dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard

verified publisher icon dependabot
β†’

Metadata

πŸ€– Dependabot's core logic for creating update PR's.

Results 907 dependabot-core issues
Sort by recently updated
recently updated
newest added

Support scanning `uv.lock` for dependencies

5 comment

### Is there an existing issue for this? - [x] I have searched the existing issues ### Feature description Now that dependabot somewhat supports updating uv.lock, it'd be great if...

isbldr avatar isbldr

T: feature-request
L: python
L: python:uv

0.0.0 version is considered "latest" even though it isn't

1 comment

### Is there an existing issue for this? - [x] I have searched the existing issues ### Package ecosystem pip ### Package manager version poetry ### Language version Python ###...

CiottiGiorgio avatar CiottiGiorgio

T: bug 🐞
L: go:modules
L: github:actions
L: python

Cannot authenticate to OCI registry

### Is there an existing issue for this? - [x] I have searched the existing issues ### Package ecosystem Helm ### Package manager version Helm ### Language version _No response_...

jaredlueck avatar jaredlueck

T: bug 🐞
L: elm
L: helm

Gradle Plugin Portal release date fetching for the cooldown feature

### What are you trying to accomplish? Add release date tracking for Gradle plugins to enable the cooldown feature, which prevents updating to newly released versions too quickly. Gradle plugins...

thavaahariharangit avatar thavaahariharangit

L: java:gradle

Handle situations where the OpenTofu registry errors

3 comment

### What are you trying to accomplish? There are situations where the OpenTofu registry returns a non-200 status code for a reason (Such as a cloudflare outage!) And this commit...

Yantrio avatar Yantrio

L: opentofu

[dart/pub] Dependabot is incorrectly and unexpectedly changing pubspec.lock flutter constraint from "3.35.6" to ">=3.35.6"

6 comment

### Is there an existing issue for this? - [x] I have searched the existing issues ### Package ecosystem dart ### Package manager version _No response_ ### Language version _No...

acoutts avatar acoutts

T: bug 🐞
L: dart:pub

Fix unqualified MANIFEST_FILENAME constant reference in DependencyGrapher

The DependencyGrapher inherits from a base class in a different module, causing Ruby to fail finding MANIFEST_FILENAME. This broke the graph command for npm repos without a committed lockfile (when...

jurre avatar jurre

L: javascript

Bump js-yaml from 3.14.1 to 3.14.2 in /npm_and_yarn/helpers

Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. Changelog Sourced from js-yaml's changelog. [3.14.2] - 2025-11-15 Security Backported v4.1.1 fix to v3 [4.1.1] - 2025-11-12 Security Fix prototype pollution issue in yaml...

dependabot[bot] avatar dependabot[bot]

dependencies
javascript
L: javascript

Remove confusing npm 6 hack warning in `npm/Dockerfile` and remove global `.npmrc`

While auditing the Dockerfiles last week, I spotted this confusing warning about a hack to work around a npm 6 issue. We've deprecated npm 6 support recently, so this hack...

jeffwidman avatar jeffwidman

L: rust:cargo
L: javascript

Bump the npm-dependencies group across 1 directory with 3 updates

1 comment

Bumps the npm-dependencies group with 3 updates in the /npm_and_yarn/helpers directory: [@npmcli/arborist](https://github.com/npm/cli/tree/HEAD/workspaces/arborist), [nock](https://github.com/nock/nock) and [semver](https://github.com/npm/node-semver). Updates `@npmcli/arborist` from 8.0.0 to 9.1.6 Release notes Sourced from @​npmcli/arborist's releases. arborist: v9.1.6 9.1.6...

dependabot[bot] avatar dependabot[bot]

dependencies
javascript
L: javascript

← Metadata

4.4k
Stars
915
Forks
Watchers

Owner

verified publisher icon dependabot

Metadata

πŸ€– Dependabot's core logic for creating update PR's.

Back