Bump dependabot-omnibus from 0.209.0 to 0.218.0

[dependabot[bot]]

Bumps dependabot-omnibus from 0.209.0 to 0.218.0.

Release notes

Sourced from dependabot-omnibus's releases.

v0.218.0

What's Changed

• Cleanup leftover require by @​deivid-rodriguez in dependabot/dependabot-core#7162
• Cleanup duplicated conditions by @​deivid-rodriguez in dependabot/dependabot-core#7161
• Don't run update checker unnecessarily on all javascript packages in a monorepo by @​deivid-rodriguez in dependabot/dependabot-core#7141
• Prepare yarn berry just once by @​deivid-rodriguez in dependabot/dependabot-core#7160
• build(deps): bump Elixir to 1.14.4 by @​yeikel in dependabot/dependabot-core#7151
• Cargo: handle unsupported toolchain versions (part 2) by @​jakecoffman in dependabot/dependabot-core#7168
• It's bug_tracker_uri not issue_tracker_uri by @​jeffwidman in dependabot/dependabot-core#7165
• Switch from Changelog.md to GitHub releases by @​jeffwidman in dependabot/dependabot-core#7163
• No need for --dry-run by @​jeffwidman in dependabot/dependabot-core#7164
• Update docs with current release process by @​jeffwidman in dependabot/dependabot-core#7169
• build(deps): bump Yarn from 3.4.1 to 3.5.0 by @​yeikel in dependabot/dependabot-core#7149
• Pass the serialized group name when creating a PR for grouped updates by @​Nishnha in dependabot/dependabot-core#7166
• [Updater] Ensure we pass all dependency files into each step in a grouped update by @​brrygrdn in dependabot/dependabot-core#7170
• NPM: fix npmrc generation for v3 package-locks by @​jakecoffman in dependabot/dependabot-core#7175
• docs: add information about where to find Terraform updates and how to validate the release by @​yeikel in dependabot/dependabot-core#7176
• Improve npm instrumentation by @​deivid-rodriguez in dependabot/dependabot-core#7177
• Merge workflows that push images by @​deivid-rodriguez in dependabot/dependabot-core#6681
• Clarify the images-latest workflow by @​jeffwidman in dependabot/dependabot-core#7180
• Pass exception message directly to peer dependency error handler by @​deivid-rodriguez in dependabot/dependabot-core#7178
• build(deps): bump Terraform to 1.4.6 by @​yeikel in dependabot/dependabot-core#7181
• Remove accidentally committed node_modules folders by @​deivid-rodriguez in dependabot/dependabot-core#7172
• Refactor workspace file fetching in npm by @​deivid-rodriguez in dependabot/dependabot-core#7183
• NPM: handle EBADENGINE better by @​jakecoffman in dependabot/dependabot-core#7194
• Improve naming of a method by @​deivid-rodriguez in dependabot/dependabot-core#7197
• Clarify comments on peer dependency error regexes by @​deivid-rodriguez in dependabot/dependabot-core#7195
• remove unused script by @​jakecoffman in dependabot/dependabot-core#7205
• Fix README.md formatting error by @​JonathanBerkeley in dependabot/dependabot-core#7193
• Remove unused requires by @​deivid-rodriguez in dependabot/dependabot-core#7200
• Catch bundle lock failures by @​jeffwidman in dependabot/dependabot-core#7208
• Pass required method argument in GroupUpdateAllVersions updater operation by @​bdragon in dependabot/dependabot-core#7202
• Do not catch the 0 exit code by @​jeffwidman in dependabot/dependabot-core#7209
• Remove unused GH_TOKEN env var by @​jeffwidman in dependabot/dependabot-core#7207
• [Updater] Fix brittle test for grouped updates by @​brrygrdn in dependabot/dependabot-core#7213
• Remove Updater#legacy_run by @​brrygrdn in dependabot/dependabot-core#7212
• [Updater] Implement an Operation capable of refreshing a Grouped Update PR. by @​brrygrdn in dependabot/dependabot-core#7192
• Add PNPM support by @​deivid-rodriguez in dependabot/dependabot-core#7081
• Remove dead code by @​deivid-rodriguez in dependabot/dependabot-core#7218
• Add a placeholder dependabot-core.gemspec by @​jeffwidman in dependabot/dependabot-core#7171
• Pin docker_registry2 to 1.14.0 to fix CI by @​deivid-rodriguez in dependabot/dependabot-core#7224
• prebuild Python image for faster Codespace startup by @​jakecoffman in dependabot/dependabot-core#7225
• Create version bump PRs using a custom action by @​jeffwidman in dependabot/dependabot-core#7211
• [Updater] The Updater always expects job.dependency_groups to be defined by @​brrygrdn in dependabot/dependabot-core#7216
• [Updater] Add a test for two overlapping groups by @​brrygrdn in dependabot/dependabot-core#7217
• Fix Dependabot failing to create PRs when updates are needed on path gemspecs by @​deivid-rodriguez in dependabot/dependabot-core#7227
• Remove unnecessary usages of VCR by @​deivid-rodriguez in dependabot/dependabot-core#7233
• Don't link to empty releases page in PR body by @​deivid-rodriguez in dependabot/dependabot-core#7118
• Remove references to removed file by @​deivid-rodriguez in dependabot/dependabot-core#7236
• Fix updating GitHub Actions pinned to mixed references by @​deivid-rodriguez in dependabot/dependabot-core#7215

... (truncated)

Changelog

Sourced from dependabot-omnibus's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• 889ef34 v0.218.0 (#7339)
• eb13f32 Minor format tweak (#7338)
• 41b319c Add App Token to release workflow so CI jobs run (#7324)
• 2d23b3c Ensure we start from main even if workflow run from a branch (#7335)
• 7e98127 docs: improve documentation (#7328)
• 79e5758 Merge pull request #7297 from dependabot/brrygrdn/remove-prototype-from-branc...
• 01b510f Merge branch 'main' into brrygrdn/remove-prototype-from-branch-names
• 815856b CodeQL: ignore purposefully invalid ruby files (#7126)
• 7fef65d Remove prototype from branch names
• 5767e8a Merge pull request #7304 from dependabot/deivid-rodriguez/revert-gradle-fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #925.