Bump dependabot-omnibus from 0.209.0 to 0.226.0

[dependabot[bot]]

Bumps dependabot-omnibus from 0.209.0 to 0.226.0.

Release notes

Sourced from dependabot-omnibus's releases.

v0.226.0

What's Changed

• Stop checking deprecated bugtrack_url by @​jeffwidman in dependabot/dependabot-core#7681
• Fix typo in method name in Swift update checker by @​deivid-rodriguez in dependabot/dependabot-core#7683
• Bump Bundler to 2.4.17 by @​deivid-rodriguez in dependabot/dependabot-core#7684
• Fix Github Actions dependency parsing edge case by @​deivid-rodriguez in dependabot/dependabot-core#7494
• Ignore tags not matching prefix, when workflow is pinned to SHAs by @​deivid-rodriguez in dependabot/dependabot-core#7430
• Rename conf_files dir to pip_conf_files to reduce ambiguity by @​jeffwidman in dependabot/dependabot-core#7690
• Update poetry test of oldest supported python version to 3.8 by @​jeffwidman in dependabot/dependabot-core#7691
• Test that unsupported Python versions raise the expected error by @​jeffwidman in dependabot/dependabot-core#7692
• Add sane limit to PR description limit for Bitbucket cloud by @​stefangr in dependabot/dependabot-core#7693
• [Grouped Updates] Remove current handling for separate ungrouped version checks from the experiment by @​brrygrdn in dependabot/dependabot-core#7689
• Delete deprecated host-environment-markers key by @​jeffwidman in dependabot/dependabot-core#7698
• Fixup pip_version_resolver specs by @​jeffwidman in dependabot/dependabot-core#7699
• Move the Pipfile/Pipfile.lock fixtures to a clearly named folder by @​jeffwidman in dependabot/dependabot-core#7700
• Update pip-tools requirement from =6.4.0,<=6.14.0 in /python/helpers by @​dependabot in dependabot/dependabot-core#7509
• Bump composer/composer from 2.5.5 to 2.5.8 in /composer/helpers/v2 by @​dependabot in dependabot/dependabot-core#7420
• Make python_major_minor a one-liner by @​jeffwidman in dependabot/dependabot-core#7705
• Use dockerignore rules that play better with recent docker versions by @​deivid-rodriguez in dependabot/dependabot-core#7713
• Give better error message when fixture project is missing a file by @​deivid-rodriguez in dependabot/dependabot-core#7717
• Document why we pin wheel by @​jeffwidman in dependabot/dependabot-core#7719
• Bump cython from 0.29.34 to 3.0.0 in /python/helpers by @​dependabot in dependabot/dependabot-core#7586
• Set file encoding in GitLab commits by @​mikaellanger in dependabot/dependabot-core#7381
• Fetching GitLab repo contents correctly uses the ref argument by @​maciej-gol in dependabot/dependabot-core#7351
• Suppress error output when evaluating invalid Ruby during tests by @​deivid-rodriguez in dependabot/dependabot-core#7706
• Fix fetching files in symlinked folders by @​deivid-rodriguez in dependabot/dependabot-core#7411
• Enable --verbose when running specs by @​deivid-rodriguez in dependabot/dependabot-core#7708
• Bump the dev-dependencies group in /npm_and_yarn/helpers with 4 updates by @​dependabot in dependabot/dependabot-core#7723
• Bump jason from 1.4.0 to 1.4.1 in /hex/helpers by @​dependabot in dependabot/dependabot-core#7538
• Bump aws-sdk-ecr from 1.58.0 to 1.63.0 in /updater by @​dependabot in dependabot/dependabot-core#7667
• Bump excon from 0.99.0 to 0.100.0 in /updater by @​dependabot in dependabot/dependabot-core#7485
• Bump parser from 3.2.2.0 to 3.2.2.3 in /updater by @​dependabot in dependabot/dependabot-core#7425
• Bump rubocop-performance from 1.17.1 to 1.18.0 in /updater by @​dependabot in dependabot/dependabot-core#7727
• Bump faraday-retry from 2.1.0 to 2.2.0 in /updater by @​dependabot in dependabot/dependabot-core#7726
• Bump the pnpm-dependencies group in /npm_and_yarn/helpers with 1 update by @​dependabot in dependabot/dependabot-core#7725
• Group Dependabot aws-sdk-* PRs by @​jeffwidman in dependabot/dependabot-core#7732
• Bump the aws-sdk group in /updater with 1 update by @​dependabot in dependabot/dependabot-core#7733
• Bump vcr from 6.1.0 to 6.2.0 in /updater by @​dependabot in dependabot/dependabot-core#7729
• Bump commonmarker from 0.23.9 to 0.23.10 in /updater by @​dependabot in dependabot/dependabot-core#7730
• Bump the dev-dependencies group in /composer/helpers/v2 with 1 update by @​dependabot in dependabot/dependabot-core#7745
• Bump the dev-dependencies group in /composer/helpers/v1 with 1 update by @​dependabot in dependabot/dependabot-core#7747
• Bump the dev-dependencies group in /npm_and_yarn/helpers with 1 update by @​dependabot in dependabot/dependabot-core#7746
• Support SCP-style URIs in Swift updater by @​deivid-rodriguez in dependabot/dependabot-core#7722
• Delete unused test fixture by @​jeffwidman in dependabot/dependabot-core#7737
• Pin test to legacy resolver to force desired error message by @​jeffwidman in dependabot/dependabot-core#7738
• build(deps): bump go from 1.20.6 to 1.20.7 by @​yeikel in dependabot/dependabot-core#7754
• build(deps): bump regclient from 0.5.0 to 0.5.1 by @​yeikel in dependabot/dependabot-core#7752
• Delete unused method error_certainly_bad_python_version? by @​jeffwidman in dependabot/dependabot-core#7739
• Don't cancel full CI runs on main by @​deivid-rodriguez in dependabot/dependabot-core#7757
• build(deps): bump Yarn to 3.6.1 by @​yeikel in dependabot/dependabot-core#7755

... (truncated)

Changelog

Sourced from dependabot-omnibus's changelog.

Deprecated in favor of GitHub releases April 24th, 2023

The Dependabot-core Changelog is now available through GitHub Releases.

We switched to GitHub Releases to avoid the race condition between the version bump pull request and another pull request. If the other PR is merged between the time the version bump pull request was created and when it was merged, then the other pull request wasn't getting pulled into our changelog. This also allows a lot more flexibility around automation the creation of the version bump PR.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992

... (truncated)

Commits

• d188759 Merge pull request #7704 from dependabot/bump-to-v0.226.0
• b1e6efc v0.226.0
• 4e22d43 Remove CodeQL warning (#7792)
• c9685ff Merge pull request #7794 from dependabot/deivid-rodriguez/run-group-vendor-tests
• a16f201 Make sure group vendor bundler tests run and pass
• a59c8a8 Reverse logic to make it less weird
• 9f53299 Do not check only unlocked gems for pruning (#7295)
• 3193956 Merge pull request #7687 from dependabot/deivid-rodriguez/add-back-version-br...
• 7ad4924 Reword for clarify
• 3d5b2ef Support schemas with multiple build numbers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)