deps: less precise versions to avoid dep bots updating patch versions

HarfangLab / endpoint-sec

Rust Bindings for Endpoint Security

https://docs.rs/endpoint-sec/

Apache License 2.0

21 stars 6 forks source link

deps: less precise versions to avoid dep bots updating patch versions #8

Closed poliorcetics closed 1 year ago

poliorcetics commented 1 year ago

See https://github.com/HarfangLab/endpoint-sec/pull/7/files#r1280891213 for an instance of the problem

poliorcetics commented 1 year ago

Maybe there is a way to tell dependabot to only update on breaking semver versions ?

roblabla commented 1 year ago

We could add

updates:
  ignore:
    - update-types: ["version-update:semver-patch"]

To ignore all 0.0.x releases. That'd probably be good enough?

poliorcetics commented 1 year ago

but then 2.x would still be updated to2.x+1

roblabla commented 1 year ago

yeah, there's no good solution that's going to cover every case (short of fixing https://github.com/renovatebot/renovate/issues/22820 and switching to renovate 😄 )

Honestly, I think the change proposed in this MR works well enough for now, so we can go with that, and if we ever need something more complicated later, we can figure out what to do then.