Bump dependabot-omnibus from 0.209.0 to 0.221.0

[dependabot[bot]]

Bumps dependabot-omnibus from 0.209.0 to 0.221.0.

Release notes

Sourced from dependabot-omnibus's releases.

v0.221.0

What's Changed

• v0.220.0 by @​dependabot-core-action-automation in dependabot/dependabot-core#7428
• Target latest Python versions - 3.11.4, 3.10.12, 3.9.17, 3.8.17, 3.7.17 by @​phillipuniverse in dependabot/dependabot-core#7412
• exclude patterns for grouped updates by @​Nishnha in dependabot/dependabot-core#7402
• Add a newline after the group intro by @​Nishnha in dependabot/dependabot-core#7401
• Use ruby:3.1.4-bullseye by @​Nishnha in dependabot/dependabot-core#7442
• Fix edge case when updating Actions with mixed versions by @​deivid-rodriguez in dependabot/dependabot-core#7410
• [Grouped Updates] Cleaner management of the update dependency list by @​brrygrdn in dependabot/dependabot-core#7414
• [Grouped Updates] The VendorUpdater class watermarks DependencyFile objects it creates by @​brrygrdn in dependabot/dependabot-core#7433
• [Updater] Extract creation of new group Pull Requests into a discrete class by @​brrygrdn in dependabot/dependabot-core#7354
• [Updater] Avoid mis-representing a Dependency Group as a Dependency in error handling by @​brrygrdn in dependabot/dependabot-core#7359
• build(deps): bump Terraform to 1.5.0 by @​HorizonNet in dependabot/dependabot-core#7439
• Remove pnpm experiment flag by @​mctofu in dependabot/dependabot-core#7453
• Roll pub. Use dart 3 for running helpers. by @​sigurdm in dependabot/dependabot-core#7417
• Look in parent directories for nuget.config files by @​jmarolf in dependabot/dependabot-core#7342
• Remove persistent_gems_after_clean workaround by @​jurre in dependabot/dependabot-core#7296
• Add DEPENDABOT environment variable for users by @​shu-mutou in dependabot/dependabot-core#7407
• Bump debug from 1.7.2 to 1.8.0 in /updater by @​dependabot in dependabot/dependabot-core#7316
• Add workspace experiment to maintain state between updates and capture success/failure of each by @​bdragon in dependabot/dependabot-core#6693
• Add missing final EOL by @​deivid-rodriguez in dependabot/dependabot-core#7456
• Add sanitization to BranchNamer::DependencyGroupStrategy by @​TomNaessens in dependabot/dependabot-core#7452
• Remove duplicated ENV by @​deivid-rodriguez in dependabot/dependabot-core#7455
• Instantiate less dependencies by @​deivid-rodriguez in dependabot/dependabot-core#7459
• Fix actions updates when inconsistent casing is used by @​deivid-rodriguez in dependabot/dependabot-core#7462
• Revert "Pin CodeQL version (#7275)" by @​deivid-rodriguez in dependabot/dependabot-core#7465
• Update Bundler to 2.4.14 by @​deivid-rodriguez in dependabot/dependabot-core#7429
• Configure git with ENV by @​deivid-rodriguez in dependabot/dependabot-core#7467
• Update ecosystem READMEs with recommended setup by @​deivid-rodriguez in dependabot/dependabot-core#7472
• Fix flaky spec by @​deivid-rodriguez in dependabot/dependabot-core#7474
• NPM: fix GitHub registry not working when path is specified by @​jakecoffman in dependabot/dependabot-core#7468
• Remove simplecov by @​deivid-rodriguez in dependabot/dependabot-core#7473
• [Grouped Updates] Avoid passing non-manifest file changes between group updates by @​brrygrdn in dependabot/dependabot-core#7404
• build(deps): bump PNPM from 8.3.1 to 8.6.4 by @​yeikel in dependabot/dependabot-core#7330
• Add support for Directory.Packages.props file as entrypoint by @​TobiasLaving in dependabot/dependabot-core#7086
• Add smoke tests for go, npm and bundler+vendoring by @​brrygrdn in dependabot/dependabot-core#7486
• Use table summary for large groups of dependencies by @​bdragon in dependabot/dependabot-core#7463
• build(deps): bump Terraform from 1.5.0 to 1.5.2 by @​yeikel in dependabot/dependabot-core#7493
• Stop recording the ecosystem param by @​jeffwidman in dependabot/dependabot-core#7492
• Only record ecosystem versions when flag set by @​jeffwidman in dependabot/dependabot-core#7516
• Update the hex.pm/orgs/dependabot token by @​jeffwidman in dependabot/dependabot-core#7532
• Stop exposing real account tokens in plaintext by @​jeffwidman in dependabot/dependabot-core#7533
• Switch to using the new record_ecosystem_versions endpoint. by @​jeffwidman in dependabot/dependabot-core#7517
• Fix CodeQL warning by @​deivid-rodriguez in dependabot/dependabot-core#7531
• Use the new inputs API by @​jeffwidman in dependabot/dependabot-core#7550
• v0.221.0 by @​dependabot-core-action-automation in dependabot/dependabot-core#7554

New Contributors

• @​jmarolf made their first contribution in dependabot/dependabot-core#7342
• @​shu-mutou made their first contribution in dependabot/dependabot-core#7407

... (truncated)

Changelog

Sourced from dependabot-omnibus's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• be74670 Merge pull request #7554 from dependabot/bump-to-v0.221.0
• b20ca32 v0.221.0
• 8f44395 Use the new inputs API (#7550)
• 6e39f38 Merge pull request #7531 from dependabot/deivid-rodriguez/codeql-warnings
• f8baa1b Fix CodeQL warning
• a061724 Remove comment hard to keep up to date
• 781783f Switch to the record_ecosystem_versions endpoint (#7517)
• 8b4e7c7 Stop exposing real account tokens in plaintext (#7533)
• df6e81c Update the hex.pm/orgs/dependabot token (#7532)
• cd72277 Only record ecosystem versions when flag set (#7516)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #930.