Open simonsso opened 7 months ago
rnarubin
commented
6 months ago What's the motivation for the updates? Updating a dependency makes sense if we need new functionality for a code change; or updating to avoid a yanked version. However a crate-wide update for its own sake isn't necessarily an improvement -- I value CI stability more than dependency recency.
simonsso
commented
6 months ago What's the motivation for the updates? Updating a dependency makes sense if we need new functionality for a code change; or updating to avoid a yanked version. However a crate-wide update for its own sake isn't necessarily an improvement -- I value CI stability more than dependency recency.
This started as a dependabot warning on my project.
simonsso
commented
6 months ago @rnarubin are you maintaining this repo in some way or is it only @maroux? @maroux has been AFK for over a month now.
rnarubin
commented
6 months ago @rnarubin are you maintaining this repo in some way or is it only @maroux? @maroux has been AFK for over a month now.
I maintain this repo. Maroux is an administrator of our top-level github org, but is otherwise not much involved in this particular codebase.
This started as a dependabot warning on my project
Can you share the warning message reported by dependabot please. If there is some dependency with a known risk then upgrading it is alright (i.e. targeted updates of specific risks)
simonsso
commented
6 months ago I maintain this repo. Maroux is an administrator of our top-level github org, but is otherwise not much involved in this particular codebase.
Thanks, I was worried this was unmaintained when I saw only one person listed on the organisation.
rnarubin
commented
6 months ago Do you have the dependabot warning you can share? I'm curious what it considers a concern
Update frozen dependencies