teloxide/.github/dependabot.yml

version: 2
updates:
  # This updates the `Cargo.lock` file.
  #
  # -----------------------------------------------------------------------------------------------
  #
  # Generally Rust libraries do not have lock files. This grows from the idea that you always want
  # to run CI with the most recent (semver compatible) dependency versions, since those are the 
  # versions new users will get.
  #
  # However this approach worsens the contribution experience, since PR's CI can fail because of
  # a minor dependency update (e.g. because of an MSRV change or an accidental breaking change).
  #
  # To prevent this and make contribution experience a little bit better we include the lock file
  # in the repository. To combat the problem of running CI against old versions, we have this
  # dependabot job, which updates the `Cargo.lock` (and `Cargo.lock` only), every once in a while.
  - package-ecosystem: "cargo"
    # Directory where to search for build system configuration
    directory: "/" 

    # Only change `Cargo.lock`, never change `Cargo.toml`
    versioning-strategy: "lockfile-only"
    
    # Check for updates weekly.
    # This makes sure dependabot doesn't open PRs too often.
    schedule:
      interval: "weekly"
    
    # Group dependencies, so dependabot does not open a million pull requests and instead just
    # makes "bump everything" every once in a while
    groups:
      lock:
        patterns: ["*"]

    # Allow both direct and indirect updates for all packages
    allow:
      - dependency-type: "all"
    
    # Which labels to apply
    labels: ["A-dependencies"]

    # Stop dependabot from updating dependencies when the previous dependabot PR hasn't been
    # merged/closed yet
    open-pull-requests-limit: 1
Configure dependabot to update `Cargo.lock` 2024-03-03 00:05:28 +01:00			`version: 2`
			`updates:`
			# This updates the `Cargo.lock` file.
			`#`
			`# -----------------------------------------------------------------------------------------------`
			`#`
			`# Generally Rust libraries do not have lock files. This grows from the idea that you always want`
			`# to run CI with the most recent (semver compatible) dependency versions, since those are the`
			`# versions new users will get.`
			`#`
			`# However this approach worsens the contribution experience, since PR's CI can fail because of`
			`# a minor dependency update (e.g. because of an MSRV change or an accidental breaking change).`
			`#`
			`# To prevent this and make contribution experience a little bit better we include the lock file`
			`# in the repository. To combat the problem of running CI against old versions, we have this`
			# dependabot job, which updates the `Cargo.lock` (and `Cargo.lock` only), every once in a while.
			`- package-ecosystem: "cargo"`
			`# Directory where to search for build system configuration`
			`directory: "/"`

			# Only change `Cargo.lock`, never change `Cargo.toml`
			`versioning-strategy: "lockfile-only"`

			`# Check for updates weekly.`
			`# This makes sure dependabot doesn't open PRs too often.`
			`schedule:`
			`interval: "weekly"`

			`# Group dependencies, so dependabot does not open a million pull requests and instead just`
			`# makes "bump everything" every once in a while`
			`groups:`
			`lock:`
Update dependabot.yml 2024-03-14 21:05:18 +01:00			`patterns: ["*"]`
Configure dependabot to update `Cargo.lock` 2024-03-03 00:05:28 +01:00
			`# Allow both direct and indirect updates for all packages`
			`allow:`
			`- dependency-type: "all"`

			`# Which labels to apply`
			`labels: ["A-dependencies"]`

			`# Stop dependabot from updating dependencies when the previous dependabot PR hasn't been`
			`# merged/closed yet`
			`open-pull-requests-limit: 1`