Comparing v1.85.0...v1.86.0 · dependabot/cli (original) (raw)

Commits on Mar 27, 2026

1. Configuration menu
   Browse the repository at this point in the history
2. Configuration menu
   Browse the repository at this point in the history

Commits on Mar 31, 2026

1. Add UpdateTypes field to Allowed struct (#605)

• Add UpdateTypes field to Allowed struct
  Add update-types support to the Allowed struct, matching the existing
  pattern in the Condition (ignore) struct. This enables semver-level
  filtering (major/minor/patch) in allow blocks of dependabot.yml.
  Changes:

• Add UpdateTypes []string field to Allowed struct in model/job.go
• Add update-types entry to exampleJob YAML fixture
• Add TestAllowedUpdateTypes: verifies YAML unmarshal of update-types
• Add TestAllowedUpdateTypesJSON: verifies JSON round-trip serialization
  Relates to dependabot/dependabot-core#12668.
  Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

• Improve TestAllowedUpdateTypesJSON to validate actual JSON keys
  Unmarshal into map[string]any to verify correct JSON tag names
  ("update-types", "dependency-name") rather than round-tripping
  through the same struct. Also verify omitempty behavior.
  Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
• Test JSON marshal output directly without unmarshal
  Compare marshaled JSON string directly to verify correct key names
  and omitempty behavior, per reviewer feedback.
  Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com

Configuration menu
Browse the repository at this point in the history

Commits on Apr 29, 2026

1. Skip auto-generated ignore conditions for git SHA versions (#616)
   generateIgnoreConditions produces version-requirement: '>X' per
   create_pull_request output. When X is a 40-character git SHA
   (submodules, nix flake inputs pinned to a branch or rev), Ruby's
   Gem::Requirement rejects it as ill-formed and the smoke test fails.
   The previous workaround was an inline pm != "submodules" check that
   disabled generation for the entire ecosystem. That doesn't work for
   nix, which can mix SHA-pinned and tag-pinned (semver) flake inputs in
   the same lock file.
   Detect git SHAs at the individual condition level instead. Semver-style
   versions in any ecosystem still get a stability ignore condition; SHAs
   are skipped wherever they appear (see dependabot/smoke-tests#479).
   
   Configuration menu
   Browse the repository at this point in the history

Commits on May 7, 2026

1. Configuration menu
   Browse the repository at this point in the history

Commits on May 14, 2026

1. Configuration menu
   Browse the repository at this point in the history