55, 11 October 2018

• Python: Use git commit for pipenv

v0.73.54, 10 October 2018

• Bump Python and Go versions, and add LANG environment variable (Dockerfile)
• JS: Add first version of Yarn subdependency updating

v0.73.53, 9 October 2018

• Update Pipenv to 2018.10.9

v0.73.52, 8 October 2018

• Prefer lower versions when parsing dependencies into DependencySet

v0.73.51, 8 October 2018

• JS: More multiple-source handling
• Python: Handle replacement for strings separated with a period

v0.73.50, 8 October 2018

• PHP: Mark Composer path dependencies as support files

v0.73.49, 8 October 2018

• Make GitCommitChecker more lenient about multiple git sources

v0.73.48, 8 October 2018

• Python: Bump pip from 18.0 to 18.1
• Python: Bump pip-tools from 3.0.0 to 3.1.0
• Rust: Handle dependencies with multiple sources in file fetcher

v0.73.47, 7 October 2018

• Bump Bundler and Rust versions in Dockerfile
• Go: More robust git source lookup
• JS: Handle npm bug (by serving a resolvability error)

v0.73.46, 6 October 2018

• Python: Ensure Pipenv uses Pip 18.0

v0.73.45, 6 October 2018

• Ruby: Don't update to pre-release versions during full_unlock
• JS: Stricter source finding

v0.73.44, 4 October 2018

• Elixir: Handle nil requirements in file preparer

v0.73.43, 4 October 2018

• JS: Handle outdated git requirement in parser
• JS: Handle yarn workspaces that use nohoist

v0.73.42, 4 October 2018

• JS: Use yarnrc file to build basis of npmrc file if present

v0.73.41, 4 October 2018

• Python: Fetch Pipenv, Poetry and pip-tools files first
• If multiple changelogs are present, pick one that includes the version

v0.73.40, 4 October 2018

• Docker: Don't try to handle SHA versions even if there is a 'latest' tag

v0.73.39, 4 October 2018

• Docker: Exclude versions that are just a SHA

v0.73.38, 3 October 2018

• PHP: Detect OR separator in use and replicate it
• Docker: Add filter for SHA-like suffices to Docker version checking

v0.73.37, 3 October 2018

• Python: Better file updater requirement comparison
• JS: Ignore dependencies with multiple sources

v0.73.36, 3 October 2018

• Docker: Don't assume that private registries use 'libraries' prefix

v0.73.35, 2 October 2018

• Docker: Speed up UpdateChecker
• Introduce new support_file attribute on DependencyFile instances

v0.73.34, 1 October 2018

• Python: Ignore dependencies with a < or <= python version marker

v0.73.33, 1 October 2018

• Better PR number sanitization
• Docker: Handle 403s during tag and digest fetching

v0.73.32, 1 October 2018

• More robust Bitbucket commit lookup

v0.73.31, 30 September 2018

• JS: Handle npm lockfiles that specify a numeric version for a git dependency

v0.73.30, 29 September 2018

• Docker: Handle 403 responses when authenticating

v0.73.29, 29 September 2018

• Docker: Handle AWS ECR hosted images

v0.73.28, 29 September 2018

• Elixir: Always use 3dp when using >= matcher
• Elixir: Improve check_update logic

v0.73.27, 28 September 2018

• Ruby: Sanitize require_paths, rather than require_path

v0.73.26, 28 September 2018

• Ruby: Sanitize require_path in gemspec

v0.73.25, 28 September 2018

• Take even more care when processing upload packs

v0.73.24, 28 September 2018

• Python: More precise lookup of requirement to update in requirements.txt
• PHP: Raise PrivateSourceTimedOut error if private sources time out

v0.73.23, 28 September 2018

• Add BitBucket support in FileFetcher

v0.73.22, 28 September 2018

• JS: Consider shrinkwraps when trying to determine a version
• More robust lookup of branch/ref git SHA

v0.73.21, 27 September 2018

• JS: Handle workspace path that is just an asterisk

v0.73.20, 27 September 2018

• Ruby: Only fetch path gemspecs once
• JS: Add version and private keys to helper package.json files

v0.73.19, 27 September 2018

• JS: Bump @dependabot/yarn-lib from 1.10.0 to 1.10.1
• JS: Better check for Yarn version

v0.73.18, 26 September 2018

• JS: Bump @dependabot/yarn-lib from 1.9.4 to 1.10.0 in /helpers/yarn

v0.73.17, 25 September 2018

• JS: Retry 500s from registry using different auth strategy

v0.73.16, 25 September 2018

• JS: Handle multiple private registries with the same host
• JS: Remove npm bug workaround
• Handle multiple GitHub credentials

v0.73.15, 25 September 2018

• Ruby: Don't sanitize gemspec descriptions (may be used alongside summary)
• Go: Handle +incompatible suffices
• Python: Bump pip-tools from 2.0.2 to 3.0.0 in /helpers/python

v0.73.14, 24 September 2018

• Ruby: Handle HEREDOC strings when sanitizaing gemspec

v0.73.13, 24 September 2018

• Ruby: Fix tests and gemspec sanitization

v0.73.12, 24 September 2018

• JS: Handle private registries that end with a trailing slash
• Better error path sanitization
• Ruby: More aggressive gemspec sanitization

v0.73.11, 24 September 2018

• .NET: Exclude dependency declarations that use interpolation
• Python: Handle names that need to be sanitized when looking up in Pipfile.lock

v0.73.10, 23 September 2018

• .NET: Handle mutli-dependency property updates

v0.73.9, 23 September 2018

• .NET: Handle inherited properties in FileUpdater

v0.73.8, 22 September 2018

• .NET: Handle inherited properties in PropertyValueFinder

v0.73.7, 21 September 2018

• Go: Better determination of whether a dependency is using Dep
• .NET: Fetch Directory.Build.props files
• Docker: Remove unneeded "type" key in source details

v0.73.6, 21 September 2018

• Rust: Recognise branch not found errors and raise then

v0.73.5, 21 September 2018

• Ruby: Sanitize gemspec by removing all File.read calls
• Always sanitize file paths in errors

v0.73.4, 21 September 2018

• Gradle: Stricter regex for groupId and artifactId parts

v0.73.3, 20 September 2018

• Python: Fix bug in Poetry file preparation
• Go: Add workaround for Dep bug with gopkg.in/fsnotify.v1

v0.73.2, 20 September 2018

• Gradle: Stricter regex for groupId and artifactId parts
• Python: Pip Poetry git dependencies correctly

v0.73.1, 20 September 2018

• Maven: Use Maven default groupID when parsing plugins that don't specify one
• Maven: Handle plugins which don't specify a groupId in FileUpdater

v0.73.0, 20 September 2018

• BREAKING: Update the base branch of a PR when updating it, if necessary. If you weren't passing a Source with a branch when updating PRs which had a custom base branch you will now need to

v0.72.21, 20 September 2018

• Maven: Allow multi-dependency property updates where some deps can't be found
• Maven: Update setting parser regexp to quote project name

v0.72.20, 19 September 2018

• Gradle: Better property value parsing (fixes FileUpdater regex problem)

v0.72.19, 19 September 2018

• Rust: Ensure FileUpdater only updates version of the dependency being considered

v0.72.18, 19 September 2018

• Gradle: Ignore commented out declarations in settings.gradle
• Gradle: Ignore missing projects

v0.72.17, 19 September 2018

• Gradle: Handle custom path declarations in settings.gradle

v0.72.16, 19 September 2018

• Python: Raise same error for all dependencies if handling resolution issue
• JS: Handle badly specified requirements more gracefully

v0.72.15, 18 September 2018

• Go: Handle switches from git source to version source when using a go.mod

v0.72.14, 18 September 2018

• Fix Dependabot::Source regex

v0.72.13, 18 September 2018

• Go: Specify a branch when parsing git dependencies (even if nil)

v0.72.12, 18 September 2018

• Gradle: Update properties that are inherited

v0.72.11, 18 September 2018

• Go: Assume go.mod dependencies are being pinned to a ref if using git version
• JS: More specific package.json section updating
• JS: Update peer dependencies if updating a dev dependency

v0.72.10, 18 September 2018

• Go: Parse git dependencies in go.mod as git dependencies

v0.72.9, 17 September 2018

• JS: Don't attempt to update symlinked dependencies
• JS: Remove JFrog workaround

v0.72.8, 17 September 2018

• JS: Add workaround for JFrog bug

v0.72.7, 17 September 2018

• Rust: Consider replace section when determining path dependencies to pull down

v0.72.6, 17 September 2018

• Go: Fix modules parser import (and add test)

v0.72.5, 17 September 2018

• Bump Rust version in Dockerfile, and remove Java, Gradle and Groovy
• Go: Handle Gopkg.toml files without any constraints

v0.72.4, 17 September 2018

• JS: Update npm-shrinkwrap files

v0.72.3, 16 September 2018

• Gradle: Ignore dependencies that use properties we can't find
• .NET: Parse property versions
• .NET: Handle property value updates in FileUpdater
• .NET: Only attempt to update properties that affect a single dependency

v0.72.2, 15 September 2018

• Go: Add PathConverter util and use it in UpdateChecker and MetadataFinder

v0.72.1, 15 September 2018

• Go: Strip v from parsed go modules versions
• Go: Add "v" prefix to go.mod versions in FileUpdater

v0.72.0, 15 September 2018

• Go: Add initial support for modules

v0.71.21, 15 September 2018

• Gradle: Don't allow '@' characters in dependency names

v0.71.20, 14 September 2018

• Maven: Evaluate properties in Maven repos whenever possible

v0.71.19, 14 September 2018

• Gradle: Handle wildcard requirements in Utils::Java::Requirement
• Gradle: Update dynamic version requirements correctly

v0.71.18, 13 September 2018

• Maven: Fix requirement updating for versions with multiple dashes

v0.71.17, 13 September 2018

• Gradle: handle properties prefixed with properties, too
• Gradle: Update lines that include a property in their name

v0.71.16, 13 September 2018

• Gradle: Better property lookup logic

v0.71.15, 13 September 2018

• Gradle: Look up repository URLs based on the current project and its root
• Gradle: Don't parse Gradle Witness lines

v0.71.14, 13 September 2018

• Gradle: Don't update SHA versions

v0.71.13, 13 September 2018

• Gradle: Strip out comments before parsing files

v0.71.12, 12 September 2018

• Gradle: Ignore bad URLs

v0.71.11, 12 September 2018

• Rust: Handle creating versions from existing versions

v0.71.10, 12 September 2018

• Gradle: Switch dependency and repository parsing to be regex-based
• Rust: Don't error on versions with build metadata

v0.71.9, 12 September 2018

• .NET: Handle .nuproj file dependency declarations
• Gradle: Use regex to parse settings.gradle

v0.71.8, 12 September 2018

• .NET: Handle bespoke project extensions

v0.71.7, 12 September 2018

• Better monorepo handling in ReleaseFinder

v0.71.6, 12 September 2018

• .NET: Handle custom feeds without authentication details

v0.71.5, 11 September 2018

• Ruby: Update subdependencies to a specific version

v0.71.4, 11 September 2018

• .NET: Actually cache latest_version_details
• .NET: Ensure requirements don't change if req stays the same

v0.71.3, 11 September 2018

• JS: Handle 403s in NpmLockfileUpdater
• JS: Handle npm inconsistencies better when updating Yarn lockfiles

v0.71.2, 11 September 2018

• JS: Better sanitization of escaped whitespace

v0.71.1, 11 September 2018

• .NET: Process repos even if all dependency files can't be fetched

v0.71.0, 11 September 2018

• BREAKING: Rename nuget_repository credential to nuget_feed

v0.70.7, 11 September 2018

• Python: Minor parsing improvement

v0.70.6, 10 September 2018

• PHP: Handle packages provided by another package

v0.70.5, 10 September 2018

• Python: Implement PEP-0503 properly (replace runs of characters with a single dash)
• Python: Add workaround for Pipfile.lock not normalising quoted names fully

v0.70.4, 10 September 2018

• Python: Stop swallowing errors when parsing setup.py
• Python: Add alternative approach to parsing setup.py files
• Python: Fall back to new parsing approach in setup.py sanitization

v0.70.3, 9 September 2018

• Elm: Treat indirect dependencies as sub-dependencies
• Elm: Raise DependencyFileNotParseable errors for invalid JSON
• Elm: More error handling in update checker

v0.70.2, 9 September 2018

• Elm: Use Elm 0.19 update checker if an elm.json is present

v0.70.1, 9 September 2018

• Elm: Add elm.json to the list of updated files for Elm

v0.70.0, 9 September 2018

• Add support for Elm 0.19
• Updates the container Dependabot Core uses to v0.1.31 (which includes both Elm 0.18 and Elm 0.19)

v0.69.43, 8 September 2018

• .NET: Switch to using search endpoint to find versions for v3 repos. Means that unlisted dependencies will be excluded
• .NET: Exclude unlisted dependencies fetched using v2 API

v0.69.42, 7 September 2018

• Ruby: Handle rubygems responses without a source_code_uri key (happens for private repos)

v0.69.41, 6 September 2018

• Python: Handle invalid requirements in requirements.txt files
• Python: Normalise name before checking if dep already exists

v0.69.40, 6 September 2018

• Go: Clean up not found regex
• Ruby: Handle source_code_uri directories correctly

v0.69.39, 6 September 2018

• Go: Better regex for dep repo access issues

v0.69.38, 6 September 2018

• Rust: Don't prune out toolchain unnecessarily

v0.69.37, 5 September 2018

• Rust: Raise error if nightly version required and no rust-toolchain provided
• Python: Ignore git dependencies for Poetry (for now)

v0.69.36, 5 September 2018

• Assume no prereleases for git dependencies without a tag
• Python: Raise a resolvability error for bad Python ranges in Pipfile
• Python: Sanitize setup.py before use with pip-tool in UpdateChecker
• Python: Sanitize setup.py before use with pip-tool in FileUpdater

v0.69.35, 5 September 2018

• Ruby: Handle gemfiles that are just a comment in GemfileChecker

v0.69.34, 5 September 2018

• Exclude pre-release tags in GitCommitChecker

v0.69.33, 5 September 2018

• Python: Don't parse dependencies that won't be updated in FileUpdater

v0.69.32, 5 September 2018

• Truncate long commit message subject lines
• Make Python label colour less ugly

v0.69.31, 5 September 2018

• Use source API endpoint in labeler
• Bump poetry from 0.11.4 to 0.11.5

v0.69.30, 4 September 2018

• Docker: Store tag when parsing Dockerfile
• Docker: Update source tag in UpdateChecker
• Docker: Do file updating based on changes to requirement sources

v0.69.29, 4 September 2018

• Elixir: Handle multiline declarations that need to be updated
• Ruby: Handle gemspec updates when Gemfile has now default source

v0.69.28, 4 September 2018

• Ruby: Handle JFrog permissions error

v0.69.27, 4 September 2018

• Terraform: Swap error class

v0.69.26, 4 September 2018

• Terraform: Raise resolvability error for invalid registry sources

v0.69.25, 4 September 2018

• JS: Look for path dependencies that start with "/", too
• JS: Parse file dependencies that start with a '/' as file dependencies

v0.69.24, 4 September 2018

• JS: Fetch / create path dependencies that don't prefix 'file:'

v0.69.23, 4 September 2018

• Ruby: Upgrade list of known rubies, and raise if unsatisfied

v0.69.22, 3 September 2018

• Update DockerRegistry client, and use new digest method
• Docker: Update digest logic
• Docker: Handle digest-only updates in PR creator

v0.69.21, 3 September 2018

• Python: Handle hash versions in FileParser

v0.69.20, 3 September 2018

• Python: Update requirements.txt if it is an output from Pipenv

v0.69.19, 3 September 2018

• Python: Parse Pipfiles without a Pipfile.lock
• Python: Parse dependencies from multiple sources
• Python: Allow Pipfile without Pipfile.lock in FileFetcher and FileParser
• Python: Handle Pipfiles without a Pipfile.lock in FileUpdater
• Python: Firm up logic around resolution manager selection in UpdateChecker
• Python: Firm up logic around resolution manager selection in FileUpdater
• Python: Add test for FileUpdater with only a Pipfile

v0.69.18, 2 September 2018

• Rust: Fetch rust-toolchain file if present
• Rust: Write rust-toolchain before shelling out to cargo

v0.69.17, 2 September 2018

• Python: Don't double-wrap git credentials

v0.69.16, 2 September 2018

• Python: Catch bad reference errors and raise them as such
• Python: Raise a GitDependenciesNotReachable error for unreachable Pipfile deps

v0.69.15, 2 September 2018

• Python: Set git credentials before resolving Pipfiles

v0.69.14, 2 September 2018

• Python: Handle edited Pipfile.lock in file preparer

v0.69.13, 2 September 2018

• Python: Handle Pipfile.lock with string versions
• Add files ending in tfvars to updated_files_regex

v0.69.12, 1 September 2018

• Terraform: Handle Terragrunt files, too

v0.69.11, 1 September 2018

• Java: Handle properties with numeric components more sensitively

v0.69.10, 31 August 2018

• Docker: Consider tags of latest version when determining if release is a pre

v0.69.9, 31 August 2018

• PHP: Ignore errors that happened during lockfile generation, as long as lockfile generated successfully

v0.69.8, 30 August 2018

• Python: Appease pip-tools, and spec that requirements are included
• Python: Remove pbr requirement

v0.69.7, 30 August 2018

• Python: Add pbr as a requirement

v0.69.6, 30 August 2018

• Python: Sanitize setup.cfg, too

v0.69.5, 30 August 2018

• JS: Bump npm from 6.4.0 to 6.4.1
• Python: Fetch setup.cfg if present
• Python: Check whether setup.py is using pbr
• Python: Handle setup.py files that use a name == 'main' structure

v0.69.4, 29 August 2018

• Java: Handle hard requirements

v0.69.3, 29 August 2018

• Java: Extend requirement class to understand range requirements

v0.69.2, 27 August 2018

• PHP: Better handling of git sources

v0.69.1, 27 August 2018

• Java: Handle bad GitHub URLs in POMs
• Handle changelog headers that start with ==

v0.69.0, 27 August 2018

• Rename bump_versions_if_needed to bump_versions_if_necessary

v0.68.8, 25 August 2018

• Pass preview header when creating dependencies label

v0.68.7, 25 August 2018

• Terraform: Add proper requirements updater class. that ensures ~> ... requirements are updated properly
• Terraform: Add version and requirement classes to preserve pre-release formatting

v0.68.6, 24 August 2018

• Python: Sanitize setup.py for use with Pipenv

v0.68.5, 24 August 2018

• Terraform: Handle registry dependencies in update checker

v0.68.4, 23 August 2018

• Terraform: Handle config files with a duplicated git source

v0.68.3, 23 August 2018

• Terraform: Return Gem::Version objects from latest_version, not strings

v0.68.2, 23 August 2018

• Terraform: Parse version out of git reference

v0.68.1, 23 August 2018

• Terraform: Test requirements_unlocked_or_can_be? method (and fix it!)

v0.68.0, 23 August 2018

• Terraform: Initial support

v0.67.8, 22 August 2018

• Python: Handle unmet markers in a pip-compile requirements file

v0.67.7, 22 August 2018

• Ruby: Handle out-of-sync git version for dependency

v0.67.6, 22 August 2018

• Docker: Handle nonexistent directories

v0.67.5, 21 August 2018

• Elm: Update version finder to handle new Elm website (now with JSON API!)

v0.67.4, 21 August 2018

• JS: Add InconsistentRegistryResponse error, and raise it when npm can't yet use latest release

v0.67.3, 21 August 2018

• JS: Handle empty package-lock.json when updating a git dependency

v0.67.2, 21 August 2018

• Docker: Fetch custom named files (as long as they contain "dockerfile")
• Docker: Handle parsing multiple files in FileParser
• Docker: Update multiple files at once in FileUpdater
• Docker: Handle requirement changing in some files but not all

v0.67.1, 21 August 2018

• Docker: Parse multiple identical FROM lines in a Dockerfile as a single dependency

v0.67.0, 21 August 2018

• Ruby: Bump Bundler to 1.16.4. This is considered a BREAKING change as you will need to update the Bundler version in whatever environment you run Dependabot in

v0.66.29, 20 August 2018

• Docker: Raise PrivateSourceAuthenticationFailure error for private registries on dockerhub

v0.66.28, 20 August 2018

• Make dependencies label regex looser
• JS: Nicer JS label colour

v0.66.27, 20 August 2018

• Ruby: Sanitize gemspecs more thoroughly

v0.66.26, 19 August 2018

• .NET: Handle csproj PackageReference lines that specify an Update, not an Include
• Ruby: Less ugly label colour

v0.66.25, 18 August 2018

• Add option to label language when creating PRs

v0.66.24, 18 August 2018

• Java: Better repo lookup (handle monorepos much better)

v0.66.23, 17 August 2018

• Label PRs with major, minor and patch if those labels exist

v0.66.22, 17 August 2018

• JS: Handle path dependencies specified by workspace packages

v0.66.21, 17 August 2018

• Ruby: Ignore timeouts from Rubygems
• Python: Handle empty versions (convert them to 0)

v0.66.20, 17 August 2018

• Escape issue number references prefixed with a backslash
• PHP: Upgrade Composer to 1.7.2
• JS: Retry more timeouts if Yarn resolution fails

v0.66.19, 16 August 2018

• Ignore existing dependency labels that contain a slash when checking for default

v0.66.18, 16 August 2018

• Symbolise requirements_update_strategy before passing to RequirementsUpdater

v0.66.17, 15 August 2018

• JS: Minimal sanitization of package.json content everywhere, with tests

v0.66.16, 15 August 2018

• JS: Minimal sanitization of package.json content
• Python: Detect poetry libraries
• Python: Parse private poetry sources properly
• Python: Always bump the version of Poetry dev dependencies
• Python: Add poetry definition for production deps

v0.66.15, 15 August 2018

• Java: Handle timeouts when looking up metadata
• Python: Handle Poetry requirements better

v0.66.14, 14 August 2018

• .NET: Handle wildcard versions

v0.66.13, 14 August 2018

• Bump groovy-all from 2.5.0 to 2.5.2
• Accept a custom branch name separator
• Python: Handle || requirements (used in Poetry)

v0.66.12, 14 August 2018

• Python: Add poetry files to rebase triggering regexes

v0.66.11, 14 August 2018

• Revert "Fix flaky spec using SharedHelpers.in_a_temporary_directory"

v0.66.10, 14 August 2018

• Python: Handle pyproject.toml requirement updates
• Python: Handle ~ and ^ requirements (for poetry)
• JS: Improve caret version handling

v0.66.9, 14 August 2018

• Python: Handle unparseable pipfile when fetching indexes
• Ruby: Don't raise error if locking Ruby version to one in gemspec causes problems
• Python: Rescue JSON::ParserError, not JSON::ParseError

v0.66.8, 13 August 2018

• Python: Fix missing method

v0.66.7, 13 August 2018

• Python: Add initial support for Poetry

v0.66.6, 12 August 2018

• Go: Make requirement update style configurable

v0.66.5, 10 August 2018

• Rust: Better support for glob workspace declarations

v0.66.4, 10 August 2018

• Ruby: Fix requirement replacer when no previous requirement is passed

v0.66.3, 10 August 2018

• Ruby: Maintain whitespace before comments in Gemfile / gemspec

v0.66.2, 10 August 2018

• Python: Handle subdependencies in PipfileVersionResolver

v0.66.1, 9 August 2018

• Add requirements_update_strategy option to UpdateChecker, and use it to determine how to update JS requirements

v0.66.0, 9 August 2018

• BREAKING: Pass target branch via source, rather than as a separate option, when passing it to PullRequestCreator

v0.65.0, 9 August 2018

• Better directory lookup in Dependabot::Source
• BREAKING: Pass target branch via source, rather than as a separate option, when passing it to FileFetcher

v0.64.17, 8 August 2018

• Python: Raise DependencyFileNotParseable error for unparseable Pipfiles

v0.64.16, 8 August 2018

• Ruby: Don't accidentally unlock other top-level dependencies in FileUpdater
• JS: Don't raise a resolvability error if package.json is currently resolvable
• PHP: Bump composer/composer from 1.7.0 to 1.7.1

v0.64.15, 7 August 2018

• Add milestones to PRs if requested

v0.64.14, 6 August 2018

• Ruby: Handle git sources that multiple dependencies use

v0.64.13, 6 August 2018

• Ruby: Reject dependencies that don't update in ForceUpdater

v0.64.12, 6 August 2018

• Ruby: Use (simple) custom unlocking logic in UpdateChecker

v0.64.11, 6 August 2018

• Ruby: Handle another category of yanked subdependencies

v0.64.10, 6 August 2018

• Ruby: Patch Bundler to avoid mutating conflict trees

v0.64.9, 6 August 2018

• PHP: Always write PHP errors on shutdown

v0.64.8, 6 August 2018

• PHP: Better error text for composer plugin clashes

v0.64.7, 6 August 2018

• PHP: Handle incompatible flex versions

v0.64.6, 5 August 2018

• PHP: Bump Composer to 1.7.0

v0.64.5, 5 August 2018

• .NET: Use v2 API for look up latest version when required

v0.64.4, 5 August 2018

• .NET: Ignore v2 package APIs for now

v0.64.3, 4 August 2018

• Elm: Don't update groups to nil

v0.64.2, 4 August 2018

• Elm: Return an empty array for groups, not nil

v0.64.1, 4 August 2018

• Elm: Fix file fetcher method dependence

v0.64.0, 4 August 2018

• Elm: Initial support (v0.18 only)

v0.63.29, 2 August 2018

• Ruby: Unlock all subdependencies when checking for resolvability

v0.63.28, 2 August 2018

• JS: Prioritise getting version for package.json's requirement

v0.63.27, 2 August 2018

• JS: Handle subdependencies that import a git dependency properly
• Add PHP extensions to dockerfile
• Refactor JS file updaters into separate classes
• Bump npm from 6.2.0 to 6.3.0

v0.63.26, 1 August 2018

• Ruby: Handle custom default sources correctly in LatestVersionFinder

v0.63.25, 1 August 2018

• Ruby: Handle updates blocked by a subdependency in the FileUpdater

v0.63.24, 1 August 2018

• Maven: Use packaging type 'pom' for parent nodes

v0.63.23, 31 July 2018

• JS: Handle git:// dependencies that upgrade across versions

v0.63.22, 31 July 2018

• JS: Raise error if no files change in FileUpdater

v0.63.21, 31 July 2018

• Elixir: Handle projects without a mix.lock

v0.63.20, 30 July 2018

• Rust: Update feature build-dependencies

v0.63.19, 30 July 2018

• Maven: Raise DependencyFileNotFound for missing modules

v0.63.18, 30 July 2018

• JS: Back to Yarn 1.9.2 (now fixed!)

v0.63.17, 30 July 2018

• JS: Revert Yarn upgrade, until https://github.com/yarnpkg/yarn/issues/6174 is fixed or handled

v0.63.16, 29 July 2018

• Python: Fetch all .txt and .in files and check if they're requirement files, as well as all .txt and .in files nested one repo deeper

v0.63.15, 29 July 2018

• Go: Use go-get=1 trick to find git source URLs for unrecognised names

v0.63.14, 29 July 2018

• Go: Ignore constraints for dependencies that don't appear in the lockfile
• JS: Update npm sub-dependencies

v0.63.13, 29 July 2018

• Go: Handle projects that import themselves in their main.go

v0.63.12, 28 July 2018

• Maven: Don't fetch child poms stored in submodules (we can't update them)

v0.63.11, 28 July 2018

• Maven: Handle submodules when fetching files

v0.63.10, 28 July 2018

• Maven: Fix release checking so it actually checks the file type

v0.63.9, 28 July 2018

• JS: Change library behaviour back for repos without a lockfile

v0.63.8, 27 July 2018

• Go: Use GOPATHs in temp dirs when shelling out to dep

v0.63.7, 27 July 2018

• Go: Make updated version format match original format when using tags

v0.63.6, 26 July 2018

• Go: Don't parse version as a requirement for git dependencies

v0.63.5, 26 July 2018

• Go: Protect against nil latest_resolvable_version (for previous rubygems version)
• Go: Handle dependencies that specify a tag as a version

v0.63.4, 26 July 2018

• JS: Handle substring git reference versions
• Gradle: Silence persistent bug (replace with pending spec)

v0.63.3, 26 July 2018

• Go: Raise Dependabot::GitDependenciesNotReachable error for unreachable git dependencies

v0.63.2, 26 July 2018

• Go: Better library detection (pull down all top-level Go files)

v0.63.1, 26 July 2018

• Go: Update app requirements differently to library requirements

v0.63.0, 26 July 2018

• Elixir: Use Elixir v1.7.0 (which includes hex resolver changes)
• Go: Make use of new information in dep v0.5.0 lockfiles, if available
• Go: Update dep behaviour to work with dep v0.5.0 (i.e., create digests)

v0.62.5, 25 July 2018

• Go: Fix file update generation for branches

v0.62.4, 25 July 2018

• Go: Don't try to lock revision for branch updates

v0.62.3, 25 July 2018

• Go: Don't import internal packages

v0.62.2, 25 July 2018

• Go: Import all packages that were used in lockfile
• Go: Handle git dependencies correctly in metadata finder

v0.62.1, 25 July 2018

• Go: Import packages, not projects

v0.62.0, 25 July 2018

• Go: Initial support (no vendoring, library-style manifest updates)

v0.61.99, 25 July 2018

• Ruby: Handle "." paths in the lockfile

v0.61.98, 24 July 2018

• Rust: Fix path dependency sanitization in FileUpdater

v0.61.97, 23 July 2018

• Fetch more files on GitLab

v0.61.96, 23 July 2018

• Rust: Better handling of workspace errors

v0.61.95, 23 July 2018

• JS: Handle git dependencies with auth details embedded in URL
• Rust: Don't update versions in path dependencies

v0.61.94, 20 July 2018

• Ruby: Don't error for outdated lockfile git dependencies

v0.61.93, 20 July 2018

• Ruby: Preserve non-standard ordering of git dependencies in lockfile

v0.61.92, 20 July 2018

• JS: More sophisticated handling of globs when considering workspaces / Lerna files

v0.61.91, 20 July 2018

• JS: Handle path expansion of multiple asterisks

v0.61.90, 20 July 2018

• JS: Store version as git SHA for git dependencies using Yarn
• JS: Fall back to when an updated version can't be found

v0.61.89, 20 July 2018

• Gradle: Handle dependencies that aren't listed in Google's repository

v0.61.88, 20 July 2018

• Python: Raise a resolvability error if original Pipfile can't be resolved

v0.61.87, 19 July 2018

• JS: Better handling of lerna requirements in FileUpdater

v0.61.86, 19 July 2018

• JS: Add details of the file that was being updated when an error occurred

v0.61.85, 19 July 2018

• Ruby: Special case handling of Bundler in UpdateCheckers::LatestVersionFinder

v0.61.84, 18 July 2018

• JS: Overwrite npm's checkPlatform method

v0.61.83, 18 July 2018

• Ruby: Set git credentials before trying to find latest version of git dependency

v0.61.82, 18 July 2018

• JS: Ignore aliased dependencies (for now)

v0.61.81, 18 July 2018

• .NET: Handle directory deletions in FileFetcher

v0.61.80, 17 July 2018

• .NET: Handle updates for imported property files properly

v0.61.79, 17 July 2018

• Ruby: Don't artificially insert Bundler version in FileParser

v0.61.78, 17 July 2018

• Handle rare case where filtering releases yields an empty array
• Fetch 100 last releases in MetadataFinder, not 30

v0.61.77, 17 July 2018

• JS: Don't try to update workspace packages

v0.61.76, 17 July 2018

• JS: Don't double-fetch path dependencies
• Fix blank line after truncated vulnerability details text
• Ruby: Use Bundler 1.16.3

v0.61.75, 16 July 2018

• JS: Ignore bad npm responses for git dependencies

v0.61.74, 16 July 2018

• Handle commit messages where the entire message is just a linebreak!

v0.61.73, 16 July 2018

• Handle commit messages that start with a linebreak

v0.61.72, 14 July 2018

• PHP: Handle 403s in FileUpdater
• JS: Handle missing package errors better
• JS: Raise DependencyFileNotEvaluatable for workspace errors

v0.61.71, 14 July 2018

• Dockerfile: Switch to gnupg2
• JS: Bump npm

v0.61.70, 13 July 2018

• Python: Allow single component versions with a pre-release

v0.61.69, 13 July 2018

• JS: Treat temporary npm 500 as a 404

v0.61.68, 13 July 2018

• Ruby: Handle rubygems server timeouts in MetadataFinder

v0.61.67, 13 July 2018

• Python: Handle whitespace in pip compile requirements
• Ruby: Automatically retry some Bundler errors
• Dockerfile: Use Ubuntu 18.04

v0.61.66, 12 July 2018

• Ruby: Fix inconsistency between UpdateChecker and FileUpdater that caused rare bug

v0.61.65, 11 July 2018

• JS: Handle 405s from registry when checking git dependencies

v0.61.64, 11 July 2018

• JS: Relax requirement that all workspaces specified in package.json are fetchable

v0.61.63, 11 July 2018

• JS: Better handling of Lerna lockfiles (not all will need to be updated)

v0.61.62, 10 July 2018

• JS: Add support for Lerna. Dependabot will now pull down your lerna.json file, parse it, and pull down all of the relevant packages for your project. Dependabot PRs for repos using Lerna will update all of your packages at once (if you'd prefer to receive a single PR per packages you can manually add each package as a separate directory in Dependabot).

v0.61.61, 10 July 2018

• JS: Exclude prereleases of next version when building ruby req of caret requirement

v0.61.60, 09 July 2018

• JS: Parse Yarn lockfiles to build path dependencies, too

v0.61.59, 09 July 2018

• Ruby: Don't try to rescue using a string
• JS: Build an imitation path dependency package.json when required

v0.61.58, 08 July 2018

• PHP: Handle empty lockfiles

v0.61.57, 06 July 2018

• Don't misinterpret GitHub downtime as repos being more generally unreachable

v0.61.56, 05 July 2018

• Rust: Fetch path dependencies for target-specific deps

v0.61.55, 05 July 2018

• Python: Handle errors installing futures on Python 3

v0.61.54, 05 July 2018

• Rust: Better file updating of feature dependencies (handle repeated case properly)
• Gradle: Correct caching of properties in FileParser

v0.61.53, 05 July 2018

• Python: Handle requirement.txt dependency reqs that are a substring of another requirement
• Python: Handle pip-compile dependency requirements that are a substring of another requirement

v0.61.52, 04 July 2018

• .NET: Handle PackageReference lines without a version requirement

v0.61.51, 02 July 2018

• Rust: Handle updating multiple requirements in a single manifest file

v0.61.50, 02 July 2018

• PHP: Don't error when updating subdependencies that are no longer required

v0.61.49, 02 July 2018

• JS: Handle environment variables in npmrc URLs

v0.61.48, 02 July 2018

• JS: Catch more git authentication / repo not found errors

v0.61.47, 01 July 2018

• Python: Update Pipenv to 2018.7.1

v0.61.46, 29 June 2018

• Python: More Pipenv woe. Revert version further (oops!)

v0.61.45, 29 June 2018

• Python: Revert Pipenv version again :-(

v0.61.44, 29 June 2018

• Rust: Handle yanked Rust versions in FileUpdater
• Elixir: more aggressive timeout handling
• Move git config logic into SharedHelpers
• Update Dockerfile for new PHP extension

v0.61.43, 29 June 2018

• Fix git credential reset logic

v0.61.42, 29 June 2018

• Update semantic-release commit messages to be compliant with @commitlint/config-conventional

v0.61.41, 28 June 2018

• PHP: Handle composer.json files that ask for nonexistent path dependency repos but don't need them

v0.61.40, 28 June 2018

• JS: Handle case where a subdependency introduces a git requirement

v0.61.39, 28 June 2018

• .NET: Fetch ProjectReference files

v0.61.38, 27 June 2018

• Python: Handle another form of Python 2.7 resolvability issue

v0.61.37, 27 June 2018

• JS: Retry registry errors during yarn.lock update

v0.61.36, 27 June 2018

• JS: Retry npm registry errors in VersionResolver

v0.61.35, 27 June 2018

• Update GitLab default API endpoint to remove trailing slash
• Use source api endpoint in gitlab client for using self host gitlab
• JS: Set git credentials when switching from ssh to ssl in FileUpdater

v0.61.34, 26 June 2018

• Python: Bump Pipenv version back to 2018.6.25 (with some special handling)
• Python: Use Python 2.7.15 instead of 2.7.14

v0.61.33, 26 June 2018

• Python: Revert back to Pipenv 2018.5.18

v0.61.32, 26 June 2018

• Label security fix PRs with a security label

v0.61.31, 26 June 2018

• Handle changelogs with comparison links in their headers
• Add custom labels to PR as long as some exist

v0.61.30, 25 June 2018

• Handle private GitLab sources in CommitsFinder

v0.61.29, 25 June 2018

• Python: Use latest pipenv
• Maven: Find nested plugin dependency declarations

v0.61.28, 25 June 2018

• PHP: Set git credentials when doing Composer updates (to handle no-api updates)

v0.61.27, 25 June 2018

• PHP: Don't remove no-api settings from composer.json in FileUpdater

v0.61.26, 24 June 2018

• PHP: Use GitHub API when resolving versions

v0.61.25, 22 June 2018

• Add scope to semantic commit messages

v0.61.24, 22 June 2018

• Better handling of monorepo tags
• JS: Replace all git url config when initially setting

v0.61.23, 22 June 2018

• PHP: Switch ssh git URLs to use ssl instead
• JS: Clean up gitconfig changes even if error occurs

v0.61.22, 22 June 2018

• JS: Handle more git URL types

v0.61.21, 22 June 2018

• Add another PHP extension to dockerfile
• Clean up git config after Rust update checks
• JS: Fix FileUpdater for SSH URLs by setting git config

v0.61.20, 22 June 2018

• Raise internal error if npm updates can't reach an ssh URL

v0.61.19, 21 June 2018

• .NET: Keep track of the files we've fetched better (avoids duplicate requests)

v0.61.18, 21 June 2018

• .NET: Allow repos with just a .sln file at the top level
• Ruby: More specific check for private registries
• Elixir: Pin erlang version in Dockerfile

v0.61.17, 21 June 2018

• .NET: Ignore failed imports (until we handle properties we can't rely on the paths)

v0.61.16, 21 June 2018

• .NET: Fetch project files referenced in .sln files

v0.61.15, 21 June 2018

• Ruby: Retry more errors in FileUpdater
• .NET: Handle capitalisation of packages.config file
• .NET: Handle more dependency file names when considering rebasing

v0.61.14, 20 June 2018

• Python: Fix requirement filtering when using pip-compile with uncompiled files

v0.61.13, 19 June 2018

• .NET: Handle packages.config files in FileUpdater
• .NET: Add parser for packages.config dependencies

v0.61.12, 19 June 2018

• .NET: Use credentials provided to access private repositories
• .NET: Fetch credentials from nuget.config file, too, if present
• .NET: Raise PrivateSourceAuthenticationFailure when auth fails for custom repos

v0.61.11, 19 June 2018

• .NET: Set repo details as source in UpdateChecker (for use later in MetadataFinder)
• .NET: Use dependency source in MetadataFinder if present
• Java: Handle java-specific versions in Utils::Java::Requirement class

v0.61.10, 18 June 2018

• .NET: Handle custom repositories (without auth details)

v0.61.9, 18 June 2018

• Rust: Preserve pre-release formatting in Utils::Rust::Requirement

v0.61.8, 17 June 2018

• Dotnet: First version of support for NuGet

v0.61.7, 15 June 2018

• PHP: Handle OR requirements in new version_from_requirements check

v0.61.6, 15 June 2018

• Improve issue tag sanitization

v0.61.5, 15 June 2018

• Rust: Better detection of lowest version in requirement
• Rust: Handle latest_allowable_versions that are lower than the current version
• All: Add check that new version is greater than permitted by old requirements

v0.61.4, 15 June 2018

• Python: Handle version ranges separated by commas in Python::Requirement
• PHP: Handle unparseable composer.json files

v0.61.3, 14 June 2018

• JS: Avoid downloading huge version arrays when possible

v0.61.2, 13 June 2018

• Rust: Ensure manifest-only setups don't downgrade

v0.61.1, 13 June 2018

• Handle Requests changelog version underline character
• Ruby: Handle invalid Ruby in FileFetcher

v0.61.0, 12 June 2018

• BREAKING: Rename PrivateSourceNotReachable to PrivateSourceAuthenticationFailure (since we now have PrivateSourceTimedOut)
• Docker: Permit non-standard registries without credentials
• Refactor specs

v0.60.8, 12 June 2018

• Rust: Check for latest allowable version in UpdateChecker

v0.60.7, 11 June 2018

• Elixir: Revert "Remove unused subdependencies after update"

v0.60.6, 11 June 2018

• Elixir: Handle git dependencies in umbrella apps correctly

v0.60.5, 11 June 2018

• Elixir: Remove unused subdependencies after update

v0.60.4, 10 June 2018

• Ruby: Ignore bad responses when checking Ruby version compatibility

v0.60.3, 10 June 2018

• First version of GitLab PR creator. This library can now be used to dependabot-script to create PRs on GitLab

v0.60.2, 09 June 2018

• Add logging for strange type error
• Add GitLab support to PullRequestCreator::MessageBuilder
• Split GitHub logic out of PullRequestUpdater (turns out to be all of it!)
• Ruby: Handle timeouts when checking if Ruby version is incompatible
• PHP: Include additional extension in Dockerfile (ext-intl)

v0.60.1, 08 June 2018

• Handle timeouts in Ruby metadata finder
• Add timeout defaults to all Excon calls

v0.60.0, 08 June 2018

• PHP: Respect platform requirements if they are set
• Update groovy to 2.5.0, and add PHP extensions to Dockerfile

v0.59.53, 07 June 2018

• JS: Better ignore of package-lock.json if asked to in .npmrc

v0.59.52, 07 June 2018

• Ignore unprocessable entity errors when adding labels (work around GitHub bug)

v0.59.51, 06 June 2018

• JS: Better sanitization of package.json in FileParser
• JS: Handle npm lockfiles with missing version information

v0.59.50, 06 June 2018

• JS: Better caching in UpdateChecker
• JS: Handle package.json files with escaped whitespace

v0.59.49, 06 June 2018

• Python: Bug fix - don't double-update compiled requirement files

v0.59.48, 06 June 2018

• Python: Handle uncompiled requirement files in PipCompileFileUpdater

v0.59.47, 06 June 2018

• Python: Resolve pip-compile sub-dependencies in the context of their compile files in UpdateChecker

v0.59.46, 05 June 2018

• Python: Include requirements.txt requirement in parsed req if no pip-compile file
• Python: Handle sub-dependency updates within a pip-compile setup

v0.59.45, 05 June 2018

• Python: Pull private sources out of Pipfiles for quicker update checking
• Python: Don't try to handle pip-compile subdependencies
• Python: Use requirements.txt updater in FileUpdater if sub-dep

v0.59.44, 05 June 2018

• Python: Handle updating dependencies for which we can't find a latest version

v0.59.43, 05 June 2018

• Python: Select resolution type based on dependency requirements, not files

v0.59.42, 05 June 2018

• Maven: Handle versions without numbers in RequirementsUpdater

v0.59.41, 05 June 2018

• JS: Better timeout error handling

v0.59.40, 05 June 2018

• JS: Add timeout logic to version resolver
• JS: Raise PrivateSourceNotReachable error when a private source times out

v0.59.39, 04 June 2018

• Rust: Handle blank requirements in FileParser

v0.59.38, 04 June 2018

• Rust: Convert ssh URLs to https in UpdateChecker
• Rust: Handle ssh git dependencies in FileUpdater

v0.59.37, 04 June 2018

• JS: Handle empty package-lock.json files

v0.59.36, 04 June 2018

• JS: Fix replaceDeclaration function, and test that it works for tricky case

v0.59.35, 04 June 2018

• Ignore failure to add team collaborators to PRs
• Maven: Handle versions that start non-numeric

v0.59.34, 02 June 2018

• Maven: Check for a jar on repository before selecting a version

v0.59.33, 02 June 2018

• Handle unlikely case of release without a tag name

v0.59.32, 31 May 2018

• Gradle: Handle ignored versions
• Maven: Consider type suffix when determining version to update to
• Maven: Handle credential URLs with login details in UpdateChecker

v0.59.31, 30 May 2018

• PHP: Fix bug in subdependency updates

v0.59.30, 29 May 2018

• Elixir: Update to specific version in FileUpdater

v0.59.29, 29 May 2018

• JS: Handle another npm error type

v0.59.28, 29 May 2018

• Elixir: Consider ignore requirements when determining latest resolvable version
• Improve FilePreparer to lookup existing version from requirements

v0.59.27, 29 May 2018

• JS: Handle git reference errors in FileUpdater

v0.59.26, 29 May 2018

• Fall back to GitHub git data API for large files

v0.59.25, 28 May 2018

• Elixir: Consider ignore conditions when determining latest version
• PHP: Catch out of memory errors in FileUpdater

v0.59.24, 28 May 2018

• Python: Raise a DependencyFileNotEvaluatable for impossible requirements

v0.59.23, 28 May 2018

• Maven: Continue processing if only some dependencies use inaccessible properties

v0.59.22, 28 May 2018

• Maven: Clearer error message when property can't be found

v0.59.21, 28 May 2018

• Ruby: Consider ignored versions when determining latest resolvable version. This might sound innocuous but it's a significant improvement over previous behaviour: if a user chooses to ignore Rails 5, for example, they'll now continue to receive updates to Rails 4 if/when they're released. Bring Ruby support in-line with Python, PHP, Java and JS, where this is already offered.

v0.59.20, 28 May 2018

• Java: More careful updating for property versions
• Ruby: Update to the version given in FileUpdater (don't just unlock)
• Ruby: Include upper bound in FilePreparer if given a latest_allowable_version

v0.59.19, 26 May 2018

• Python: Preserve custom headers in pip-compile generated files
• Update rubygems and add libmysqlclient-dev to dockerfile
• Better version string sanitization for presentation of vulnerabilities

v0.59.18, 26 May 2018

• PHP: Only catch out of memory errors in shutdown handler

v0.59.17, 25 May 2018

• JS: Consider ignored versions when determining version to update to
• JS: Update FileUpdater to install a specific version

v0.59.16, 25 May 2018

• PHP: Ignore ignored versions when checking latest version
• PHP: Consider ignored versions when determining version to update to
• PHP: Update to the specific version given in dependency.version in FileUpdater

v0.59.15, 24 May 2018

• JS: Raise unhandled error if FileUpdater fails to find the version we're updating to

v0.59.14, 24 May 2018

• PHP: Unlock subdependencies when updating top-level ones

v0.59.13, 24 May 2018

• JS: Tailor authentication type for global registry based on credentials

v0.59.12, 24 May 2018

• Maven: Handle multiple identical declarations
• JS: Use npm 6.1.0

v0.59.11, 24 May 2018

• Gradle: Fix property updater
• Maven: Fix single-dependency property updating, and make RequirementsUpdater clearer

v0.59.10, 24 May 2018

• Maven: Handle updating a dependency that is managed by multiple properties

v0.59.9, 24 May 2018

• Maven: Preserve base directory when updating a property value

v0.59.8, 24 May 2018

• Maven: Make DeclarationFinder more discerning (don't confuse property versions with straight declarations)

v0.59.7, 24 May 2018

• Python: Add full stops to name sanitization regex in UpdateChecker

v0.59.6, 23 May 2018

• Ruby: Retry version resolution if a private source may be to blame for a resolvability error
• Ruby: Remove unnecessary RuntimeError handling

v0.59.5, 23 May 2018

• JS: More robust lookup of global registry

v0.59.4, 23 May 2018

• JS: Add workaround for Yarn workspaces bug

v0.59.3, 23 May 2018

• Ruby: Switch back to just using lockfile path dependencies if a lockfile is present (otherwise conditionals in the lockfile can cause problems)

v0.59.2, 22 May 2018

• Python: Consider ignored versions when determining updates for pip-compile setups

v0.59.1, 22 May 2018

• Better presentation of vulnerability details in PR description

v0.59.0, 22 May 2018

• BREAKING Python: Use Python 2.7 with pip-compile if required
• Ruby: Augment lockfile path dependencies with gemfile ones

v0.58.35, 22 May 2018

• JS: Handle 5xx responses from registry more gracefully in MetadataFinder
• JS: Handle timeouts from the registry more gracefully

v0.58.34, 21 May 2018

• Ruby: Handle cases where only pre-release versions exist

v0.58.33, 21 May 2018

• Identify changelogs headers underlined with ====

v0.58.32, 21 May 2018

• Ruby: Consider ignored versions when determining latest version
• Python: Consider ignore conditions when calculating latest resolvable version for Pipfile

v0.58.31, 21 May 2018

• Python: Consider ignored versions in UpdateChecker

v0.58.30, 21 May 2018

• Maven: Raise a DependencyFileNotParseable error for missing properties

v0.58.29, 21 May 2018

• Handle git URLs that already have credentials in GitCommitChecker

v0.58.28, 21 May 2018

• Python: Unlock dependencies with non-normalised names correctly

v0.58.27, 21 May 2018

• Python: Handle multiple-requirements that get reordered during file parsing

v0.58.26, 20 May 2018

• Don't duplicate headers in release notes (check for them in release body)

v0.58.25, 20 May 2018

• Use emoji in PR title for gitmoji commits
• Java (Maven and Gradle): Use short name for Java PRs

v0.58.24, 19 May 2018

• Python: Handle non-unlocking case properly

v0.58.23, 19 May 2018

• Python: Keep existing options when updating a requirements.txt file generated by pip-compile

v0.58.22, 18 May 2018

• Handle switches from numeric to git sources (happens when lockfile is out-of-date)

v0.58.21, 18 May 2018

• Python: Unlock bounds in pip-config files when necessary to update

v0.58.20, 18 May 2018

• Python: Use normalised dependency names (rather than using the unnormalised name)

v0.58.19, 18 May 2018

• Python: Add support for pip-compile files (i.e., requirements.in and friends). Initial support is very rough.

v0.58.18, 18 May 2018

• JS: Handle "402: Payment required" responses from npmjs

v0.58.17, 17 May 2018

• If token is likely to be Basic auth, use Basic auth

v0.58.16, 17 May 2018

• Remove any "\n" characters from generated Basic auth tokens

v0.58.15, 17 May 2018

• Elixir: Handle regex versions in FileParser

v0.58.14, 17 May 2018

• Test against updated Elixir, Rust and Bundler
• Fix Bundler 1.16.2 change and remove redundant Rust tests
• Add test for JRuby support

v0.58.13, 16 May 2018

• Maven: Exclude ignored versions when looking for version to update to

v0.58.12, 15 May 2018

• Java (Maven & Gradle): Better metadata lookup (check parent for GitHub URLs)

v0.58.11, 15 May 2018

• Maven: Support custom maven_repositories passed as credentials

v0.58.10, 15 May 2018

• PHP: Handle dependencies replaced in composer.json

v0.58.9, 15 May 2018

• Rust: Raise resolvability error if the lockfile can't be parsed

v0.58.8, 15 May 2018

• Rust: Ensure correct versions are installed in FileUpdater by temporarily specifying them in the Cargo.toml

v0.58.7, 14 May 2018

• Use gitmoji commit messages if repo uses them (thanks @mockersf)
• Rust: Update git tags if they look like versions

v0.58.6, 14 May 2018

• Ruby: Rescue from unevaluatable gemspecs

v0.58.5, 14 May 2018

• Ruby: Better gemspec filename lookup
• Rust: Add basic git dependency handling to FileUpdater
• Rust: Add basic git dependency handling to UpdateChecker
• Ruby: Use fetch when getting host from credentials

v0.58.4, 14 May 2018

• Filter credentials on type everywhere

v0.58.3, 14 May 2018

• JS: Handle socket errors when looking for registries
• Rust: Handle git dependencies in version resolver
• Rust: Add support for getting latest version of git dependencies

v0.58.2, 13 May 2018

• Expect git_source credentials to have a username and password (not a token)
• Add tests that all requests to the public GitHub instance can handle not having credentials (since they may not do for Enterprise installs)

v0.58.1, 13 May 2018

• Fix Dependabot::Source error when a string hostname was provided

v0.58.0, 13 May 2018

• BREAKING: Require a type attribute for git source credentials
• BREAKING: Require a hostname when specifying an api_endpoint for a Dependabot::Source
• PHP: Set credentials for all known git sources (means private Bitbucket and Gitlab repos are now supported)
• Rust: Set credentials for all known git sources (means private Bitbucket and Gitlab repos are now supported)

v0.57.0, 12 May 2018

• BREAKING: Expect a Dependabot::Source object as a FileFetcher argument
• BREAKING: Require Dependabot::Source to be passed to FileParsers (not repo string)
• BREAKING: Require Dependabot::Source as an argument to PR creator and updater
• Python: Bump pipenv from 11.10.4 to 2018.5.18
• Allow Dependabot::Source objects to be created with a custom API endpoint

v0.56.34, 12 May 2018

• Make GitCommitChecker agnostic between GitHub, Gitlab and Bitbucket

v0.56.33, 11 May 2018

• Use Bitbucket credentials in metadata lookup if present

v0.56.32, 11 May 2018

• Ruby: Handle version assignment to a variable in gemspec sanitizer

v0.56.31, 11 May 2018

• Prioritize longer credentials when looking for a match
• Handle redirects from http to https more robustly by excluding the default port

v0.56.30, 11 May 2018

• Check if credentials have a host before trying to match on it

v0.56.29, 11 May 2018

• Stop relying on being passed a credential type

v0.56.28, 11 May 2018

• Update GitCommitChecker to auth with non-GitHub sources

v0.56.27, 10 May 2018

• Support adding assignees to PRs

v0.56.26, 10 May 2018

• Python: Handle arbitrary equality matcher

v0.56.25, 10 May 2018

• PHP: Better handling of PHP plugins (don't disable them all)

v0.56.24, 10 May 2018

• PHP: Disable plugins during install

v0.56.23, 10 May 2018

• JS: Correct handling of Yarn workspaces specified with an object

v0.56.22, 10 May 2018

• JS: Handle Yarn workspace specification that uses objects instead of arrays

v0.56.21, 10 May 2018

• Handle reviewers hashes (rather than arrays)
• JS: Bump npm to 6.0.1

v0.56.20, 09 May 2018

• Support a reviewers option when creating PRs

v0.56.19, 09 May 2018

• PHP: Add support for path based dependencies

v0.56.18, 08 May 2018

• Gradle: More accurate dependency parser
• Gradle: Ignore InnerClassNodes during parsing

v0.56.17, 08 May 2018

• JS: Switch SSH for SSL in package-lock.json file updater

v0.56.16, 08 May 2018

• Ruby: Don't include temporary path details in issue text
• JS: Switch ssh git URLs for https during resolution

v0.56.15, 08 May 2018

• Rust: Set global credentials helper, with file in temporary directory

v0.56.14, 08 May 2018

• Rust: Back to local config (init git repo first)

v0.56.13, 08 May 2018

• Rust: Set global, not local, credentials helper

v0.56.12, 08 May 2018

• Rust: Set GitHub credentials when doing update runs

v0.56.11, 07 May 2018

• JS: Raise resolvability error for npm lockfiles which can't be resolved
• Python: Allow retries in Pipenv

v0.56.10, 07 May 2018

• Python: Bump Pipenv to 11.10.2

v0.56.9, 07 May 2018

• JS: Fix conversion of * requirement

v0.56.8, 07 May 2018

• Handle Gradle projects with sub-projects

v0.56.7, 05 May 2018

• Don't attempt to sanitize mentions with a / in them (they're scopes!)

v0.56.6, 05 May 2018

• Python: Quietly ignore error when updating to a new version that has a bad setup.py
• Python: Bump Pipenv commit

v0.56.5, 05 May 2018

• Gradle: Special case Google version lookup
• Python: Handle spaces before method calls
• JS: Retry calls to registry if they timeout

v0.56.4, 04 May 2018

• Gradle: Handle custom repositories

v0.56.3, 04 May 2018

• Gradle: Handle buildfiles with import statements
• Gradle: Upgrade groovy-all version
• Gradle: Better error messages when parsing fails

v0.56.2, 04 May 2018

• Gradle: Fix helper path

v0.56.1, 04 May 2018

• PHP: Bump Composer version

v0.56.0, 04 May 2018

• BREAKING: Use Groovy to parse Gradle files. Please update the container you run dependabot-core in to have Groovy available (e.g., use the latest dependabot/dependabot-core container).
• Gradle: Handle property version updates

v0.55.22, 03 May 2018

• Python: Improve error message when Pipfile can't be resolved

v0.55.21, 03 May 2018

• Python: Raise error for unresolvable Pipfiles

v0.55.20, 03 May 2018

• Ruby: Restrict force updates to pareto improvements

v0.55.19, 03 May 2018

• Ruby: Fix typo
• Create directory structure in temporary directories if required

v0.55.18, 02 May 2018

• Ruby: Allow Gemfiles and gemspecs to include files with require_relative

v0.55.17, 02 May 2018

• Sanitize branch names that would include dot-directories

v0.55.16, 02 May 2018

• Ruby: Don't exclude updated dependencies from force updater

v0.55.15, 02 May 2018

• Ruby: Raise error for unfetchable gemspec paths

v0.55.14, 02 May 2018

• Elixir: Move requirements array logic into requirements class
• PHP: Better requirement updating (preserve dev branches in or requirements)

v0.55.13, 02 May 2018

• Bump pipenv version
• JS: Handle ~> requirement matcher (treat as ~, rather than as Ruby ~>)

v0.55.12, 02 May 2018

• Java: Initial Gradle support (very basic)

v0.55.11, 01 May 2018

• Handle very bad changelog encodings
• Python: More robust handling of bad index page responses

v0.55.10, 01 May 2018

• Python: Handle bad URLs in metadata lookup

v0.55.9, 30 April 2018

• JS: Don't jump across pre-release versions

v0.55.8, 30 April 2018

• JS: Ignore deprecated versions when looking for source URL

v0.55.7, 30 April 2018

• JS: Exclude deprecated versions when looking for updates

v0.55.6, 30 April 2018

• Python: Handle version freezing for dependencies with extras more carefully

v0.55.5, 30 April 2018

• Python: Use keep-outdated as well as freezing

v0.55.4, 30 April 2018

• Python: Freeze dependencies manually, rather than with keep-outdated

v0.55.3, 30 April 2018

• Python: Source repo finding improvements

v0.55.2, 29 April 2018

• Clearer links to changelogs / release notes
• Minor improvement to changelog parsing
• Java: Look everywhere in the POM for a GitHub URL

v0.55.1, 29 April 2018

• Python: Looks at package homepage if URL can't be found in PyPI data
• Update PyPI URL for Warehouse

v0.55.0, 29 April 2018

• BREAKING: Use pyenv to manage Python version. This requires an update to the setup you use to run Dependabot Core - see the updated Dockerfile (basically you have to have pyenv installed)

v0.54.69, 27 April 2018

• Python: Write all dependency files when generating a new Pipfile.lock
• Python: Handle logging in setup.py (who would do that?!?)

v0.54.68, 27 April 2018

• PHP: Handle errors caused by new npm-signature downloader type

v0.54.67, 27 April 2018

• Python: Upgrade Pipenv to 11.10.1. Fixes some parser errors.

v0.54.66, 26 April 2018

• Ruby: Update all ssh URLs to use HTTPS

v0.54.65, 26 April 2018

• Python: Scrub updated source details from lockfile
• Python: Raise DependencyFileNotParseable for TOML that Pipenv can't handle

v0.54.64, 26 April 2018

• Java: Find property versions in profile properties
• Java: Handle inaccessible repositories in UpdateChecker

v0.54.63, 25 April 2018

• Java: Ignore repositories that aren't URLs

v0.54.62, 25 April 2018

• Java: More robust file fetching

v0.54.61, 25 April 2018

• Python: Handle private indexes timing out for requirements.txt dependencies

v0.54.60, 25 April 2018

• Python: Raise PrivateSourceNotReachable errors for Pipfile sources that can't be reached

v0.54.59, 25 April 2018

• Ignore changelogs which don't contain any relevant versions
• Reject blank tags / names during release finder lookup

v0.54.58, 25 April 2018

• Python: Handle html index responses in MetadataFinder

v0.54.57, 25 April 2018

• Java: Handle updates where the dependency appears multiple times, and one case is already up-to-date

v0.54.56, 24 April 2018

• JS: Use npm6 when end-user repository is

v0.54.55, 24 April 2018

• Java: Handle repeated dependencies in FileUpdater robustly

v0.54.54, 24 April 2018

• Python: Raise PrivateSourceNotReachable for Pipfiles with environment variables but no config

v0.54.53, 24 April 2018

• Python: Handle private registries in MetadataFinder

v0.54.52, 24 April 2018

• Python: Handle private sources in Pipfile

v0.54.51, 24 April 2018

• Java: Download parent POMs, when present, to allow property evaluation

v0.54.50, 24 April 2018

• Python: Better error for requirement files that use an unrecognised option

v0.54.49, 23 April 2018

• Java: Fix PropertyUpdater bug caused by incorrect declaration requirement selection

v0.54.48, 23 April 2018

• Ruby: Update gemspec to latest resolvable version if using equality matcher

v0.54.47, 23 April 2018

• JavaScript: Return the latest pre-release if it is specified in a latest tag and the user wants prereleases

v0.54.46, 23 April 2018

• Java: Handle extensions in FileUpdater

v0.54.45, 23 April 2018

• Java: Stricter property finding (tighter XPaths)
• Java: Evaluate properties whenever values are taken from POM

v0.54.44, 23 April 2018

• Allow metadata key in dependency requirements
• Java: Store property name when parsing dependencies
• Java: Use stored property name everywhere

v0.54.43, 23 April 2018

• Java: Fix typo in PropertyUpdater

v0.54.42, 23 April 2018

• Java: Better title for multi-dependency PRs
• Java: Cache DeclarationFinder in FileUpdater to avoid repeated calls to repositories
• Java: Use Java DeclarationFinder to get property name consistently everywhere

v0.54.41, 23 April 2018

• Java: Handle cases where parent POMs can't be fetched

v0.54.40, 22 April 2018

• Java: Check custom repositories when lookin for property declarations

v0.54.39, 22 April 2018

• Java: Handle custom repositories in MetadataFinder

v0.54.38, 22 April 2018

• Java: Better MetadataFinder CSS paths
• Java: Support use of custom repositories in UpdateChecker
• Java: Use main registry URL directly, not search API
• Java: Add comments for FileParser, and add extensions to list of updatable dependencies
• Elixir: Clean up requirement class

v0.54.37, 21 April 2018

• Java: Add requirements_unlocked_or_can_be? method to UpdateChecker
• Java: Remove duplicated code between PropertyValueFinder and PropertyValueUpdater

v0.54.36, 21 April 2018

• Java: Encode Maven URLs correctly in UpdateChecker and MetadataFinder
• Java: Handle remote parent poms in FileParser (will need work in UpdateChecker)

v0.54.35, 21 April 2018

• Java: Fix error message when a property can't be found

v0.54.34, 20 April 2018

• Java: Handle multimodule projects in FileFetcher, FileParser, UpdateChecker and FileUpdater

v0.54.33, 19 April 2018

• JS: Don't truncate pre-release versions in RequirementsUpdater

v0.54.32, 19 April 2018

• Ruby: Ignore gemspec versions specified with a constant

v0.54.31, 19 April 2018

• Ruby: Handle projects that import multiple top-level dependencies

v0.54.30, 19 April 2018

• Handle nil tag names in ReleaseFinder
• Move GemspecDependencyNameFinder namespace to FileUpdaters

v0.54.29, 18 April 2018

• Elixir: Ignore irrelevant Elixir warnings

v0.54.28, 18 April 2018

• Ruby: Better sanitization of path gemspecs

v0.54.27, 18 April 2018

• Ruby: Don't fetch contents for repos nested in submodules

v0.54.26, 18 April 2018

• Ruby: Handle submodule path dependencies

v0.54.25, 18 April 2018

• Java: Handle whitespace in pom.xml declarations

v0.54.24, 18 April 2018

• Accommodate difficult tag names in ReleaseFinder

v0.54.23, 17 April 2018

• Java: Implement Java version comparison based on Maven spec

v0.54.22, 17 April 2018

• Rust: Check for latest version differently when updating sub-dependencies

v0.54.21, 17 April 2018

• Elixir: Add support for private repos
• Ruby: Less opinionated update for equality matchers in gemspecs

v0.54.20, 17 April 2018

• Ruby: Require a latest_resolvable_version to update gemspec requirements

v0.54.19, 16 April 2018

• Ruby: More robust ruby requirement parsing

v0.54.18, 16 April 2018

• Java: Filter out date-based release numbers if that's not what's currently being used
• Java: Handle dependencies with multiple declarations in FileParser and UpdateChecker

v0.54.17, 16 April 2018

• Ruby: Handle resolution error caused by Ruby's CompactIndex occasionally being unavailable

v0.54.16, 16 April 2018

• Ruby: Cleaner path dependency fetching

v0.54.15, 16 April 2018

• Handle overflowing tables when truncating pull request details

v0.54.14, 16 April 2018

• Ruby: Handle file updates where the declaration is in an evaled Gemfile
• Move Dependabot::MetadataFinders::Base::Source to Dependabot::Source

v0.54.13, 15 April 2018

• Python: Silence error output in Python file updater

v0.54.12, 15 April 2018

• JS: Refactor UpdateChecker
• JS: Bump Yarn to 1.6.0

v0.54.11, 14 April 2018

• JS: Update Yarn resolutions when updating a dependency that specifies them

v0.54.10, 14 April 2018

• JS: Handle version requirements with a v prefix
• Python: Bump pip from 10.0.0.0b2 to 10.0.0

v0.54.9, 14 April 2018

• Java: Handle POM updates where the file uses a property with a suffix

v0.54.8, 14 April 2018

• Rust: Fix regex for updating feature dependencies
• JS: Handle package.json declarations with whitespace before the colon
• PHP: Handle composer.json declarations with whitespace before the colon

v0.54.7, 13 April 2018

• Python: Ignore specified Python versions in Pipfile during file updating, too

v0.54.6, 13 April 2018

• Python: Ignore specified Python versions in Pipfile (best we can do for now)

v0.54.5, 13 April 2018

• Ruby: Augment private gemserver info with Rubygems details if appropriate

v0.54.4, 13 April 2018

• Ruby: Handle Bundler::PathError in update checker

v0.54.3, 13 April 2018

• Python: Reject nil values from version resolver
• Python: Write setup.py when resolving a Pipfile
• Python: Further fix for path dependency handling with Pipfile
• Handle nested Ruby path dependencies

v0.54.2, 12 April 2018

• Python: Bump pip to 10.0.0.0b2

v0.54.1, 12 April 2018

• Python: Add version resolver for Pipenv

v0.54.0, 12 April 2018

• BREAKING: Pass credentials to PullRequestCreator and PullRequestUpdater instead of a client

v0.53.38, 12 April 2018

• Ruby: Test that auth details are passed to gem server in MetadataFinder
• Ruby: Treat private rubygems sources more like default sources in MetadataFinder

v0.53.37, 12 April 2018

• JS: Handle JavaScript::Version being created with a version class (not a string)
• Java: Cache latest version in update checker

v0.53.36, 12 April 2018

• JS: Handle versions prefixed with a v in utils classes

v0.53.35, 11 April 2018

• Ruby: Fetch changelogs for private source dependencies

v0.53.34, 11 April 2018

• JS: Better sanitization of npmrc files

v0.53.33, 11 April 2018

• JS: Filter out nil requirements in update checker (when updating git dependencies)

v0.53.32, 11 April 2018

• Implement Requirement.requirements_array for all languages

v0.53.31, 11 April 2018

• Ruby: Prepare files to ensure only updates are possible

v0.53.30, 10 April 2018

• Python: Handle empty version strings in Utils::Python::Version
• PHP: Handle array entries for "extra" in composer.lock

v0.53.29, 9 April 2018

• Rust: Handle old-format lockfiles

v0.53.28, 9 April 2018

• PHP: Add patches back to lockfile after update (if required)

v0.53.27, 9 April 2018

• Handle badly named releases

v0.53.26, 9 April 2018

• Better release note filtering (will mean release notes are included in PRs even if the latest version doesn't have any)

v0.53.25, 9 April 2018

• Look at release tag_name before looking at release name

v0.53.24, 9 April 2018

• Update Elixir and PHP versions
• PHP: Raise Dependabot::DependencyFileNotResolvable error for invalid version constraints

v0.53.23, 6 April 2018

• Rust: Handle feature dependencies that have a feature removed in the new version

v0.53.22, 6 April 2018

• Elixir: Ignore dependency updates that would cause diverging environment requirements

v0.53.21, 6 April 2018

• Ruby: Even more gemspec sanitization (this time for splatted requirements)

v0.53.20, 6 April 2018

• Ruby: Ignore requirements specified with a ternary operator and an expression

v0.53.19, 6 April 2018

• Include previous release notes in PR if valuable, even if the latest version doesn't have any (but previous versions do)

v0.53.18, 5 April 2018

• PHP: Ensure version requirements don't decrease, and refactor UpdateChecker

v0.53.17, 5 April 2018

• Ruby: Fix gemspec version sanitization from string versions

v0.53.16, 5 April 2018

• Ruby: More aggressive gemspec sanitization

v0.53.15, 5 April 2018

• Rust: Handle dependencies with multiple versions properly in UpdateChecker

v0.53.14, 5 April 2018

• PHP: Handle branch names with a number in them

v0.53.13, 5 April 2018

• Rust: Ignore patched dependencies (for now)

v0.53.12, 5 April 2018

• JS: Handle nonexistent dependencies

v0.53.11, 5 April 2018

• PHP: Add hack for updating composer.json correctly

v0.53.10, 4 April 2018

• Fix GitHub file contents error that was being caused by mutated arguments

v0.53.9, 4 April 2018

• Ruby: Use source of dependency from lockfile and Gemfile combined in UpdateChecker

v0.53.8, 4 April 2018

• PHP: Use vcs repository types, not git ones

v0.53.7, 3 April 2018

• Python: Handle odd Python requirements
• Ruby: Fall back to lockfile if no source information in Gemfile

v0.53.6, 3 April 2018

• Show vulnerability version range depending on kind of range passed

v0.53.5, 3 April 2018

• Handle comma separated requirement strings in Utils::Php::Requirement

v0.53.4, 2 April 2018

• Create Utils::Ruby::Requirement class

v0.53.3, 2 April 2018

• Truncate long vulnerability descriptions
• Include source details for security vulnerabilities

v0.53.2, 2 April 2018

• Add [security] prefix to PR names for PRs that fix vulnerabilities

v0.53.1, 2 April 2018

• Display vulnerability details in PR text if passed them

v0.53.0, 2 April 2018

• BREAKING: Move Version and Requirement classes into Utils namespace

v0.52.30, 1 April 2018

• Add convenience methods for accessing version and requirement classes

v0.52.29, 31 March 2018

• Rust: Target latest version, not latest resolvable version, for libraries

v0.52.28, 31 March 2018

• Rust: Handle repos without a lockfile in UpdateCheckers::VersionResolver

v0.52.27, 31 March 2018

• Ruby: Sanitize gemspec using GemspecSanitizer class everywhere

v0.52.26, 31 March 2018

• Ruby: Sanitize require_relative lines from gemspec

v0.52.25, 31 March 2018

• Rust: Handle feature dependencies

v0.52.24, 31 March 2018

• Rust: Add resolvability check to UpdateChecker

v0.52.23, 30 March 2018

• JS: Handle registry timeouts when looking through private registries

v0.52.22, 30 March 2018

• Rust: Use --aggressive update if conservative one fails

v0.52.21, 30 March 2018

• Rust: Handle projects that use workspaces

v0.52.20, 29 March 2018

• Rust: Handle multi-version dependencies in FileUpdater
• Rust: Add support for workspaces to FileFetcher

v0.52.19, 29 March 2018

• JS: Use package-lockfile-only option
• Add workaround for npm git dependency issues

v0.52.18, 29 March 2018

• More logging for strange GitHub array error

v0.52.17, 29 March 2018

• Rust: More specs, and error if no files are updated in FileUpdater

v0.52.16, 29 March 2018

• Rust: Raise errors when file updating fails

v0.52.15, 29 March 2018

• Rust: Drop use of --precise when updating files

v0.52.14, 29 March 2018

• Rust: Get relevant versions in FileParser when there are multiple available

v0.52.13, 28 March 2018

• Ruby: Always include pre-release details in requirement if updating to one

v0.52.12, 28 March 2018

• Ruby: Handle the prerelease part of versions separately when updating requirements

v0.52.11, 28 March 2018

• JS: Fix scoped registry URL

v0.52.10, 28 March 2018

• JS: Scope private registries to the scoped packages they're intended for

v0.52.9, 28 March 2018

• JS: Avoid yarn bug by always authing when Basic credentials are present

v0.52.8, 28 March 2018

• JS: Handle Basic auth in FileUpdater

v0.52.7, 28 March 2018

• JS: Use Basic auth to get latest version when appropriate

v0.52.6, 28 March 2018

• JS: Include global auth token when building a global registry npmrc

v0.52.5, 28 March 2018

• JS: Fix typo

v0.52.4, 28 March 2018

• JS: Use lockfile to build .npmrc file, if required and not committed

v0.52.3, 28 March 2018

• JS: Rely on RegistryFinder for constructing all dependency URLs

v0.52.2, 28 March 2018

• Rust: Add support for Cargo.toml files with path dependencies

v0.52.1, 28 March 2018

• JS: Fix bug in git dependency handling
• Rust: Only try to update lockfile if we were given one to start with

v0.52.0, 27 March 2018

• First version of Rust support

v0.51.20, 25 March 2018

• Ruby: Handle yanked dependencies

v0.51.19, 24 March 2018

• Handle GitHub contents error in MetadataFinder

v0.51.18, 24 March 2018

• JS: Use npm 5.8.0

v0.51.17, 23 March 2018

• JS: Don't try to downgrade requirement files that have pinned to a post-latest version

v0.51.16, 23 March 2018

• Docker: Move digest fetching to UpdateChecker

v0.51.15, 23 March 2018

• Docker: Handle file updates where a tag and digest have been specified

v0.51.14, 23 March 2018

• Fix encoding error when fetching changelogs

v0.51.13, 23 March 2018

• Ruby: Don't try to replace requirement if using a ternary operator

v0.51.12, 22 March 2018

• Return subdependencies from JS FileParsers (imperfectly)

v0.51.11, 22 March 2018

• Fix typo

v0.51.10, 22 March 2018

• Allow punctuation after GitHub issue / PR numbers when creating links
• JS: Refactor registry lookup into separate class
• JS: Split library detection out of UpdateChecker

v0.51.9, 22 March 2018

• JS: Handle private sources when we don't have a lockfile

v0.51.8, 22 March 2018

• Java: Handle property version suffixes in update checker

v0.51.7, 22 March 2018

• Java: Handle versions that come partially from a property

v0.51.6, 22 March 2018

• Sanitize GitHub links

v0.51.5, 22 March 2018

• Raise BranchNotFound error when getting a branch's head commit fails

v0.51.4, 21 March 2018

• Automatically retry strange GitHub error

v0.51.3, 21 March 2018

• Handle null bodies in release notes

v0.51.2, 20 March 2018

• Ruby: More robust requirements_unlocked_or_can_be? implementation

v0.51.1, 20 March 2018

• JS: Handle git dependencies that have never been released

v0.51.0, 20 March 2018

• JS: Update from git commit refs/branches to released versions

v0.50.56, 20 March 2018

• Add UpdateCheckers#requirements_unlocked_or_can_be? method

v0.50.55, 19 March 2018

• Retry Octokit::BadGateway errors

v0.50.54, 19 March 2018

• Don't pull down changelogs over 1mb

v0.50.53, 19 March 2018

• Add newline after changelog truncation

v0.50.52, 19 March 2018

• Update git dependencies that specify a reference along with a full URL

v0.50.51, 19 March 2018

• Return false early in UpdateCheckers#can_update? when checking whether a library can be updated without unlocking its requirements

v0.50.50, 18 March 2018

• PHP: Only fetch composer URLs when looking for registry details

v0.50.49, 18 March 2018

• PHP: Handle unexpected data from private registries

v0.50.48, 18 March 2018

• Python: Use pip 9.0.2
• Ruby: Update commit SHAs should come from tag (because that's what Gemfile stores)

v0.50.47, 16 March 2018

• PHP: Spec private registry behaviour, and add better error messages for it

v0.50.46, 16 March 2018

• PHP: Fix PHP Updater bug (oops!)

v0.50.45, 16 March 2018

• PHP: Pass registry credentials to Composer

v0.50.44, 16 March 2018

• Rescue all commit URL NotFound errors
• JS: Cache updated requirements in UpdateChecker

v0.50.43, 15 March 2018

• Java: Handle non-numeric versions
• Ignore lost races when creating PRs

v0.50.42, 15 March 2018

• Add logging for rare GitHub error

v0.50.41, 15 March 2018

• Handle commit diffs with no common ancestor

v0.50.40, 14 March 2018

• Reverse commits order (most recent first)
• Better changelog importing when changelog is appended at bottom
• Bump pipenv from 11.7.4 to 11.8.0

v0.50.39, 14 March 2018

• Link tags in changelogs correctly

v0.50.38, 14 March 2018

• Include upgrade guide in dependency tabs
• Sanitize template tags in changelogs

v0.50.37, 14 March 2018

• Better changelog intro text
• Better display of SHA version is PRs
• Use 7 digits for SHA branch names, not 6
• Fix broken method name

v0.50.36, 14 March 2018

• Fall back to tag name in ReleaseFinder#releases_text

v0.50.35, 14 March 2018

• Better release note parsing for PRs
• Use Pipenv 11.7.1

v0.50.34, 14 March 2018

• Fix release sorting

v0.50.33, 14 March 2018

• More robust PR message builder
• Truncate long changelogs
• Add fullstop to changelog source line
• Better release sorting
• More robust changelog sorting

v0.50.32, 14 March 2018

• Better changelog line detection

v0.50.31, 14 March 2018

• Fix encoding bug during PR creation
• Better referencing of changelog source

v0.50.30, 14 March 2018

• Pull changelogs into PR descriptions

v0.50.29, 13 March 2018

• Java: Fix Java argument in UpdateChecker

v0.50.28, 13 March 2018

• Java: Ignore versions that can't be matched

v0.50.27, 13 March 2018

• Java: Better POM property substitution in MetadataFinder

v0.50.26, 13 March 2018

• Escape @mentions in PR body

v0.50.25, 13 March 2018

• JS: Only de-dop the dependency we're updating
• Ruby: Update commit SHAs should come from commit, not tag

v0.50.24, 13 March 2018

• Better commits view for pull requests
• Add embedded release notes to PRs

v0.50.23, 12 March 2018

• Never return nil from CommitsFinder#commits
• Add release_text method to ReleaseFinder

v0.50.22, 12 March 2018

• Use details tab for commit details, if they're all we're including in PR

v0.50.21, 12 March 2018

• Elixir: Use commit SHA, not tag SHA, when updating git references

v0.50.20, 12 March 2018

• Fix handling of git commit tags (non-semver)

v0.50.19, 12 March 2018

• Python: only do Pipfile file updates if a lockfile is also present
• Java: Find property-based dependencies in branch namer correctly

v0.50.18, 12 March 2018

• Handle Elixir dependencies without a requirement in UpdateChecker
• Automatically retry GitHub 500s
• Python: Use Pipenv 11.5.2

v0.50.17, 11 March 2018

• Elixir: Don't change lockfile format during update
• Python: Use Pipenv 11.3.3

v0.50.16, 11 March 2018

• Allow hyphens in git tags and refs

v0.50.15, 11 March 2018

• Elixir: Add support for updating pinned git dependencies

v0.50.14, 10 March 2018

• Add specs for Elixir FilePreparer (and fix a bug)

v0.50.13, 10 March 2018

• Downgrade Pipenv to 11.1.11
• Refactor Elixir UpdateChecker (should be no noticeable change to ens-users)

v0.50.12, 10 March 2018

• Elixir: Update to pre-release versions if the user is already on one (or has specified a pre-release in their requirements)

v0.50.11, 10 March 2018

• Elixir: Add support for git-source dependencies

v0.50.10, 9 March 2018

• Java: Handle multiple declarations of same dependency in pom.xml

v0.50.9, 9 March 2018

• Java: Handle source URLs which use a property

v0.50.8, 9 March 2018

• Don't try to create branches with spaces in them

v0.50.7, 9 March 2018

• Python: Parse requirements.txt if a Pipfile with no Pipfile.lock is present

v0.50.6, 9 March 2018

• Submodules: Use default branch, not master, if no branch is specified

v0.50.5, 8 March 2018

• PHP: Handle version requirements with a commit SHA in them

v0.50.4, 8 March 2018

• Python: Fix declaration regex in FileUpdater for dependencies with a hyphen

v0.50.3, 8 March 2018

• Add upgrade guide link to PRs, if present and upgrading by a major version

v0.50.2, 8 March 2018

• JS: Check for path dependencies in lockfile as well as package.json

v0.50.1, 8 March 2018

• JS: Exclude file based dependencies where the file details are in the version (not the requirement)

v0.50.0, 8 March 2018

• BREAKING: Remove "pipfile" package manager entirely. It is now bundler under "pip", which will autodetect whether a Pipfile is being used.

v0.49.16, 8 March 2018

• Python: Combine python strategies. Non-breaking, as long as you weren't accessing the Pipfile classes directly.

v0.49.15, 7 March 2018

• Ruby: Handle ~> ranges with major precision

v0.49.14, 7 March 2018

• Fix dependency file uniqueness checking (fixes a rare bug in Ruby updates)
• Use GithubClientWithRetries everywhere

v0.49.13, 7 March 2018

• Automatically retry GitHub timeouts during file fetching

v0.49.12, 6 March 2018

• JS: Less aggressive yarn.lock deduping

v0.49.11, 6 March 2018

• Retry rare Ruby bug in commit signer

v0.49.10, 6 March 2018

• Don't mistake commit messages that just start with Fix for semantic commit messages

v0.49.9, 5 March 2018

• Add #production? method to Dependabot::Dependency instances

v0.49.8, 5 March 2018

• PHP: Better regex for git clone problems

v0.49.7, 5 March 2018

• PHP: Handle dependency reachability errors in FileUpdater

v0.49.6, 5 March 2018

• Elixir: Handle references specified as a charlist

v0.49.5, 4 March 2018

• Handle inconsistent responses from github whengetting a ref

v0.49.4, 4 March 2018

• Handle superstring branches when creating PRs

v0.49.3, 3 March 2018

• Handle PR creation when a branch exists but a PR doesn't

v0.49.2, 2 March 2018

• Elixir: Support for git dependencies in FileParser and MetadataFinder.

v0.49.1, 2 March 2018

• Elixir: Handle very old lockfiles

v0.49.0, 2 March 2018

• Elixir: Full support for umbrella apps 🎉

v0.48.20, 2 March 2018

• Python: Better pre-release handling
• Elixir: Lots of prep for umbrella apps (but not full support yet)

v0.48.19, 1 March 2018

• Better changelog finding (order by file size if multiple with same name)

v0.48.18, 1 March 2018

• Python: Normalise pre-release versions correctly

v0.48.17, 1 March 2018

• Include signoff line in commit messages

v0.48.16, 1 March 2018

• JS: Handle exact matches for libraries

v0.48.15, 1 March 2018

• Python: Fix typo that prevented dev package updates
• JS: Handle lockfiles with bad version (wrong source)

v0.48.14, 28 February 2018

• PHP: Handle empty array returned from packagist in MetadataFinder

v0.48.13, 28 February 2018

• PHP: Include subdependencies in parser output
• Python: Use Pipenv's new --keep-outdated option instead of freezing Pipfile

v0.48.12, 27 February 2018

• Python: Pipfile file parser now include subdependencies in results

v0.48.11, 27 February 2018

• JS: Use Yarn v1.5.0

v0.48.10, 27 February 2018

• Pipfile: include dependencies specified using a requirements hash

v0.48.9, 26 February 2018

• Add label description if creating a new dependencies label

v0.48.8, 26 February 2018

• Java: Don't propose updates to a prerelease unless desired

v0.48.7, 26 February 2018

• PHP: Retry timeouts in UpdateChecker
• PHP: Handle array errors in ExceptionIO

v0.48.6, 26 February 2018

• JS: Handle yarn lockfiles that are missing a requirement in their declaration lines

v0.48.5, 26 February 2018

• Ignore bash scripts when looking for changelog

v0.48.4, 25 February 2018

• JS: Handle lockfiles without a header in fix-duplicates

v0.48.3, 25 February 2018

• Elixir: Remove hex install in Elixir file parser
• JS: Vendor relevant yarn-tools code (so they can be edited)
• JS: Don't lose Yarn version info during de-duping

v0.48.2, 25 February 2018

• JS: Use yarn-tools to clean up yarn.lock after updates

v0.48.1, 25 February 2018

• Python: Only include Pipfile in updated files if it has changed
• JS: Handle updates that don't change the package.json better

v0.48.0, 23 February 2018

• Add option to sign commits

v0.47.15, 22 February 2018

• JS: Fix encoding bug

v0.47.14, 21 February 2018

• JS: Don't check npm for package.json files with no description

v0.47.13, 21 February 2018

• JS: Better detection of whether a project is an app or a library

v0.47.12, 21 February 2018

• Bump pipenv from 9.0.3 to 9.1.0 in /helpers/python

v0.47.11, 20 February 2018

• Look for changelog in the directory we have for a repo

v0.47.10, 20 February 2018

• Include target branch in branch name if present

v0.47.9, 20 February 2018

• Check for existing PRs before assuming the presence of a branch means there's no need to create one

v0.47.8, 19 February 2018

• Ruby: Add specs for UpdateCheckers#latest_resolvable_version_with_no_unlock and fix implementation
• Elixir: Spec UpdateCheckers#latest_resolvable_version_with_no_unlock

v0.47.7, 17 February 2018

• Java: Shorter branch names when updating multiple dependencies

v0.47.6, 17 February 2018

• Java: Handle versionless declaration nodes in PropertyUpdater

v0.47.5, 16 February 2018

• Java: Handle property updates in a single PR (rather than creating several)

v0.47.4, 16 February 2018

• JS: Fix parser for dependencies with a resolutions entry

v0.47.3, 16 February 2018

• JS: Handle authentication errors from npm5 (not just Yarn)

v0.47.2, 16 February 2018

• Require Ruby 2.5

v0.47.1, 15 February 2018

• Correct semantic commit casing for library updates
• Include directory details in library PRs
• JS: Ignore 404s from the registry for library dependencies

v0.47.0, 15 February 2018

• BREAKING: Pass requirements_to_unlock to UpdateCheckers#can_update? and UpdateCheckers#updated_dependencies instead of unlock_level

v0.46.6, 12 February 2018

• JS: Handle blank requirements

v0.46.5, 12 February 2018

• Python: Ignore Pipfile dependencies missing from the lockfile

v0.46.4, 12 February 2018

• Use Angular style sentence case if using semantic commits

v0.46.3, 9 February 2018

• Exclude bot commits when considering recent commit messages. Should ensure switchover to semantic commit messages happens faster

v0.46.2, 9 February 2018

• PHP: Handle packagist returning empty arrays

v0.46.1, 9 February 2018

• Allow no_requirements to be passed to UpdateCheckers#can_update? and UpdateCheckers#updated_dependencies as an unlock level

v0.46.0, 9 February 2018

• BREAKING: Pass unlock_level to UpdateCheckers#can_update? and UpdateCheckers#updated_dependencies
• Add a latest_resolvable_version_with_no_unlock method to the UpdateChecker for each language

v0.45.5, 7 February 2018

• Add GitLab support to FileFetcher base methods
• Support GitLab in submodules FileFetcher. All FileFetchers therefore now support GitLab

v0.45.4, 6 February 2018

• JS: Handle unreachable git dependencies better (and spec it!)

v0.45.3, 5 February 2018

• JS: Ignore path dependency package.json files when parsing

v0.45.2, 5 February 2018

• Ruby: Update to newer pre-release versions
• JS: Raise GitDependenciesNotReachable error for git dependencies we don't have access to

v0.45.1, 30 January 2018

• Elixir: Handle mix.exs files that load in a version file

v0.45.0, 30 January 2018

• Ruby: Include sub-dependencies in FileParser#parse result

v0.44.20, 30 January 2018

• PHP: Handle aliased requirements in UpdateChecker (update the real version)

v0.44.19, 30 January 2018

• Elixir: Perform hex install in pwd

v0.44.18, 28 January 2018

• PHP: Filter out special packages

v0.44.17, 27 January 2018

• Java: Handle dependencies that use the project version as their requirement
• Ruby: Raise error for merge conflicts in Gemfile.lock

v0.44.16, 26 January 2018

• PHP: Handle repos where the only version is non-numeric

v0.44.15, 26 January 2018

• PHP: Handle alias version constraints

v0.44.14, 25 January 2018

• Java: Handle nested dependency declarations in pom.xml

v0.44.13, 24 January 2018

• Ruby: Use Lockfile to find path dependencies if present

v0.44.12, 23 January 2018

• Java: Ignore plugins without a groupId

v0.44.11, 23 January 2018

• Use build prefix if semantic commits are in use

v0.44.10, 23 January 2018

• Elixir: Clean up Ruby code that calls Elixir subprocesses

v0.44.9, 23 January 2018

• Handle timeouts in GitCommitChecker

v0.44.8, 23 January 2018

• Ruby: Handle timeouts when checking whether git dependencies are reachable

v0.44.7, 22 January 2018

• PHP: Retry 404s which appear to be happening randomly

v0.44.6, 22 January 2018

• Silence errors when trying to update a PR that has been merged

v0.44.5, 22 January 2018

• Elixir: Wait for input (should fix Errno::EPIPE errors)

v0.44.4, 21 January 2018

• PHP: Use env-key instead for env_key (for consistency with Python)

v0.44.3, 21 January 2018

• PHP: Raise MissingEnvironmentVariable instead of PrivateSourceNotReachable

v0.44.2, 21 January 2018

• PHP: Allow environment variables to be passed (to support ACF PRO)

v0.44.1, 20 January 2018

• Fix PullRequestCreator behaviour when no dependencies tag exists

v0.44.0, 20 January 2018

• Pass an array of custom labels to PullRequestCreator

v0.43.11, 20 January 2018

• Elixir: Raise a DependencyFileNotResolvable error if mix.exs contains bad requirements

v0.43.10, 19 January 2018

• Java: Fix version parsing (oops!)

v0.43.9, 19 January 2018

• Java: Handle underscores in versions

v0.43.8, 18 January 2018

• PHP: Handle pre-release version with a '-' properly

v0.43.7, 17 January 2018

• JS: Raise evaluatability error when parsing, not resolvability error

v0.43.6, 17 January 2018

• JS: Raise resolvability error if using workspaces but not private

v0.43.5, 17 January 2018

• Elixir: Handle or requirements betters (by adding another or at the end)

v0.43.4, 17 January 2018

• Elixir: Handle dependency names which are substrings of other dependencies names

v0.43.3, 17 January 2018

• Elixir: Don't do language version checks

v0.43.2, 17 January 2018

• Java: More robust POM parsing in File Updater

v0.43.1, 16 January 2018

• Elixir: Install hex before FileParser, if required

v0.43.0, 16 January 2018

• Add support for Elixir

v0.42.28, 16 January 2018

• JS: Tighter formula for git dependencies

v0.42.27, 16 January 2018

• JS: Get package declaration string from package-lock.json, not from package.json

v0.42.26, 15 January 2018

• Find changelogs in a docs folder

v0.42.25, 15 January 2018

• JS: Handle duplicate requirements that are identical

v0.42.24, 15 January 2018

• PHP: Handle bad git references

v0.42.23, 15 January 2018

• JS: Explicitly ignore flat resolution dependency files

v0.42.22, 15 January 2018

• JS: Handle host shortnames in package.json

v0.42.21, 15 January 2018

• JS: Filter out dependencies with a URL version at parse time

v0.42.20, 14 January 2018

• JS: Handle multiple declarations for the same dependency

v0.42.19, 14 January 2018

• JS: Handle dist tags in requirements updater

v0.42.18, 14 January 2018

• JS: Update git URL dependencies

v0.42.17, 14 January 2018

• JS: Strip prefixes from JS versions before checking for updated requirements in requirement updater

v0.42.16, 14 January 2018

• JS: Pass requirement update version strings, not hashes

v0.42.15, 14 January 2018

• JS: Update git dependencies specified with a GitHub format

v0.42.14, 11 January 2018

• JS: Handle setups where a lockfile is present by the .npmrc says not to update it

v0.42.13, 11 January 2018

• Collapse paths with a ".." in them when creating PRs

v0.42.12, 9 January 2018

• Java: Handle versions with capitals in them

v0.42.11, 9 January 2018

• Docker: Handle private registries without a port

v0.42.10, 9 January 2018

• Ruby: Don't try to update the Ruby version when updating multiple dependencies

v0.42.9, 8 January 2018

• Java: Add support for projects that inherit from parent POM (thanks @evenh!)

v0.42.8, 8 January 2018

• PHP: Check for pre-release versions to update to if using a pre-release version

v0.42.7, 8 January 2018

• JS: Remove imperfect check that yarn.lock was updating

v0.42.6, 7 January 2018

• Java: Maintain original formatting of pom.xml

v0.42.5, 6 January 2018

• Java: Use dependency selector from FileParser in FileUpdater

v0.42.4, 6 January 2018

• Java: Stricter dependency selector in FileParser

v0.42.3, 5 January 2018

• Handle PR creation when a branch called dependabot already exists

v0.42.2, 5 January 2018

• Sanitize colons out of git branch names

v0.42.1, 5 January 2018

• Java: Handle dependency declarations without a version requirement

v0.42.0, 5 January 2018

• Java: Add support for Maven

v0.41.5, 5 January 2018

• PHP: Use Composer 1.6.0

v0.41.4, 3 January 2018

• PHP: Handle replaced dependencies

v0.41.3, 29 December 2017

• JS: Handle versions specified with a dist tag

v0.41.2, 29 December 2017

• Include git protocol URIs in metadata finder regex
• PHP: Slightly raise Composer memory limit

v0.41.1, 29 December 2017

• PHP: Use http-basic for GitHub credentials

v0.41.0, 29 December 2017

• Ruby: Treat minimum possible Ruby requirement as the specified Ruby version, when set in gemspec

v0.40.25, 28 December 2017

• Ruby: Ignore Bundler version if specified in Gemfile

v0.40.24, 28 December 2017

• Handle removed directories better (by raising a DependencyFileNotFound error)

v0.40.23, 28 December 2017

• JS: Workaround for Yarn bug that means lockfile doesn't always change

v0.40.22, 28 December 2017

• JS: Fix false-positive result of wanting pre-release when a .x version was requested

v0.40.21, 27 December 2017

• Python: Look for index URLs in credentials

v0.40.20, 27 December 2017

• JS: Handle yarn.lock files with multiple entries for the same dependency

v0.40.19, 26 December 2017

• PHP: Handle wildcard versions better in requirement updater

v0.40.18, 26 December 2017

• Python: Handle simple index entries with spaces in filenames
• JS: Only request registry index once during update check
• PHP: Handle stability flags in requirements updater

v0.40.17, 25 December 2017

• JS: Handle pre-release updates when precision needs increasing

v0.40.16, 25 December 2017

• PHP & JS: Handle pre-releases in a hyphen range

v0.40.15, 24 December 2017

• Docker: Handle suffices with periods

v0.40.14, 24 December 2017

• JS: Ensure updates hit specific version

v0.40.13, 24 December 2017

• Python: Handle setup.py calls to parse_requirements
• JS: Handle Yarn workspaces where the parent package.json is in a directory
• All: Make fewer requests from file fetchers

v0.40.12, 23 December 2017

• Python: Update regexes to make FileUpdater more accurate

v0.40.11, 23 December 2017

• Python: Handle local version modifiers in metadata finder

v0.40.10, 23 December 2017

• Python: Handle local version modifiers

v0.40.9, 22 December 2017

• Python: Use correct URL for PyPI simple index
• Python: Handle filenames with underscores and periods in updater

v0.40.8, 22 December 2017

• Python: Handle capitalised dependency names in simple index response

v0.40.7, 22 December 2017

• Python: Use simple index to find latest version

v0.40.6, 22 December 2017

• PHP: Don't update composer.json if requirements already met

v0.40.5, 22 December 2017

• Ruby: Use tag_sha, not commit_sha, when checking if a git dep needs updating

v0.40.4, 22 December 2017

• JS: Handle pre-release strings properly

v0.40.3, 22 December 2017

• Raise error in FileUpdaters if lockfile is present and doesn't change

v0.40.2, 22 December 2017

• JS: Temporarily back out v0.40.0 changes

v0.40.1, 22 December 2017

• JS: Handle pre-releases in requirement specifiers correctly

v0.40.0, 21 December 2017

• Don't update package.json and composer.json if requirements already met

v0.39.26, 21 December 2017

• Python: Actually handle requirements.txt files that self-reference with extras

v0.39.25, 21 December 2017

• Python: Handle requirements.txt files that self-reference with extras

v0.39.24, 21 December 2017

• Use semantic prefix for Dependabot PR names (when appropriate)

v0.39.23, 21 December 2017

• JS: Better handling of global auth credentials in .npmrc

v0.39.22, 21 December 2017

• Python: Honour existing quote style when updating Pipfile dependencies

v0.39.21, 21 December 2017

• Python: Handle names that need normalising in Pipfile FileUpdater

v0.39.20, 21 December 2017

• Python: Handle dependency names with an underscore in Pipfile

v0.39.19, 21 December 2017

• Python: Handle capitalised dependency names in Pipfile

v0.39.18, 20 December 2017

• JS: Handle global auth declarations

v0.39.17, 20 December 2017

• Ruby: Make Ruby library split explicit in UpdateChecker (just a refactor)

v0.39.16, 19 December 2017

• PHP: Bump composer/composer from 1.5.5 to 1.5.6
• PHP: Show metadata for git dependencies
• JS: Check for dist-tags in npm response
• Docker: Use latest version of docker_registry2

v0.39.15, 18 December 2017

• Ruby: Clone down submodules when evaluating git dependencies

v0.39.14, 18 December 2017

• PHP: Stop ignoring git repos

v0.39.13, 18 December 2017

• PHP: Spec library handling on caret constraints
• PHP: Keep digit length for two-digit caret version

v0.39.12, 18 December 2017

• PHP: More robust file updating

v0.39.11, 18 December 2017

• PHP: Update handling of ~ constraints

v0.39.10, 18 December 2017

• PHP: Handle "v" prefixes in versions

v0.39.9, 18 December 2017

• JS: Handle versions with a hyphen in them

v0.39.8, 17 December 2017

• JS: More sophisticated JavaScript requirement updating

v0.39.7, 17 December 2017

• PHP: Handle hyphen ranges properly
• PHP: Handle range requirements better for app updates

v0.39.6, 17 December 2017

• PHP: Better requirement updating for library requirements

v0.39.5, 15 December 2017

• PHP: More sensitive handling of multi-version library requirements

v0.39.4, 15 December 2017

• PHP: Make UpdateChecker work for dev dependencies

v0.39.3, 15 December 2017

• PHP: Parse development dependencies properly

v0.39.2, 15 December 2017

• PHP: Strip leading v from versions in packagist API response

v0.39.1, 14 December 2017

• PHP: Only treat repos as libraries if they declare "library" as their type

v0.39.0, 14 December 2017

• PHP: Support PHP libraries

v0.38.8, 14 December 2017

• PHP: Raise clear error when Composer is out of memory

v0.38.7, 14 December 2017

• PHP: Treat last error correctly (as an array)

v0.38.6, 14 December 2017

• PHP: Try and add some memory that will be freed on error

v0.38.5, 14 December 2017

• PHP: Handle shutdown errors

v0.38.4, 14 December 2017

• PHP: Throw out of memory errors

v0.38.3, 13 December 2017

• Python: Preserve original host environment markers in Pipfile.lock

v0.38.2, 13 December 2017

• Python: Handle * version strings in UpdateChecker

v0.38.1, 13 December 2017

• Python: Make Pipfile an explicit dependency

v0.38.0, 13 December 2017

• Python: Add experimental Pipfile support

v0.37.2, 13 December 2017

• Python: Handle multi-line requirements, and preserve previous whitespace

v0.37.1, 13 December 2017

• Python: Handle custom algorithms for hashes

v0.37.0, 13 December 2017

• Python: update hashes in requirements.txt file if present
• BREAKING: Install Python requirements from a requirements.txt

v0.36.30, 12 December 2017

• Allow custom_label to be passed to PullRequestCreator

v0.36.29, 12 December 2017

• Use existing dependencies label if present

v0.36.28, 12 December 2017

• PHP: Handle dependencies with capitals (especially PEAR dependencies)

v0.36.27, 12 December 2017

• PHP: Handle packagist returning packages for a different name

v0.36.26, 12 December 2017

• PHP: Downcase dependency names when constructing packagist URLs

v0.36.25, 12 December 2017

• Python: Only fetch files that end in .txt from any requirements folder

v0.36.24, 12 December 2017

• Python: Support alternative names / locations for requirements.txt files

v0.36.23, 11 December 2017

• PHP: Handle resolvability errors (silence them)

v0.36.22, 11 December 2017

• JS: Handle unparseable package-lock.json files
• JS: Handle JSON parser errors in non-standard registries

v0.36.21, 9 December 2017

• PHP: Store details of source URL during file parsing
• PHP: Pull source URL details from dependency in MetadataFinder, if present

v0.36.20, 8 December 2017

• PHP: Refactored and cleaned up PHP code (thanks @nesl247)

v0.36.19, 8 December 2017

• PHP: Only use github token if provided one

v0.36.18, 8 December 2017

• PHP: Actually use auth credentials

v0.36.17, 8 December 2017

• PHP: Fix for SSH URLs

v0.36.16, 8 December 2017

• PHP: Handle SSH URLs in FileUpdater

v0.36.15, 8 December 2017

• Ruby: More conservative full-unlocking. Reduces number of dependencies unlocked and/or number of iterations to discover unlocking is impossible.

v0.36.14, 8 December 2017

• Prepare composer.json files in Ruby to avoid re-writing JSON

v0.36.13, 8 December 2017

• Include semantic commit message prefix only if repo uses them

v0.36.12, 8 December 2017

• Don't submit empty author details to GitHub

v0.36.11, 8 December 2017

• Allow author details to be passed to PullRequestCreator and PullRequestUpdater

v0.36.10, 8 December 2017

• PHP: Handle 404s from packagist

v0.36.9, 7 December 2017

• PHP: Handle repo not reachable errors

v0.36.8, 7 December 2017

• PHP: Pass GitHub access token to PHP helpers

v0.36.7, 7 December 2017

• PHP: Add back platform override now it's properly specced

v0.36.6, 7 December 2017

• PHP: Update composer.json files in Ruby, to avoid changing their formatting
• PHP: Better requirements updater in UpdateCheckers

v0.36.5, 7 December 2017

• JS: Better npm update_checker errors
• JS: prune git dependencies out during file parsing

v0.36.4, 7 December 2017

• PHP: Stop setting prefer-stable explicitly
• PHP: Temporarily disable updates where a PHP version is specified

v0.36.3, 7 December 2017

• PHP: Don't check platform requirements during updates

v0.36.2, 6 December 2017

• PHP: Try setting a much higher memory limit for composer

v0.36.1, 6 December 2017

• JS: Give registries a break before retrying if they return bad JSON

v0.36.0, 5 December 2017

• Stop supporting npm and yarn as package managers (in favour of npm_and_yarn)

v0.35.15, 5 December 2017

• JS: Combine Yarn and npm package managers into NpmAndYarn

v0.35.14, 5 December 2017

• JS: Check for yanked versions in UpdateChecker

v0.35.13, 5 December 2017

• JS: Fix UpdateChecker retrying

v0.35.12, 4 December 2017

• Ruby: handle gemspecs that dup a version constant

v0.35.11, 4 December 2017

• JS: retry transitory JSON parsing failures

v0.35.10, 4 December 2017

• JS: raise DependencyFileNotResolvable when no satisfiable version can be found for an npm dep

v0.35.9, 3 December 2017

• JS: Handle thorny single requirements

v0.35.8, 3 December 2017

• JS: Handle JS requirements in branch names
• JS: Handle library requirements differently to application requirements

v0.35.7, 3 December 2017

• JS: Return pre-release versions in UpdateChecker if one is currently in use

v0.35.6, 3 December 2017

• JS: raise DependencyFileNotResolvable when no satisfiable version can be found for a Yarn dep

v0.35.5, 2 December 2017

• JS: Fix updated_files_regex for Yarn
• JS: handle updates without a lockfile in FileUpdater
• JS: support repos without a lockfile in npm parser, and spec support in UpdateChecker
• JS: support repos without a package-lock.json in npm FileFetcher

v0.35.4, 1 December 2017

• Ruby: Fix bug in gemspec sanitizing

v0.35.3, 1 December 2017

• Implement equality operator for DependencyFile

v0.35.2, 1 December 2017

• Ruby: More robust gemspec sanitizing

v0.35.1, 1 December 2017

• JS: Ignore transitory errors from custom registries

v0.35.0, 30 November 2017

• JS: Perform package.json update in Ruby (and avoid changing package.json format)

v0.34.20, 30 November 2017

• Ruby: Handle repos with a gemspec and a Gemfile that doesn't import it

v0.34.19, 30 November 2017

• JS: Preserve protocol for private registries

v0.34.18, 30 November 2017

• JS: Handle private registries that don't use https

v0.34.17, 30 November 2017

• JS: Better parsing of private registry URLs

v0.34.16, 29 November 2017

• JS: Include private dependencies when parsing npm package-lock.json

v0.34.15, 29 November 2017

• JS: Pull credentials from npmrc file, if present

v0.34.14, 29 November 2017

• JS: Raise a PrivateSourceNotReachable error for missing private details

v0.34.13, 29 November 2017

• JS: Pass credentials for non-npm registries to file updater
• JS: use custom registries (with credentials) in UpdateChecker and MetadataFinder
• JS: Fetch .npmrc files
• JS: Use sanitized .npmrc files in FileUpdater

v0.34.12, 29 November 2017

• JS: Add basic support for private npm packages

v0.34.11, 28 November 2017

• Ruby: Handle Bundler::Fetcher::CertificateFailureError errors

v0.34.10, 27 November 2017

• Ruby: Roll back regression in ForceUpdater

v0.34.9, 27 November 2017

• Ruby: More conservative ForceUpdater (traverse requirement trees from top)

v0.34.8, 27 November 2017

• Ruby: Make ForceUpdater more conservative about what it unlocks

v0.34.7, 27 November 2017

• Ruby: Fix for custom-sourced peer dependencies in ForceUpdater

v0.34.6, 27 November 2017

• Make dependency we're force updating the first in the returned array

v0.34.5, 27 November 2017

• Minor improvement to PR text
• Make new_dependencies_to_unlock_from unique

v0.34.4, 24 November 2017

• Better pull request text for multi-dependency PRs

v0.34.3, 24 November 2017

• Fix for PullRequestCreator metadata links with multiple dependencies

v0.34.2, 23 November 2017

• Fix another bug in PullRequestCreator

v0.34.1, 23 November 2017

• Fix bug in PullRequestCreator which occurs when a source_url can't be found

v0.34.0, 23 November 2017

• BREAKING: PullRequestCreator now takes an array of dependencies

v0.33.0, 23 November 2017

• BREAKING: FileUpdaters now take an array of dependencies, not a dependency

v0.32.0, 23 November 2017

• BREAKING: Return an array of dependencies from UpdateCheckers::Base#updated_dependencies

v0.31.0, 22 November 2017

• BREAKING: Split UpdateCheckers::Base#needs_update? method into up_to_date? and can_update? methods

v0.30.6, 21 November 2017

• Python: More robust setup.py error handling

v0.30.5, 21 November 2017

• Python: Further fix for UpdateChecker prerelease handling

v0.30.4, 21 November 2017

• Python: Better pre-release handling in UpdateChecker

v0.30.3, 21 November 2017

• Ruby: Ignore path gemspecs that are behind falsey conditional

v0.30.2, 21 November 2017

• PHP: Silence out-of-memory errors

v0.30.1, 21 November 2017

• Ruby: Handle GitHub sources when checking for inaccessible dependencies

v0.30.0, 20 November 2017

• Pass a source hash to FileFetchers, rather than a repo name
• Pass a credentials hash to FileFetchers, rather than a GitHub client

v0.29.1, 20 November 2017

• JS: Pass full requirements to Yarn updater.js to circumvent Yarn bug

v0.29.0, 20 November 2017

• JS: Ignore node manifest engine constraints
• Make MetadataFinders provider agnostic (i.e., don't treat GitHub differently)

v0.28.9, 20 November 2017

• Ruby: Respect user's spacing between specifier and version

v0.28.8, 20 November 2017

• Ruby: Handle Gemfiles with path sources but no Gemfile.lock

v0.28.7, 17 November 2017

• Start commit messages with "chore(dependencies): "

v0.28.6, 17 November 2017

• JS: FileUpdaters::JavaScript::Yarn.updated_files_regex now includes package.json files that aren't at the top level

v0.28.5, 17 November 2017

• JS: Fix Yarn workspace handling in FileUpdater

v0.28.4, 17 November 2017

• Python: Extract dependencies from setup_requires and extras_require (thanks @tristan0x)

v0.28.3, 17 November 2017

• JS: Handle wildcards in package.json

v0.28.2, 17 November 2017

• JS: Ignore empty files in FileUpdater

v0.28.1, 17 November 2017

• JS: Handle workspace names more robustly

v0.28.0, 16 November 2017

• JS: Support Yarn workspaces

v0.27.17, 16 November 2017

• JS: Fetch and parse workspace package.json files (awaiting FileUpdater change)

v0.27.16, 15 November 2017

• MetadataFinders: Strip out # characters from source URLs

v0.27.15, 15 November 2017

• JS: Sanitize any variables in a package.json before parsing/updating

v0.27.14, 13 November 2017

• Ruby: handle yet more private gem repo failure cases

v0.27.13, 13 November 2017

• Ruby: handle more private gem repo failure cases

v0.27.12, 13 November 2017

• Python: Ignore errors when parsing setup.py (temporary)

v0.27.11, 13 November 2017

• Handle bad GitHub source data links in GitCommitChecker
• Python: Handle setup.py calls better

v0.27.10, 12 November 2017

• Case insensitive Ruby version replacement

v0.27.9, 11 November 2017

• Add support for passing a target branch to create PRs against

v0.27.8, 11 November 2017

• Python: more setup.py handling

v0.27.7, 10 November 2017

• Fix typo

v0.27.6, 10 November 2017

• Handle Python setup.py files that use codec.open

v0.27.5, 10 November 2017

• Attempt to handle setup.py file that include an "open" line

v0.27.4, 10 November 2017

• Sanitize Python requirement branch names

v0.27.3, 10 November 2017

• Handle Python range requirements

v0.27.2, 10 November 2017

• Handle Python requirements that specify a prefix-match

v0.27.1, 10 November 2017

• Handle setup.py file that include a print statement
• Retry Docker timeouts

v0.27.0, 09 November 2017

• Add support for Python libraries (i.e., repos with a setup.py)

v0.26.0, 09 November 2017

• Make repo a required argument to FileParsers

v0.25.8, 09 November 2017

• Ignore custom names for submodule dependencies

v0.25.7, 09 November 2017

• Handle relative URLs for git submodules

v0.25.6, 08 November 2017

• Handle missing Ruby private dependencies

v0.25.5, 08 November 2017

• Allow Rubygems 2.6.13 for now (since Heroku uses it)

v0.25.4, 07 November 2017

• Add homepage links for Python and JavaScript
• Remove Rubygems monkeypatch in favour of required rubygems version

v0.25.3, 31 October 2017

• Require Bundler 1.16.0

v0.25.2, 30 October 2017

• Link to Ruby dependency homepage if source code can't be found
• Refactor GitHub specific logic out of PullRequestCreator

v0.25.1, 28 October 2017

• Add npm require line to FileUpdaters

v0.25.0, 28 October 2017

• Alpha support for npm

v0.24.9, 25 October 2017

• Treat Ruby dependencies which explicitly specify the default source the same as ones that do so implicitly during file parsing
• Pick up files called release when looking for changelogs

v0.24.8, 24 October 2017

• Handle date-like versions in Dockerfile

v0.24.7, 24 October 2017

• Only update Dockerfile version to pre-release if currently using one

v0.24.6, 24 October 2017

• Better handling of Python dependencies that specify a minor version

v0.24.5, 24 October 2017

• Set private repo config properly in Ruby::Bundler::UpdateCheckers

v0.24.4, 21 October 2017

• Add support for Dockerfiles versions with a suffix (e.g., 2.4.2-slim)

v0.24.3, 20 October 2017

• Look up Python URLs from PyPI description if necessary

v0.24.2, 18 October 2017

• Handle absolute paths in Ruby Gemfiles

v0.24.1, 17 October 2017

• Add temporary ignore for private npm organisation hosted dependencies in UpdateChecker. Once we support passing credentials we'll be able to bump these, but for now we just suppress them

v0.24.0, 17 October 2017

• Support private docker registries that use digests

v0.23.3, 16 October 2017

• Link to changelog for Ruby git dependencies where the ref is bumped

v0.23.2, 13 October 2017

• Support updating docker images hosted on a private registry

v0.23.1, 13 October 2017

• Docker registry regex now excludes trailing slash
• Require private Docker registries to specify a port

v0.23.0, 13 October 2017

• BREAKING: Require an array of credentials to be passed for FileUpdaters and UpdateCheckers, rather than a github_access_token.

v0.22.8, 12 October 2017

• Add support for Dockerfiles that specify a digest
• Spec that docker support works when multiple FROM lines are specified
• Bump yarn-lib from 1.1.0 to 1.2.0

v0.22.7, 10 October 2017

• Use monkeypatch for CVE-2017-0903 rather than requiring specific Rubygems version (since Heroku doesn't get support 2.6.14)

v0.22.6, 10 October 2017

• Filter out private JS dependencies during parsing

v0.22.5, 10 October 2017

• Require Rubygems version 2.6.14 to ensure safety from CVE-2017-0903

v0.22.4, 09 October 2017

• Check new git version is resolvable when updating Ruby git tags

v0.22.3, 09 October 2017

• Handle git:// URLs in GitCommitChecker

v0.22.2, 09 October 2017

• Raise a PrivateSourceNotReachable error for private Docker registries

v0.22.1, 08 October 2017

• Fix bad require line for FileFetchers

v0.22.0, 08 October 2017

• Add support of Dockerfiles

v0.21.3, 07 October 2017

• Refactor GitCommitChecker and use it for update-checking submodules

v0.21.2, 07 October 2017

• Better pull request versions when upgrading a tag

v0.21.1, 07 October 2017

• Handle non-GitHub URLs in GitCommitChecker#local_tag_for_version
• Robust handling of quote characters for Ruby::Bundler::GitPinReplacer
• Use GitCommitChecker for fetching the latest commit on a branch (speedup)

v0.21.0, 06 October 2017

• Support bumping Ruby git dependencies that are tagged to a version-like tag

v0.20.15, 06 October 2017

• Don't sanitize python requirement names during parsing. Was causing errors at the FileUpdater stage (since the name no-longer matched the declaration).

v0.20.14, 05 October 2017

• Add error handling for ChildGemfileFinder path evaluation

v0.20.13, 04 October 2017

• Add support for eval_gemfile to Ruby

v0.20.12, 04 October 2017

• Use Excon automatic retries when making get requests. Should considerably reduce timeout errors from NPM, PyPI, etc.

v0.20.11, 04 October 2017

• More robust handling of Ruby dependencies with a git source (handle errors that occur from attempting to remove the git source)

v0.20.10, 04 October 2017

• Don't update Ruby gemfiles which specify their version using a function

v0.20.9, 03 October 2017

• Change: Transition Ruby git sources to Rubygems releases when a branch is specified and its head is behind the release

v0.20.8, 02 October 2017

• Change: Consider possible changelog names in order
• Fix: Only consider files when looking for a changelog

v0.20.7, 02 October 2017

• Refactor: Split up Ruby FileParser. Should have no effect on public APIs

v0.20.6, 01 October 2017

• Handle relative requirements in cascaded Python requirement files properly

v0.20.5, 01 October 2017

• Fetch cascading Python requirement files that aren't specified with a leading ./

v0.20.4, 29 September 2017

• Fix: Don't error when calculating MetadataFinder commits_url for Ruby git dependencies with an unknown source

v0.20.3, 29 September 2017

• Change: Clearer PR wording for git references switching to releases

v0.20.2, 29 September 2017

• Fix: Add temporary workaround for ::Bundler::Dsl::VALID_KEYS not being defined

v0.20.1, 29 September 2017

• Fix: Remove unnecessary require from PullRequestCreator

v0.20.0, 29 September 2017

• Feature: Support transitioning Ruby git sources to Rubygems releases

v0.19.12, 28 September 2017

• Change: Use naked version when specifying a Ruby version exactly in Gemfile

v0.19.11, 28 September 2017

• Fix: Fix metadata handler for non-GitHub Ruby git sources
• Fix: Handle function calls as gem versions in the Ruby FilePreparer
• Fix: Handle string interpolation in Ruby FileUpdater

v0.19.10, 27 September 2017

• Refactor: Switch to AST parser for updating Ruby requirements in FileUpdater
• Refactor: Remove Gemnasium dependency (we now use Parser for all Ruby parsing)

v0.19.9, 27 September 2017

• Refactor: Extract Ruby UpdateChecker file preparation into separate class
• Refactor: Switch to AST parser for updating Ruby requirements in UpdateChecker

v0.19.8, 26 September 2017

• Add short-circuit fetch_latest_version code for Ruby git dependencies
• Refactor UpdateCheckers::Ruby::Bundler (should have no impact on logic)

v0.19.7, 25 September 2017

• Suppress Ruby VersionConflict exceptions caused by an update to a git dependency (since the version conflict is only caused by the attempted update, not by anything wrong with the underlying Gemfile/Gemfile.lock)

v0.19.6, 25 September 2017

• Better commit URLs links for Ruby dependencies that specify a git source

v0.19.5, 25 September 2017

• Handle nonexistent git branches for Ruby dependencies

v0.19.4, 23 September 2017

• Add support for upgrading Ruby dependencies that specify a git source

v0.19.3, 22 September 2017

• Yarn 1.0 support
• Improve Python parser so it handles paths with spaces

v0.19.2, 22 September 2017

• Specify required Bundler version is >= 1.16.0.pre
• Set git reference as version for Ruby git dependencies (groundwork for updating Ruby dependencies that specify a git source)

v0.19.1, 21 September 2017

• Better support for Python constraints files, and a general refactor of Python support

v0.19.0, 20 September 2017

• BREAKING: Add source key to dependency requirement attribute, as a required key
• Use requirement source key to ensure default metadata is only fetched when appropriate

v0.18.12, 19 September 2017

• Raise GitDependencyReferenceNotFound errors during Ruby update checking

v0.18.11, 15 September 2017

• Don't create Gemfile requirement for gemspec dependencies
• Don't update Gemfile content during update check if dependency isn't found there

v0.18.10, 12 September 2017

• Handle custom names for submodules, and URLs without a .git suffix

v0.18.9, 11 September 2017

• Fall back to latest_resolvable_version if PHP latest_version shortcut fails

v0.18.8, 11 September 2017

• Better error messaging for unreachable submodules

v0.18.7, 11 September 2017

• Fix typo in submodule checking URL

v0.18.6, 11 September 2017

• Convert git URLs to https in submodule parser

v0.18.5, 11 September 2017

• Use correct git internals URL for authorization checking in Ruby UpdateChecker
• Use git internal transfer protocol when fetching latest version of submodules

v0.18.4, 10 September 2017

• Add shortcut for PHP update_checker version check

v0.18.3, 9 September 2017

• Handle development dependencies for PHP projects
• Add Dependabot::DependencyFileNotParseable error
• Increase memory limit for PHP

v0.18.2, 9 September 2017

• Better titles and branch names for git submodule PRs
• Better commit links for git submodule PRs

v0.18.1, 8 September 2017

• Handle submodule URLs that resolve to a 404

v0.18.0, 8 September 2017

• Add support for git submodules

v0.17.3, 7 September 2017

• Handle non-utf-8 characters in Gemfile resolution error messages

v0.17.2, 7 September 2017

• Handle branch deletion during update flow (return nil, rather than erroring)
• Manually set Bundler root during file update (thanks @gotjosh)

v0.17.1, 7 September 2017

• Use Bundler 1.16.0 (pre-release 2)

v0.17.0, 5 September 2017

• Use Bundler 1.16.0 (pre-release 1)

v0.16.17, 5 September 2017

• Fix HTTP request that checks whether a git dependency is accessible

v0.16.16, 3 September 2017

• Handle Ruby Gemfile requirements with multiple components

v0.16.15, 2 September 2017

• Handle non-numeric Python versions better (ignore them instead of erroring)

v0.16.14, 1 September 2017

• Don't include pre-releases in Python latest_version (unless on one)

v0.16.13, 30 August 2017

• Use rubygems changelog URL when available
• Fetch more tags when finding metadata

v0.16.12, 29 August 2017

• Handle path-based JS dependencies

v0.16.11, 25 August 2017

• Handle optional JS dependencies

v0.16.10, 25 August 2017

• Raise a DependencyFileNotResolvable error if the lockfile is missing a gem
• Handle inaccessible git dependencies that resolve to a redirect

v0.16.9, 25 August 2017

• Simpler, better Gemfile sanitizing in UpdateCheckers::Ruby

v0.16.8, 24 August 2017

• Add dependencies label in separate API call

v0.16.7, 24 August 2017

• Create "dependencies" label during PR creation, if it doesn't already exist

v0.16.6, 24 August 2017

• Add "dependencies" label to pull requests

v0.16.5, 24 August 2017

• Prune out Ruby specs from the wrong platform during parsing

v0.16.4, 23 August 2017

• Compare Ruby development requirements to the latest resolvable version

v0.16.3, 23 August 2017

• More robust check on whether Ruby Gemspec file needs updating

v0.16.2, 23 August 2017

• Handle Ruby case of Gemfile not importing its gemspec
• Exclude platform-specific dependencies from Ruby FileParser
• Handle pre-release version in requirement updates
• Minor PR wording improvement

v0.16.1, 22 August 2017

• Better key symbolizing on Dependency (handle ActionController::Params)

v0.16.0, 22 August 2017

• BREAKING: use arrays of hashes for Dependency#requirements and Dependency#previous_requirements, so we can store metadata about each requirement (e.g., which file it came from).

v0.15.8, 22 August 2017

• Allow Ruby updates for repos which only contain a Gemfile (or where the dependency only appears in the Gemfile)

v0.15.7, 21 August 2017

• Link to release notes index when more appropriate than specific release
• Handle gemspecs that bracket their dependencies

v0.15.6, 19 August 2017

• Check all requirements are binding when creating updated requirements
• Better pull request text when updating libraries

v0.15.5, 18 August 2017

• Patch Bundler to use HTTPS instead of SSH for git sources hosted on GitHub

v0.15.4, 16 August 2017

• Use updated gemspec content when calculating new lockfile version (Ruby)
• Handle dev dependencies differently for gemspecs

v0.15.3, 16 August 2017

• Always use latest_version if updating a gemspec dependency
• Handle Ruby file updates where a non-Gemfile dependency has been updated in the lockfile

v0.15.2, 16 August 2017

• Clearer error message for FileFetchers::Ruby::Bundler

v0.15.1, 16 August 2017

• Handle Gemfile and gemspec case where a gem only appears in the later

v0.15.0, 16 August 2017

• Add .updated_files_regex to all FileUpdaters
• Remove .required_files from all FileFetchers
• Add .required_files_in? and required_files_message to all FileFetchers
• Remove all Ruby::Gemspec classes entirely. Gem bumping behaviour now handled in Ruby::Bundler

v0.14.6, 15 August 2017

• Ensure blank strings aren't provided as arguments to Dependency.new

v0.14.5, 15 August 2017

• Big refactor of bundler and gemspec flows to almost combine them. Hopefully no impact on functionality. Releasing to test in the wild.

v0.14.4, 15 August 2017

• Update bundler FileParser to handle gemspecs
• Update equality matchers to ranges in UpdateCheckers::Ruby::Gemspec

v0.14.3, 15 August 2017

• Parse JavaScript files which only have dev dependencies

v0.14.2, 14 August 2017

• Fix UpdateCheckers::Ruby::Gemspec (oops)

v0.14.1, 14 August 2017

• Fix: convert version to string before splitting in UpdateChecker

v0.14.0, 14 August 2017

• Add requirement and previous_requirement attributes to Dependency

v0.13.4, 14 August 2017

• Better FileUpdaters::Gemspec regex (catch add_runtime_dependency declarations)
• Extend aggressive gemspec sanitization to Bundler

v0.13.3, 13 August 2017

• More aggressive gemspec sanitizing

v0.13.2, 13 August 2017

• Use original quote character when updating Ruby gemspecs
• Clearer text for library pull requests

v0.13.1, 13 August 2017

• More robust gemspec declaration regex

v0.13.0, 13 August 2017

• BREAKING: Return strings from Dependency#version, not Gem::Version objects
• FEATURE: Add support for Ruby libraries (i.e., gems)

v0.12.8, 12 August 2017

• Don't add RUBY VERSION to the Gemfile.lock if it wasn't previously present

v0.12.7, 12 August 2017

• Sanitize path-based gemspecs to remove fine requirements

v0.12.6, 12 August 2017

• Handle Ruby indexes that only implement the old Rubygems index

v0.12.5, 11 August 2017

• Raise helpful message for Ruby private sources without auth details

v0.12.4, 10 August 2017

• Serve a DependencyFileNotResolvable error for bad git branches

v0.12.3, 10 August 2017

• Handle requirement.txt files that have cascading requirements

v0.12.2, 8 August 2017

• Handle requirement.txt files that have path-based dependencies

v0.12.1, 5 August 2017

• Handle 404s from Rubygems in UpdateChecker
• Skip PHP dependencies with non-numeric versions during file parsing

v0.12.0, 4 August 2017

• BREAKING: Return Gem::Version objects from Dependency#version, not strings

v0.11.2, 23 July 2017

• Ignore Python packages which can't be found at PyPI

v0.11.1, 17 July 2017

• Handle deleted branches in PullRequestUpdater

v0.11.0, 12 July 2017

• Handle Gemfiles that load in a .ruby-version file
• Move Python parser code into Python helper

v0.10.6, 7 July 2017

• Fetch old commit message when updating a PR. Previously we would try to rebuild the commit message from the PR message, but that often caused us to include extra, irrelevant details.

v0.10.5, 7 July 2017

• Ensure git dependencies aren't updated as a result of https change

v0.10.4, 7 July 2017

• Avoid using SSH to fetch dependencies - always use HTTPS. Ensures the GitHub credentials we pass to Bundler are used.

v0.10.3, 7 July 2017

• Use Bundler settings to handle GitHub credentials

v0.10.2, 6 July 2017

• Robust support for https auth details

v0.10.1, 6 July 2017

• Revert handling git auth details for https specifications

v0.10.0, 6 July 2017

• More robust file URL generation
• Notify about all unreachable git dependencies at once
• Handle git auth details for https specifications
• BREAKING: renamed GitCommandError and PathBasedDependencies errors

v0.9.8, 6 July 2017

• Set path in Ruby File Updater, to fix path based dependencies (v2)

v0.9.7, 6 July 2017

• Set path in Ruby File Updater, to fix path based dependencies

v0.9.6, 6 July 2017

• Raise PathBasedDependencies error at file fetcher time for bad paths

v0.9.5, 6 July 2017

• Only hit Rubygems once for each latest_version lookup
• Handle path-based Ruby dependencies, if possible

v0.9.4, 2 July 2017

• Correctly list path-based dependencies

v0.9.3, 1 July 2017

• Replace less than matcher (and <= matcher) with ~> during file updates
• Handle Ruby version constraints for dependencies Dependabot itself relies on

v0.9.2, 30 June 2017

• Bump yarn (fixes non-deterministic lockfile generation)

v0.9.1, 29 June 2017

• Cache commit in file fetcher, and ensure files fetched are for that commit

v0.9.0, 29 June 2017

• BREAKING: Drop Dependabot::Repo in favour of just passing the repo's name

v0.8.10, 29 June 2017

• Better tag/release lookup: handle completely unprefixed tags/releases

v0.8.9, 28 June 2017

• FIX: Honour Ruby version when determining latest resolvable version

v0.8.8, 26 June 2017

• FIX: Improved Bundler bug workaround, with specs

v0.8.7, 26 June 2017

• FIX: Work around Bundler bug when doing Ruby update checks

v0.8.6, 21 June 2017

• FIX: Pass GitHub credentials as x-access-token password. This allows us to clone private repos using app access tokens, whilst maintaining support for doing so using OAuth tokens.

v0.8.5, 20 June 2017

• Clean version strings in JavaScript parser

v0.8.4, 20 June 2017

• FIX: Require Octokit and Gitlab where used

v0.8.3, 14 June 2017

• Full support for Bitbucket changelogs and commit comparisons

v0.8.2, 13 June 2017

• Full support for GitLab changelogs, release notes, and commit comparisons

v0.8.1, 13 June 2017

• Link to GitLab dependency sources, too

v0.8.0, 13 June 2017

• BREAKING: drop support for Ruby 2.3
• Link to Bitbucket dependency sources (and lay groundwork for changelogs etc.)

v0.7.10, 12 June 2017

• Improve commit comparison URL generation (handle arbitrary prefixes)

v0.7.9, 9 June 2017

• Handle npm packages with an old 'latest' tag

v0.7.8, 8 June 2017

• Strip leading 'v' prefix from PHP version strings

v0.7.7, 7 June 2017

• Return fetched dependency file contents as UTF-8

v0.7.6, 7 June 2017

• Don't blow up when deps are missing from yarn.lock

v0.7.5, 7 June 2017

• Ignore JS prerelease versions
• Use HTTPS when talking to the NPM registry

v0.7.4, 7 June 2017

• Handle PHP composer.json files that specify a PHP version / extensions

v0.7.3, 3 June 2017

• Minor improvement to GitHub release finding (finds unnamed releases)

v0.7.2, 3 June 2017

• Update pull request titles to include from-version

v0.7.1, 2 June 2017

• Add short-circuit lookup for update checkers

v0.7.0, 2 June 2017

• Rename to dependabot-core

v0.6.5, 01 Jun 2017

• Fix PHP issues from initial beta test (#61)

v0.6.4, 01 Jun 2017

• Add support for PHP (Composer) projects

v0.6.3, 30 May 2017

• Even better version pattern updating for JS

v0.6.2, 29 May 2017

• Better version pattern updating for JS

v0.6.1, 29 May 2017

• Make yarn run in non-interactive mode

v0.6.0, 29 May 2017

• BREAKING: Organise by package manager, not language (#55)
• BREAKING: Refactor error handling (#54)

v0.5.8, 24 May 2017

• Don't change yarn.lock version comments (#53)

v0.5.7, 24 May 2017

• Ignore exotic (git, path, etc) JavaScript dependencies (#52)

v0.5.6, 23 May 2017

• Raise a bespoke error for Ruby path sources (#51)

v0.5.5, 22 May 2017

• Back out CocoaPods support, since it pins ActiveSupport to < 5 (#50)

v0.5.4, 22 May 2017

• Look for any release ending with the dependency version (#49)

v0.5.3, 18 May 2017

• Slightly shorter branch names (#43)
• Do JavaScript file updating in JavaScript (#41)

v0.5.2, 17 May 2017

• Include details of the directory (if present) in the PR name (#40)

v0.5.1, 17 May 2017

• Raise Bump::VersionConflict if a conflict stops us getting a gem version (#38)
• Use folders for branch names, and namespace under language and directory (#39)

v0.5.0, 16 May 2017

• Extract the correct versions of JavaScript dependencies in the parser (#36)
• Consider resolvability when calculating latest_version in Ruby (#35)
• BREAKING: require github_access_token when creating an UpdateChecker

v0.4.1, 15 May 2017

• Allow pr_message_footer argument to be passed to PullRequestCreator (#32)

v0.4.0, 15 May 2017

• BREAKING: Make language a required attribute for Bump::Dependency (#29)
• Handle PR creation races gracefully (#31)
• Minor improvement to PR text

v0.3.4, 12 May 2017

• Better JavaScript and Python metadata finding
• Exposed .required_files method on dependency file fetchers

v0.3.3, 11 May 2017

• Escape scoped package names in MetadataFinders::JavaScript (#27)
• Look for JavaScript GitHub link in most recent releases first (#28)

v0.3.2, 09 May 2017

• Don't discard DependencyFile details when updating (#24)

v0.3.1, 09 May 2017

• Support fetching dependency files from a specified directory (#23)

v0.3.0, 09 May 2017

• BREAKING: Rename Node to JavaScript everywhere (#22)

v0.2.1, 03 May 2017

• Store the failed git command on GitCommandError (#21)

v0.2.0, 02 May 2017

• BREAKING: Rename Bump::FileUpdaters::VersionConflict (#20)

v0.1.7, 02 May 2017

• Add DependencyFileNotEvaluatable error (#17)

v0.1.6, 02 May 2017

• Stop updating RUBY VERSION and BUNDLED WITH details in Ruby lockfiles (#18)
• Handle public git sources gracefully (#19)

v0.1.5, 28 April 2017

• Add PullRequestUpdate class (see #15)
• Raise a Bump::DependencyFileNotFound error if files can't be found (see #16)

v0.1.4, 27 April 2017

• Handle 404s for Rubygems when creating PRs (see #13)
• Set backtrace on errors raised in a forked process (see #11)

v0.1.3, 26 April 2017

• Ignore Ruby version specified in the Gemfile (for now) (see #10)

v0.1.2, 25 April 2017

• Support non-Rubygems sources (so private gems can now be bumped) (see #8)
• Handle all exceptions in forked process (see #9)

v0.1.1, 19 April 2017

• Follow redirects in Excon everywhere (fixes #4)

v0.1.0, 18 April 2017

• Initial extraction of core logic from https://github.com/gocardless/bump