Sourced from dependabot-omnibus's changelog.

v0.217.0, 24 April 2023

• Run UpdateAllVersions with ungrouped dependencies #7110
• [Updater] Ensure we no longer test the legacy code path #7136
• [Updater] Extract RefreshSecurityUpdatePullRequest into an Operation class #7128
• [Updater] DependencyChange passes any group to the PR message builder #7137

v0.216.2, 20 April 2023

• Pull Request names are Dependency Group aware #7115
• 🛑 Stop clobbering Octokit middleware #7121
• Fix more order dependent spec failures #7114
• Fix flaky specs in updater #7113
• Run Dependency Group updates #7075
• [Updater] Extract UpdateVulnerableVersion as an Operation class #6961
• [Updater] Grouped updates will not include ignored dependencies #7091
• Improve npm package manager instrumentation #7087

v0.216.1, 14 April 2023

• [Updater] Wire up and flesh out branch naming for Grouped Update PRs #7084
• Fix incorrect detection of top level gemspecs #7085
• Improve some exception error messages #7068
• Bundle the updater when bumping versions #7070
• Bump rubocop from 1.48.0 to 1.50.0 in /updater (@​app/dependabot) #7064

v0.216.0, 12 April 2023

• Allow updating gemspecs loaded from a Gemfile #7051
• Update README.md to include link to the public Dependabot Core board #7054
• Fix update checking in Yarn repositories using workspaces #7024
• Don't try to resolve pinned sha's to versions when updating docker images #6150
• [Updater] Inform the backend metric service which operation class is used for each update #7009
• [Updater] Prefer updated_dependencies to dependencies for DependencyChange objects #7005
• [Updater] Introduce a DependencyChangeBuilder class to complete encapsulation of diff generation #7004
• Upgrade ruby to 3.1.4 and ruby-install to 0.9.0 #6998
• Generate proper PR summary table for docker digest updates #6996
• [Updater] Absorb Security Advisory and Ignore Conditions into Job #6989
• [Updater] Move filtering of parsed dependencies by allow rules or job dependencies #6991
• Fix "no files were updated!" errors in workspaces #6950
• Allow updating only the digest when tag is already up to date #6992
• Fix updating some references when having multiple Dockerfiles #6973
• Add OCI header support to Docker #6969
• [Updater] Extract RefreshVersionPullRequest as an Operation class #6939
• Don't propose updates to a more precise version of the same docker tag #6748
• Strip BOM from file contents #6714
• Refactor npm ecosystem lockfile parsing #6944
• [Updater] Stub the upate checker for security ignore tests #6951
• Implement double star glob workspaces for npm & yarn #6932
• [Updater] Update the service's dependency metadata in one place #6934

... (truncated)

• af172c5 reverting a mime-types-data change
• 4ac15f6 Use correct bundler version
• a744f07 v0.217.0
• 6291bb9 Update pip requirement in /python/helpers (#7097)
• 3012a48 Merge pull request #7110 from dependabot/nishnha/update-ungrouped-dependencies
• 705dc86 Merge branch 'main' into nishnha/update-ungrouped-dependencies
• c4a7f33 Bump aws-sdk-codecommit from 1.52.0 to 1.53.0 in /updater (#7101)
• 1a6f607 Merge branch 'main' into nishnha/update-ungrouped-dependencies
• ebc823b Cargo: handle dependencies that are not in the index (#7142)
• 3e19cc3 Cargo: handle packages that don't exist at Git repo (#7143)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)