mirror of
https://github.com/teloxide/teloxide.git
synced 2024-12-22 22:46:39 +01:00
44 lines
1.7 KiB
YAML
44 lines
1.7 KiB
YAML
version: 2
|
|
updates:
|
|
# This updates the `Cargo.lock` file.
|
|
#
|
|
# -----------------------------------------------------------------------------------------------
|
|
#
|
|
# Generally Rust libraries do not have lock files. This grows from the idea that you always want
|
|
# to run CI with the most recent (semver compatible) dependency versions, since those are the
|
|
# versions new users will get.
|
|
#
|
|
# However this approach worsens the contribution experience, since PR's CI can fail because of
|
|
# a minor dependency update (e.g. because of an MSRV change or an accidental breaking change).
|
|
#
|
|
# To prevent this and make contribution experience a little bit better we include the lock file
|
|
# in the repository. To combat the problem of running CI against old versions, we have this
|
|
# dependabot job, which updates the `Cargo.lock` (and `Cargo.lock` only), every once in a while.
|
|
- package-ecosystem: "cargo"
|
|
# Directory where to search for build system configuration
|
|
directory: "/"
|
|
|
|
# Only change `Cargo.lock`, never change `Cargo.toml`
|
|
versioning-strategy: "lockfile-only"
|
|
|
|
# Check for updates weekly.
|
|
# This makes sure dependabot doesn't open PRs too often.
|
|
schedule:
|
|
interval: "weekly"
|
|
|
|
# Group dependencies, so dependabot does not open a million pull requests and instead just
|
|
# makes "bump everything" every once in a while
|
|
groups:
|
|
lock:
|
|
patterns: ["*"]
|
|
|
|
# Allow both direct and indirect updates for all packages
|
|
allow:
|
|
- dependency-type: "all"
|
|
|
|
# Which labels to apply
|
|
labels: ["A-dependencies"]
|
|
|
|
# Stop dependabot from updating dependencies when the previous dependabot PR hasn't been
|
|
# merged/closed yet
|
|
open-pull-requests-limit: 1
|