Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use lockfile-only for cargo dependabot #461

Merged
merged 1 commit into from
Jan 2, 2024
Merged

Use lockfile-only for cargo dependabot #461

merged 1 commit into from
Jan 2, 2024

Conversation

nick-mobilecoin
Copy link
Collaborator

@nick-mobilecoin nick-mobilecoin commented Jan 2, 2024
edited
Loading

Previously the dependabot for cargo was using auto which would update
both the manifest, Cargo.toml files and the Cargo.lock file. Since
this repository is for library crates, we only want to update the lock
file that people develop with. We don't want to update the manifest file
and force consumers to update unnecessarily.

See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy in particularly notice that cargo only supports auto, lockfile-only. Ideally we'd use increase-if-necessary. An alternative may be to look into rennovate bot, it appears it may support a better option, https://docs.renovatebot.com/configuration-options/#rangestrategy

@nick-mobilecoin
Use lockfile-only for cargo dependabot
d289b28 
Previously the dependabot for cargo was using `auto` which would update
both the manifest, `Cargo.toml` files and the `Cargo.lock` file. Since
this repository is for library crates, we only want to update the lock
file that people develop with. We don't want to update the manifest file
and force consumers to update unnecessarily.
@nick-mobilecoin
Copy link
Collaborator Author

Current dependencies on/for this PR:

This stack of pull requests is managed by Graphite.

@github-actions github-actions bot added the size/XS PRs with less than 30 lines of changes label Jan 2, 2024
@meowblecoinbot meowblecoinbot requested a review from a team January 2, 2024 17:36
@nick-mobilecoin nick-mobilecoin removed the request for review from a team January 2, 2024 17:38
@nick-mobilecoin nick-mobilecoin merged commit 943f0e3 into main Jan 2, 2024
26 checks passed
@nick-mobilecoin nick-mobilecoin deleted the nick/dependabot-lock-file-only branch January 2, 2024 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eranrund eranrund eranrund approved these changes

Assignees

@nick-mobilecoin nick-mobilecoin

Labels
size/XS PRs with less than 30 lines of changes
Projects
Core PRs
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nick-mobilecoin @eranrund