tell dependabot not to update url dependency

cedar-policy / cedar

Implementation of the Cedar Policy Language

https://www.cedarpolicy.com

Apache License 2.0

889 stars 80 forks source link

tell dependabot not to update url dependency #1321

Closed cdisselkoen closed 1 week ago

cdisselkoen commented 1 week ago

Description of changes

I think this is the right syntax.

For reasoning why this change, see the notes in cedar-wasm/Cargo.toml:

Lock url (dependencies of cargo-lock) to 2.5.2 because they may introduce a dependency on a crate licensed under the Unicode 3.0 license in a future minor version, and we do not have explicit legal aproval to use that license.

john-h-kastner-aws commented 1 week ago

I just told it to @dependabot ignore url patch version on it's PR, so let's see what that look like after it rebases

cdisselkoen commented 1 week ago

Closing in favor of #1323