Closed dependabot[bot] closed 1 month ago
Is there a way to configure it such that only important upgrades are proposed? Such as security updates? Or at least reduce the frequency of its interventions to something like a month? I think if we are never more than a month late on the latest releases of XYZ it's probably fine?
On Mon, Apr 29, 2024 at 5:37 AM dependabot[bot] @.***> wrote:
Bumps serde https://github.com/serde-rs/serde from 1.0.198 to 1.0.199. Release notes
Sourced from serde's releases https://github.com/serde-rs/serde/releases.
v1.0.199
- Fix ambiguous associated item when forward_to_deserialize_any! is used on an enum with Error variant (#2732 https://redirect.github.com/serde-rs/serde/issues/2732, thanks @aatifsyed https://github.com/aatifsyed)
Commits
- 1477028 https://github.com/serde-rs/serde/commit/147702871760a38d2e97e0cd15d568559876aeda Release 1.0.199
- 789740b https://github.com/serde-rs/serde/commit/789740be0d2cc1d4e280639039f189cc5d98fb40 Merge pull request #2732 https://redirect.github.com/serde-rs/serde/issues/2732 from aatifsyed/master
- 8fe7539 https://github.com/serde-rs/serde/commit/8fe7539bb2b46001f70751f1db60e1a7144f8f3d fix: ambiguous associated type in forward_to_deserialize_any!
- f6623a3 https://github.com/serde-rs/serde/commit/f6623a36548cfce02f880a33c6d2f420934c95c5 Ignore cast_precision_loss pedantic clippy lint
- See full diff in compare view https://github.com/serde-rs/serde/compare/v1.0.198...v1.0.199
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot show
ignore conditions will show all of the ignore conditions of the specified dependency - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can view, comment on, or merge this pull request online at:
https://github.com/pubgrub-rs/pubgrub/pull/212 Commit Summary
- 750f27a https://github.com/pubgrub-rs/pubgrub/pull/212/commits/750f27a8c6676a21bd2f968c4e61a9a921d93483 build(deps): bump serde from 1.0.198 to 1.0.199
File Changes
(1 file https://github.com/pubgrub-rs/pubgrub/pull/212/files)
- M Cargo.lock https://github.com/pubgrub-rs/pubgrub/pull/212/files#diff-13ee4b2252c9e516a0547f2891aa2105c3ca71c6d7a1e682c69be97998dfc87e (8)
Patch Links:
- https://github.com/pubgrub-rs/pubgrub/pull/212.patch
- https://github.com/pubgrub-rs/pubgrub/pull/212.diff
— Reply to this email directly, view it on GitHub https://github.com/pubgrub-rs/pubgrub/pull/212, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWFOCONA5O52EAP6OI2V2LY7W57HAVCNFSM6AAAAABG5R7Q4CVHI2DSMVQWIX3LMV43ASLTON2WKOZSGI3DQMBVGQ3DSOI . You are receiving this because you are subscribed to this thread.Message ID: @.***>
You can set the interval to monthly at https://github.com/pubgrub-rs/pubgrub/blob/34bf75c242bd262d5ca560d4339f793b7f511d90/.github/dependabot.yml#L16
Superseded by #215.
Bumps serde from 1.0.198 to 1.0.199.
Release notes
Sourced from serde's releases.
Commits
1477028
Release 1.0.199789740b
Merge pull request #2732 from aatifsyed/master8fe7539
fix: ambiguous associated type in forward_to_deserialize_any!f6623a3
Ignore cast_precision_loss pedantic clippy lintDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show