-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an issue category that isn't bug/feature request #3611
Labels
Comments
I guess I could simply do "Blank Issue" but that's hidden in the small print at the bottom of https://github.com/dependabot/dependabot-core/issues/new/choose so easily missed. |
cc @brrygrdn for visibility since I see you do a lot of labeling these days 😀 |
That makes sense, I've added a |
jeffwidman
added a commit
to jeffwidman/dependabot-core
that referenced
this issue
Nov 30, 2021
Create a issue template for the new `T: tech-debt` label added as part of dependabot#3611.
Added a issue template here: #4470 |
milind009
added a commit
to GiriB/dependabot-core
that referenced
this issue
Feb 3, 2022
* v0.169.2 * Add tech-debt issue template Create a issue template for the new `T: tech-debt` label added as part of dependabot#3611. * Add bundler/helpers directory * Fix weird rubocop spacing * build(deps): bump composer/composer in /composer/helpers/v2 Bumps [composer/composer](https://github.com/composer/composer) from 2.1.12 to 2.1.14. - [Release notes](https://github.com/composer/composer/releases) - [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md) - [Commits](composer/composer@2.1.12...2.1.14) --- updated-dependencies: - dependency-name: composer/composer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Add comment indicating reasoning * Test for updating version of a parent pom * Demonstrate closing tag formatting can cause an update failure * Revert "Maven: Correctly handle nested declarations" * Add a test case specifically for the whitespace issue * v0.169.3 * Maven: Handle nested plugin declarations This was originally resolved in dependabot#4417 but later reverted, because that changed introduced a regression due to parsing the XML using Nokogiri, which caused formatting of the XML to be lost. We've observed errors around pom files that have a nested plugin section inside an outer plugin declaration. Given the following XML: ```xml <plugins> <plugin> <configuration> <jvmTarget>11</jvmTarget> <compilerPlugins> <plugin>spring</plugin> </compilerPlugins> </configuration> <groupId>org.jetbrains.kotlin</groupId> <artifactId>kotlin-maven-plugin</artifactId> <version>${kotlin.version}</version> </plugin> </plugin> ``` The <plugin>spring</plugin> declaration would cause a regex match, resulting in the required information (the version in this case) to be omitted from the XML snippet. This is resolved by matching on an additional nested plugin block in the regex, so that we always end up matching until the next closing tag. This does mean that if _another_ level of nesting is present we'd still end up with an incomplete XML section. This also does not resolve the issue for other elements than the `plugin` one. If we do observe the same issue with those other elements we can introduce the same type of nesting there. * build(deps-dev): bump prettier in /npm_and_yarn/helpers Bumps [prettier](https://github.com/prettier/prettier) from 2.4.1 to 2.5.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@2.4.1...2.5.1) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump to go 1.17.4 Release notes: https://go.dev/doc/devel/release#go1.17.minor * Add in CODECOMMIT_SOURCE regex * Add in test for terraform code commit repo source dependency * Detect unknown git sources that do not match SOURCE_REGEX and provide unique naming convention to use. * Create unknown git repo example test case * Rubocop fixes * build(deps-dev): bump eslint in /npm_and_yarn/helpers Bumps [eslint](https://github.com/eslint/eslint) from 8.3.0 to 8.4.1. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.3.0...v8.4.1) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump cython from 0.29.24 to 0.29.25 in /python/helpers Bumps [cython](https://github.com/cython/cython) from 0.29.24 to 0.29.25. - [Release notes](https://github.com/cython/cython/releases) - [Changelog](https://github.com/cython/cython/blob/master/CHANGES.rst) - [Commits](cython/cython@0.29.24...0.29.25) --- updated-dependencies: - dependency-name: cython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * v0.169.4 * feat(:git): do not decline valid git@... source Now it will be possible to also pass the source_type(source_string) call with a terraform valid git@... source property being set. The function git_source_details_from(source_string) is already prepared to handle this type. * build(deps-dev): update rubocop requirement from ~> 1.18.0 to ~> 1.23.0 Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version. - [Release notes](https://github.com/rubocop/rubocop/releases) - [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop@v1.18.0...v1.23.0) --- updated-dependencies: - dependency-name: rubocop dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Autofix all rubocop lint * build(deps-dev): bump jest in /npm_and_yarn/helpers Bumps [jest](https://github.com/facebook/jest) from 27.2.5 to 27.4.3. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](jestjs/jest@v27.2.5...v27.4.3) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump @npmcli/arborist in /npm_and_yarn/helpers Bumps [@npmcli/arborist](https://github.com/npm/arborist) from 4.0.5 to 4.1.1. - [Release notes](https://github.com/npm/arborist/releases) - [Changelog](https://github.com/npm/arborist/blob/main/CHANGELOG.md) - [Commits](npm/arborist@v4.0.5...v4.1.1) --- updated-dependencies: - dependency-name: "@npmcli/arborist" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump composer binary from 2.1.12 to 2.1.14 * v0.169.5 * Add a job to build and push the dev container * DRY out envvar setting * Fix typo * Fix docker build argument for dev container build * Actually fix the docker build arguments * Bump go from 1.17.4 to 1.17.5 * Remove the developer image docker build This currently fails due to being unable to push to the repository: https://github.com/dependabot/dependabot-core/runs/4487225804?check_suite_focus=true Let's remove it until we make the required permission changes * Handle InvalidURIError as DependencyFileNotResolvable Co-Authored-By: Nishant Sinha <nishnha@github.com> * Add test for invalid index urls Co-Authored-By: Nishant Sinha <nishnha@github.com> * Add test for PoetryFileUpdater with a python_index with auth details This was tested with a local instance of pypiserver with an empty packages/ directory, which meant it was just proxying calls to pypi.org. The credentials used in testing were set up using the pypiserver instructions at https://pypi.org/project/pypiserver/#apache-like-authentication-htpasswd. This might be feasible for Dependabot's own testing, as you could run this as part of the setup, but there are probably better alternatives. * Fix failing Cargo test The test made sure no update occured if there is a transitive dependency conflict. The transitive dependency nom was updated for the dependency askama, so we pin askama to a commit SHA. * v0.169.6 * Reinstate the dev container build to GHCR * Push images to a GHCR mirror * Add permission to push packages or else we don't get far! * Run push-core-image only on dependabot/dependabot-core repository * Python: Upgrade pyenv to 2.2.2 * build(deps-dev): bump jest in /npm_and_yarn/helpers Bumps [jest](https://github.com/facebook/jest) from 27.4.3 to 27.4.5. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](jestjs/jest@v27.4.3...v27.4.5) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Allow whitespace at beginning of cargo dep * Return name unless contains git dependency name notation * Remove matching tabs at start of line Ruby's `\s` regex matches any whitespace character, including tabs * Fix conditional in Docker workflow * Add in display name test case for registry and git source * Add provider name test and rubocop fix * Test tab indentation on cargo dependencies * Add unknown repo name test * Avoid matching containers starting with the same name * Simplify setting proxy envvars for the container * Common: Constrain activesupport to < 7 We rely on some code that seems to be incompatible with activesupport 7, which was just released. We'll want to dig into that and see if we can't make our code play nice with the new version, but for now, since this is breaking our builds etc let's ensure that we stay on major version 6. * v0.169.7 * build(deps-dev): bump eslint in /npm_and_yarn/helpers Bumps [eslint](https://github.com/eslint/eslint) from 8.4.1 to 8.5.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.4.1...v8.5.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Common: Consider all failed requests to check enterprise source as false We've observed some failures when making requests to the `/status` endpoint for some git hosts that end up not being reported as a `Excon::Error`. We make this request to check if the host is a GHES instance so we can pull in relevant metadata from the host. However, when that request fails, we should prefer opening the PR without that metadata, as we likely wouldn't be able to source it any way. * Fix syntax for setting bundle config * Bundler: update bundler to 2.2.33 https://github.com/rubygems/rubygems/blob/master/bundler/CHANGELOG.md#2233-december-7-2021 Includes a security fix around how git commands are executed * v0.169.8 * build(deps): bump jason from 1.2.2 to 1.3.0 in /hex/helpers Bumps [jason](https://github.com/michalmuskala/jason) from 1.2.2 to 1.3.0. - [Release notes](https://github.com/michalmuskala/jason/releases) - [Changelog](https://github.com/michalmuskala/jason/blob/master/CHANGELOG.md) - [Commits](michalmuskala/jason@v1.2.2...v1.3.0) --- updated-dependencies: - dependency-name: jason dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Remove additional push targets * Only build CI for pulls into main * Prefer to use job.<job_id>.env to set vars * Add packages: write scope * Push branch images to only GHCR from now on * Push CI images to a GHCR mirror * Python: Quarantine slow tests into their own CI run These tests have not been wearing masks, and to avoid them infecting the other tests we need to quarantine them. Jokes aside, splitting these slow tests off into their own CI run should reduce the overall time we have to wait on CI to pass, and it gives us some indication on which tests we might want to try to speed up going forward. So far I've split off the ~10 slowest tests, which according to rspec take 40% of the total time to run these tests! We can move more things into the slow suite, but I'd like to avoid having the majority of the tests live there, because then we'd still end up with one very slow suite. * Swap byebug for debug Rails (thus ActiveSupport) has opted to use debug as its debugging gem in its version 7 release. * Use GHCR as the canonical source for CI images * Require top-level ActiveSupport before files * Python: Move some more tests to the slow suite After noticing the regular python suite still takes ~20 minutes on CI and the python_slow suite roughly half that, I moved another bunch of the now top 10 slowest tests in the regular suite to the slow one. * build(deps): bump wheel from 0.37.0 to 0.37.1 in /python/helpers Bumps [wheel](https://github.com/pypa/wheel) from 0.37.0 to 0.37.1. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.37.0...0.37.1) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump cython from 0.29.25 to 0.29.26 in /python/helpers Bumps [cython](https://github.com/cython/cython) from 0.29.25 to 0.29.26. - [Release notes](https://github.com/cython/cython/releases) - [Changelog](https://github.com/cython/cython/blob/master/CHANGES.rst) - [Commits](cython/cython@0.29.25...0.29.26) --- updated-dependencies: - dependency-name: cython dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Remove `byebug` artifacts These artifacts are remnants of a recently removed gem. Now that we're using `debug`, we no longer need to ignore `.byebug_history`. * Use debugger-agnostic alias I wasn't aware that the major Ruby debuggers implement `debugger` as an alias to their `binding` calls in source code. While I don't see this as a necessary or important change, I think it's worth making. * GOPRIVATE not needed for 'go mod edit -json' It only parses the local go.mod and doesn't reach out over the network. * Remove unreachable error handling Possibility of this error occurring was removed in dependabot@18d48b4 * Allow configuration of GOPRIVATE * Tests to check for GOPRIVATE affecting update behavior * Allow goprivate config via dry-run * Check for access before ghcr push * For testing PoetryFileUpdater, use .prepared_pyproject ...rather than testing against the updated files as in the previous commit. With this approach, we don't need to set up an actual repository with credentials, since all we are doing is checking that the credentials do not leak into the pyproject file. Since the lock file is created by Poetry itself from the pyproject file, if our pyproject file is clean of credentials when we generate the lock file, the only way credentials could then leak in would be a bug in Poetry. * Bump cargo from 1.51.0 to 1.57.0 https://blog.rust-lang.org/2021/12/02/Rust-1.57.0.html * Add description of updater_options formats * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/master/CHANGELOG.md) - [Commits](phpstan/phpstan@1.2.0...1.3.1) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Simplify Dockerfile a little bit * Revert "Bump cargo from 1.51.0 to 1.57.0" * v0.170.0 * Ensure CI uses the latest image built on that branch * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/master/CHANGELOG.md) - [Commits](phpstan/phpstan@1.2.0...1.3.1) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump hashin from 0.15.0 to 0.17.0 in /python/helpers Bumps [hashin](https://github.com/peterbe/hashin) from 0.15.0 to 0.17.0. - [Release notes](https://github.com/peterbe/hashin/releases) - [Commits](https://github.com/peterbe/hashin/commits) --- updated-dependencies: - dependency-name: hashin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Revert hashin upgrade for python native helper * Tag the branch image as dependabot/dependabot-core:latest locally * v0.170.1 * Rename unknown git repo PRs * Rename unknown git repo PRs * Rename unknown git repo PRs * Fix issues with renaming unknown repos * Consistency pass on composer native helper build * build(deps): bump pipenv from 2021.11.23 to 2022.1.8 in /python/helpers Bumps [pipenv](https://github.com/pypa/pipenv) from 2021.11.23 to 2022.1.8. - [Release notes](https://github.com/pypa/pipenv/releases) - [Changelog](https://github.com/pypa/pipenv/blob/main/CHANGELOG.rst) - [Commits](pypa/pipenv@v2021.11.23...v2022.1.8) --- updated-dependencies: - dependency-name: pipenv dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * v0.170.2-release-notes * v0.171.0 * Bundler installs to DEPENDABOT_NATIVE_HELPERS_PATH/bundler * Composer installs to DEPENDABOT_NATIVE_HELPERS_PATH/composer * go_mod installs to DEPENDABOT_NATIVE_HELPERS_PATH/go_modules * Hex installs to DEPENDABOT_NATIVE_HELPERS_PATH/hex * Npm installs to DEPENDABOT_NATIVE_HELPERS_PATH/npm_and_yarn * Python installs to DEPENDABOT_NATIVE_HELPERS_PATH/python * Terraform installs to DEPENDABOT_NATIVE_HELPERS_PATH/terraform * Consistently mount helpers into CODE_DIR in dev shell * Update README with native helper instructions * Update bundler/README.md * Update composer/README.md * Update python/README.md * Update go_modules/README.md * Update hex/README.md * Update terraform/README.md * Update npm_and_yarn/README.md * Ignore helper/install-dir, Whitespace * No need to mkdir in dockerfile now * Lint build script changes * Clarify some README examples * build(deps): bump composer/composer in /composer/helpers/v2 Bumps [composer/composer](https://github.com/composer/composer) from 2.1.14 to 2.2.4. - [Release notes](https://github.com/composer/composer/releases) - [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md) - [Commits](composer/composer@2.1.14...2.2.4) --- updated-dependencies: - dependency-name: composer/composer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Fix composer 2.2.4 tests * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v2 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.3.1 to 1.3.3. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/master/CHANGELOG.md) - [Commits](phpstan/phpstan@1.3.1...1.3.3) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps-dev): bump phpstan/phpstan in /composer/helpers/v1 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 1.3.1 to 1.3.3. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/master/CHANGELOG.md) - [Commits](phpstan/phpstan@1.3.1...1.3.3) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump composer/composer in /composer/helpers/v1 Bumps [composer/composer](https://github.com/composer/composer) from 1.10.23 to 1.10.24. - [Release notes](https://github.com/composer/composer/releases) - [Changelog](https://github.com/composer/composer/blob/1.10.24/CHANGELOG.md) - [Commits](composer/composer@1.10.23...1.10.24) --- updated-dependencies: - dependency-name: composer/composer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump composer v1 binary installed in Docker * build(deps-dev): bump friendsofphp/php-cs-fixer in /composer/helpers/v2 Bumps [friendsofphp/php-cs-fixer](https://github.com/FriendsOfPHP/PHP-CS-Fixer) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases) - [Changelog](https://github.com/FriendsOfPHP/PHP-CS-Fixer/blob/master/CHANGELOG.md) - [Commits](PHP-CS-Fixer/PHP-CS-Fixer@v3.3.2...v3.4.0) --- updated-dependencies: - dependency-name: friendsofphp/php-cs-fixer dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * v0.171.1 * build(deps-dev): bump eslint in /npm_and_yarn/helpers Bumps [eslint](https://github.com/eslint/eslint) from 8.5.0 to 8.6.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.5.0...v8.6.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps-dev): bump jest in /npm_and_yarn/helpers Bumps [jest](https://github.com/facebook/jest) from 27.4.5 to 27.4.7. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/facebook/jest/blob/main/CHANGELOG.md) - [Commits](jestjs/jest@v27.4.5...v27.4.7) --- updated-dependencies: - dependency-name: jest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Npm: support lockfile v3 This change instructs our npm code to use npm7 for lockfiles using the v3 format. Npm 7 fully supports this new format, (which is not backwards compatible with npm 6), and prior to this change they were treated as npm 6 lockfiles, which would result in the entire lockfile being rewritten. Co-authored-by: Fernando Fernández <ferferga@hotmail.com> * v0.171.2 * resolving merge conflicts * removing unecessary usage of dependency * updating file according to changes missed by git merge * removing redundant parameter in Dockerfile.lite Co-authored-by: David McIntosh <804610+mctofu@users.noreply.github.com> Co-authored-by: Lane Seppala <lseppala@github.com> Co-authored-by: Jurre <jurre@github.com> Co-authored-by: Landon Grindheim <landon.grindheim@gmail.com> Co-authored-by: Lane Seppala <lseppala@users.noreply.github.com> Co-authored-by: Jeff Widman <jeff@jeffwidman.com> Co-authored-by: Dennis Carey <dwc0011@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Nish Sinha <nishnha@github.com> Co-authored-by: Landon Grindheim <landongrindheim@github.com> Co-authored-by: Sebastian Brandt <sebastian.brandt@tchibo-external.com> Co-authored-by: Barry Gordon <brrygrdn@github.com> Co-authored-by: Barry Gordon <896971+brrygrdn@users.noreply.github.com> Co-authored-by: Isobel Hooper <isobel.hooper@cambridgequantum.com> Co-authored-by: Mattt Zmuda <mattt@github.com> Co-authored-by: Mike <mike@zivix.com> Co-authored-by: dwc0011 <53784917+dwc0011@users.noreply.github.com> Co-authored-by: Peter Dave Hello <hsu@peterdavehello.org> Co-authored-by: Philip Harrison <philip@mailharrison.com> Co-authored-by: Fernando Fernández <ferferga@hotmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've been filing a number of tickets that aren't bugs--the code works find today--but also aren't feature requests. They're more like tech debt/code improvements. I never know which category to use. So maybe add another category like "tech debt"? With the idea that it improves dependabot w/o actually adding any new features?
Examples of these types of tickets:
go
? #4448go.mod
generated usinggo
1.17
#4154^vi
regex in go_modules #3612The text was updated successfully, but these errors were encountered: