ci: Add Dependabot - Githubissues

tokio-rs / prost

PROST! a Protocol Buffers implementation for the Rust Language

Apache License 2.0

3.78k stars 494 forks source link

ci: Add Dependabot #957

Closed sjackman closed 3 months ago

sjackman commented 9 months ago

Enable Dependabot to open PRs to update dependencies.

caspermeijn commented 5 months ago

What kind of changes will this propose?

Because prost is a library and we want to support a wide range of dependency version numbers, I don't want to always update the version numbers in Cargo.toml.

Can dependabot add a version range like in https://github.com/tokio-rs/prost/pull/1013?

sjackman commented 4 months ago

Can dependabot add a version range like in https://github.com/tokio-rs/prost/pull/1013?

Yes, it will. Dependabot follows the existing form of the depenency. When the dependency is a range, like

multimap = { version = ">=0.8, <=0.10", default-features = false }

it will suggest increasing the upper range like so:

multimap = { version = ">=0.8, <=0.11", default-features = false }

sjackman commented 3 months ago

👏 Excellent! Thank you, Casper!