teloxide/.github/dependabot.yml

45 lines
1.7 KiB
YAML
Raw Normal View History

version: 2
updates:
# This updates the `Cargo.lock` file.
#
# -----------------------------------------------------------------------------------------------
#
# Generally Rust libraries do not have lock files. This grows from the idea that you always want
# to run CI with the most recent (semver compatible) dependency versions, since those are the
# versions new users will get.
#
# However this approach worsens the contribution experience, since PR's CI can fail because of
# a minor dependency update (e.g. because of an MSRV change or an accidental breaking change).
#
# To prevent this and make contribution experience a little bit better we include the lock file
# in the repository. To combat the problem of running CI against old versions, we have this
# dependabot job, which updates the `Cargo.lock` (and `Cargo.lock` only), every once in a while.
- package-ecosystem: "cargo"
# Directory where to search for build system configuration
directory: "/"
# Only change `Cargo.lock`, never change `Cargo.toml`
versioning-strategy: "lockfile-only"
# Check for updates weekly.
# This makes sure dependabot doesn't open PRs too often.
schedule:
interval: "weekly"
# Group dependencies, so dependabot does not open a million pull requests and instead just
# makes "bump everything" every once in a while
groups:
lock:
2024-03-14 21:05:18 +01:00
patterns: ["*"]
# Allow both direct and indirect updates for all packages
allow:
- dependency-type: "all"
# Which labels to apply
labels: ["A-dependencies"]
# Stop dependabot from updating dependencies when the previous dependabot PR hasn't been
# merged/closed yet
open-pull-requests-limit: 1