Commit graph

5 commits

Author SHA1 Message Date
Yuya Nishihara
1fd8b82f13 github: reenable grouped cargo updates
The dependabot refused to update some dependencies anyway. Maybe it
conservatively checks if all intra dependencies meet a certain version?

```
updater | 2023/12/15 15:56:45 INFO <job_762807265> No update possible for cargo_metadata 0.17.0
updater | 2023/12/15 15:56:54 INFO <job_762807265> No update possible for crossterm 0.26.1
updater | 2023/12/15 15:57:04 INFO <job_762807265> No update possible for itertools 0.11.0
updater | 2023/12/15 15:57:16 INFO <job_762807265> No update possible for zstd 0.12.4
updater | 2023/12/15 15:57:16 INFO <job_762807265> No update possible for jj-cli 0.12.0
updater | 2023/12/15 15:57:27 INFO <job_762807265> No update possible for toml_edit 0.19.15
updater | 2023/12/15 15:57:38 INFO <job_762807265> No update possible for prost-build 0.11.9
updater | 2023/12/15 15:57:49 INFO <job_762807265> No update possible for prost 0.11.9
```

backout of commit 58744d9573
2023-12-16 14:40:39 +09:00
Yuya Nishihara
58744d9573 github: try without grouped cargo updates
I noticed some cargo dependencies aren't caught by the dependabot. For example,
there are gix updates, but the dependabot somehow thinks it's not possible to
update.

```
updater | 2023/12/14 15:57:52 INFO <job_762380319> Checking if gix 0.55.2 needs updating
  proxy | 2023/12/14 15:57:52 [063] GET https://crates.io:443/api/v1/crates/gix
  proxy | 2023/12/14 15:57:52 [063] 200 https://crates.io:443/api/v1/crates/gix
updater | 2023/12/14 15:57:53 INFO <job_762380319> Latest version is 0.56.0
...
updater | 2023/12/14 15:58:00 INFO <job_762380319> Requirements to unlock update_not_possible
updater | 2023/12/14 15:58:00 INFO <job_762380319> Requirements update strategy bump_versions
updater | 2023/12/14 15:58:00 INFO <job_762380319> No update possible for gix 0.55.2
```

I don't know what's wrong, but let's try without the grouped updates as it was
working before.

FWIW, this issue looks similar:
https://github.com/dependabot/dependabot-core/issues/7896
2023-12-15 14:20:36 +09:00
Martin von Zweigbergk
e28ce91d41 dependabot: also group cargo updates
It looks like I accidentally applied the grouping only to GitHub
actions updates.
2023-07-07 17:36:45 +02:00
Martin von Zweigbergk
fa25c3bd40 github: tell Dependabot to group all deps when possible
This should reduce the number of PRs to review, and the number of
uninteresting commits in the repo history.
2023-07-05 21:37:22 +02:00
Martin von Zweigbergk
8b6932f837 github: add a dependabot config
This was another security recommendation for projects by Google
employees.
2022-03-16 21:09:01 -07:00