Repo sync

content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md

@@ -223,9 +223,15 @@ The table below shows the package managers for which SemVer is supported.
 | Gradle                | {% octicon "check" aria-label="Supported" %}              |
 | Helm                  | {% octicon "x" aria-label="Not supported" %}              |
 | Hex (Hex)             | {% octicon "check" aria-label="Supported" %}              |
+| {% ifversion dependabot-julia-support %} |
+| Julia                 | {% octicon "check" aria-label="Supported" %}              |
+| {% endif %} |
 | Maven                 | {% octicon "check" aria-label="Supported" %}              |
 | NPM and Yarn          | {% octicon "check" aria-label="Supported" %}              |
 | NuGet                 | {% octicon "check" aria-label="Supported" %}              |
+| {% ifversion dependabot-opentofu-support %} |
+| OpenTofu              | {% octicon "check" aria-label="Supported" %}              |
+| {% endif %} |
 | Pip                   | {% octicon "check" aria-label="Supported" %}              |
 | Pub                   | {% octicon "check" aria-label="Supported" %}              |
 | Swift                 | {% octicon "check" aria-label="Supported" %}              |
@@ -502,6 +508,9 @@ Package manager | YAML value      | Supported versions |
 | Helm Charts            | `helm`            | v3               |
 | {% endif %} |
 | Hex            | `mix`            | v1               |
+| {% ifversion dependabot-julia-support %} |
+| Julia                  | `julia`           | >=v1.10               |
+| {% endif %} |
 | elm-package    | `elm`            | v0.19            |
 | git submodule  | `gitsubmodule`   | Not applicable |
 | {% data variables.product.prodname_actions %}  | `github-actions` | Not applicable |
@@ -510,6 +519,9 @@ Package manager | YAML value      | Supported versions |
 | Maven      | `maven`          | Not applicable   |
 | npm            | `npm`            |  v7, v8, v9, v10   |
 | NuGet          | `nuget`          | {% ifversion fpt or ghec or ghes > 3.14 %}<=6.12.0{% endif %} |
+| {% ifversion dependabot-opentofu-support %} |
+| OpenTofu     | `opentofu`       | Not applicable     |
+| {% endif %} |
 | pip| `pip`            | v24.2          |
 | pip-compile | `pip`            | 7.4.1            |
 | pipenv         | `pip`            | <= 2024.4.1    |

data/features/dependabot-community-ecosystems.yml

@@ -0,0 +1,6 @@
+# Reference: #20647
+# Adding community ecosystems to Dependabot docs #20647
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.19'

data/features/dependabot-julia-support.yml

@@ -0,0 +1,6 @@
+# Reference: #20205
+# Dependabot version updates now support Julia
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.19'

data/features/dependabot-opentofu-support.yml

@@ -0,0 +1,6 @@
+# Reference: #20650
+# OpenTofu support for Dependabot
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.19'

data/reusables/dependabot/community-maintained-intro.md

@@ -0,0 +1 @@
+The following ecosystems are maintained by their upstream community maintainers. {% data variables.product.github %} integrates {% data variables.product.prodname_dependabot %} with these ecosystems but does not maintain them directly.

data/reusables/dependabot/supported-package-managers.md

@@ -24,6 +24,9 @@ Composer       | `composer`       | {% ifversion dependabot-updates-composerv1-c
 | {% endif %} |
 [Helm Charts](#helm-charts)    | `helm`         | {% ifversion dependabot-helm-support %}v3{% else %}Not supported{% endif %} | {% ifversion dependabot-helm-support %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% octicon "x" aria-label="Not supported" %} | {% ifversion dependabot-helm-support %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | {% ifversion dependabot-helm-support %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Not supported" %}{% endif %} | Not applicable |
 Hex            | `mix`            | v1               | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-julia-support %} |
+[Julia](#julia) | `julia`         | >=v1.10              | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
 elm-package    | `elm`            | v0.19            | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 git submodule  | `gitsubmodule`   | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
 [{% data variables.product.prodname_actions %}](#github-actions)   | `github-actions` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
@@ -32,6 +35,9 @@ Go modules     | `gomod`          | v1               | {% octicon "check" aria-l
 [Maven](#maven)       | `maven`          | Not applicable   | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 npm            | `npm`            | v7, v8, v9, v10, v11   | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 [NuGet](#nuget-cli)          | `nuget`          | {% ifversion fpt or ghec or ghes > 3.14 %}<=6.12.0{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% ifversion dependabot-opentofu-support %} |
+[OpenTofu](#opentofu)    | `opentofu`      | Not applicable  | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | Not applicable |
+| {% endif %} |
 [pip](#pip-and-pip-compile) | `pip`            | v21.1.2          | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 pipenv         | `pip`            | <= 2021-05-29    | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 [pip-compile](#pip-and-pip-compile) | `pip`            | 6.1.0            | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
@@ -165,12 +171,6 @@ pnpm is supported for {% data variables.product.prodname_dependabot_version_upda
 
 The PEP 621 `project` section isn't currently supported for `poetry`.
 
-#### pub
-
-{% data variables.product.prodname_dependabot %} won't perform an update for `pub` when the version that it tries to update to is ignored, even if an earlier version is available.
-
-You can use {% data variables.product.prodname_dependabot %} to keep Dart dependencies up-to-date if you use private hosted pub repositories. For information about allowing {% data variables.product.prodname_dependabot %} to access private {% data variables.product.prodname_dotcom %} dependencies, see [Allowing {% data variables.product.prodname_dependabot %} to access private dependencies](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies).
-
 {% ifversion dependabot-rust-toolchain-support %}
 
 #### Rust toolchain
@@ -206,3 +206,37 @@ vcpkg support includes updating the `builtin-baseline` commit SHA from the vcpkg
 #### yarn
 
 Dependabot supports vendored dependencies for v2 onwards.
+
+{% ifversion dependabot-community-ecosystems %}
+
+### Community-maintained ecosystems
+
+{% data reusables.dependabot.community-maintained-intro %} {% ifversion dependabot-julia-support %}
+
+* [Julia](#julia) - Maintained by the Julia community{% endif %}{% ifversion dependabot-julia-support %}
+* [OpenTofu](#opentofu) - Maintained by the OpenTofu community{% endif %}
+* [Pub](#pub) - Maintained by The Dart Community
+
+{% ifversion dependabot-julia-support %}
+
+#### Julia
+
+{% data variables.product.prodname_dependabot %} supports Julia projects that include `Project.toml`/`Manifest.toml` files. {% data variables.product.prodname_dependabot %} uses Julia's package manager to resolve and update dependencies.
+
+{% endif %}
+
+{% ifversion dependabot-opentofu-support %}
+
+#### OpenTofu
+
+{% data variables.product.prodname_dependabot %} supports updating OpenTofu modules and providers in `.tf` and `.tofu` configuration files, including `terragrunt.hcl` files. If the `.terraform.lock.hcl` lockfile for provider checksums is present, {% data variables.product.prodname_dependabot %} will also update it.
+
+{% endif %}
+
+{% endif %}
+
+#### Pub
+
+{% data variables.product.prodname_dependabot %} won't perform an update for `pub` when the version that it tries to update to is ignored, even if an earlier version is available.
+
+You can use {% data variables.product.prodname_dependabot %} to keep Dart dependencies up-to-date if you use private hosted pub repositories. For information about allowing {% data variables.product.prodname_dependabot %} to access private {% data variables.product.prodname_dotcom %} dependencies, see [Allowing {% data variables.product.prodname_dependabot %} to access private dependencies](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-dependabot-to-access-private{% ifversion ghec or ghes %}-or-internal{% endif %}-dependencies).

data/reusables/dependency-graph/supported-package-ecosystems.md

@@ -9,8 +9,14 @@
 | {% data variables.product.prodname_actions %} workflows | YAML | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.yml`, `.yaml` | {% octicon "x" aria-label="None" %} |
 | Go modules | Go | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |  `go.mod`| {% octicon "x" aria-label="None" %} |
 | Gradle | Java  | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} |  {% octicon "x" aria-label="None" %} | {% octicon "x" aria-label="None" %} |
+| {% ifversion dependabot-julia-support %} |
+| Julia | Julia | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Manifest.toml` | `Project.toml` |
+| {% endif %} |
 | Maven | Java, Scala | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | `pom.xml`  | {% octicon "x" aria-label="None" %}  |
 | npm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `package-lock.json` | `package.json`|
+| {% ifversion dependabot-opentofu-support %} |
+| OpenTofu | HCL | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.terraform.lock.hcl` | `.tf`, `.tofu` |
+| {% endif %} |
 | pip             | Python                    | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | `requirements.txt`, `pipfile.lock` | `pipfile`, `setup.py` |
 | pnpm             | JavaScript                    | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `pnpm-lock.yaml` | `package.json` |
 | pub             | Dart                    | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `pubspec.lock` | `pubspec.yaml` |
@@ -20,7 +26,26 @@
 | Yarn | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `yarn.lock` | `package.json` |
 
 > [!NOTE]{% ifversion transitive-dependency-labeling-npm %}
+>
 > * The **Static transitive dependencies** column indicates whether static analysis will add `direct` and `transitive` labels for dependent packages in that ecosystem. Dependency submission actions (automatic or manually configured) can add transitive information for ecosystems where static analysis cannot. {% endif %}
 > * If you list your Python dependencies within a `setup.py` file, we may not be able to parse and list every dependency in your project.
 > * {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs.<job_id>.uses` will be parsed as dependencies. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions).
 > * {% data reusables.dependabot.dependabot-alert-actions-semver %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates).
+
+{% ifversion dependabot-community-ecosystems %}
+
+### Community-maintained ecosystems
+
+{% data reusables.dependabot.community-maintained-intro %}
+
+| Ecosystem | Maintained by |
+| --- | --- |
+| {% ifversion dependabot-julia-support %} |
+| Julia | Julia community |
+| {% endif %} |
+| {% ifversion dependabot-opentofu-support %} |
+| OpenTofu | OpenTofu community |
+| {% endif %} |
+| pub | Dart community |
+
+{% endif %}

data/tables/copilot/model-supported-clients.yml

@@ -64,10 +64,10 @@
 - name: Gemini 3 Pro
   dotcom: true
   vscode: true
-  vs: false
-  eclipse: false
-  xcode: false
-  jetbrains: false
+  vs: true
+  eclipse: true
+  xcode: true
+  jetbrains: true
 
 - name: GPT-4.1
   dotcom: true