Skip to content

Bump update-time from 0.0.16 to 0.0.18 in /components/shared_code#13959

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/components/shared_code/update-time-0.0.18
Closed

Bump update-time from 0.0.16 to 0.0.18 in /components/shared_code#13959
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/uv/components/shared_code/update-time-0.0.18

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Bumps update-time from 0.0.16 to 0.0.18.

Changelog

Sourced from update-time's changelog.

0.0.18 - 2026-07-10

Added

  • Opt in to adopting image digest drift. When an already-pinned image tag has been re-pushed under the same version, Update-time still warns by default, but a new # update-time: allow[digest-drift] marker (or the global --allow-image-digest-drift flag) now makes it adopt the new digest instead. Closes #120.

Fixed

  • Update and pin base images in Dockerfile FROM lines that carry a --platform=… flag (e.g. FROM --platform=$BUILDPLATFORM python:3.14), common in multi-arch builds. Previously such lines didn't match and were silently left un-updated and un-pinned. The --platform=… flag is left untouched. Closes #90.

0.0.17 - 2026-07-09

Added

  • Warn when a dependency's newest release is older than a threshold, surfacing pins on abandoned or long-unmaintained projects. The threshold defaults to 365 days and is set with the new --stale-after DAYS option. Closes #116.
  • Scope the # update-time: ignore marker with an optional [update] or [stale] suffix: ignore[update] holds back the version update but still warns when the dependency is stale, and ignore[stale] silences the staleness warning while still updating. A bare ignore holds back both.
  • Discover and update requirements files named <purpose>-requirements.txt (e.g. dev-requirements.txt), in addition to the already recognized requirements.txt, requirements-<purpose>.txt (e.g. requirements-dev.txt), and requirements/*.txt. Closes #114.
Commits
  • e7e1a8d Release v0.0.18
  • 08512c9 Opt in to adopting image digest drift.
  • 557902a Remove unit test duplication
  • 686517d Don't ignore Dockerfile FROM-lines with --platform
  • 73d3610 Fix README and CHANGELOG wording
  • 244cadd Update dependencies
  • 389e2fa Release v0.0.17
  • f4e1e1b README improvements
  • 2ca6289 Warn about stale dependencies
  • 8213538 Teach Claude what files to consult
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [update-time](https://github.com/ICTU/update-time) from 0.0.16 to 0.0.18.
- [Changelog](https://github.com/ICTU/update-time/blob/main/CHANGELOG.md)
- [Commits](ICTU/update-time@v0.0.16...v0.0.18)

---
updated-dependencies:
- dependency-name: update-time
  dependency-version: 0.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 17, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 18, 2026

Copy link
Copy Markdown
Contributor Author

Looks like update-time is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 18, 2026
@dependabot
dependabot Bot deleted the dependabot/uv/components/shared_code/update-time-0.0.18 branch July 18, 2026 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants