Closed SanchithHegde closed 1 year ago
Dependabot alerts will create lots of busy work for me and I don't have enough time to spread my focus on this as well.
This is one of the main reasons I've set up Renovate on my repositories. I've configured it to auto-merge if all tests pass, and only raise PRs if tests fail. You can find more info on their docs.
I would prefer a more occasional approach, like, updating all dependencies once in two months or something like that.
With either Renovate or Dependabot, you should be able to set up scheduling of updates.
@SanchithHegde That sounds great then! Could you open an issue about setting up something like this? I'll look into it and set up when I have time 🙂
As discussed in #136 and #137, this PR upgrades dependencies to their latest versions.
Additional tasks
Aside, have you considered setting up either Dependabot or Renovate for handling updates to both Rust dependencies and GitHub Actions?