nick-mobilecoin
commented
8 months ago Current dependencies on/for this PR:
main- PR #461
👈
- PR #461
This stack of pull requests is managed by Graphite.
Closed nick-mobilecoin closed 8 months ago
nick-mobilecoin
commented
8 months ago Current dependencies on/for this PR:
main
👈This stack of pull requests is managed by Graphite.
Previously the dependabot for cargo was using
autowhich would update both the manifest,Cargo.tomlfiles and theCargo.lockfile. Since this repository is for library crates, we only want to update the lock file that people develop with. We don't want to update the manifest file and force consumers to update unnecessarily.See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy in particularly notice that cargo only supports
auto, lockfile-only. Ideally we'd useincrease-if-necessary. An alternative may be to look into rennovate bot, it appears it may support a better option, https://docs.renovatebot.com/configuration-options/#rangestrategy