Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removes the dependabot version update config #695

Merged
merged 1 commit into from
Jul 23, 2024

Conversation

kaczmarczyck
Copy link
Collaborator

The goal of this commit is to enable security updates. Before, security updates were prevented because they followed the config.
We didn't benefit from version updates so far because of this same file, and we don't want them. While 2.1 is our main branch, version updates make even less sense, since we want to keep it stable.

The goal of this commit is to enable security updates.
Before, security updates were prevented because they followed the
config.
We didn't benefit from version updates so far because of this same
file, and we don't want them. While 2.1 is our main branch, version
updates make even less sense, since we want to keep it stable.
@kaczmarczyck kaczmarczyck requested a review from ia0 July 23, 2024 12:07
@kaczmarczyck kaczmarczyck self-assigned this Jul 23, 2024
Copy link
Member

@ia0 ia0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dependabot configuration had at least the following issues:

  • Using directory: "/" only enables version updates for the top-level crate (i.e. not for any of the libraries).
  • The configuration applies to both version updates and security updates, so indirect dependencies and patch updates would not create a dependabot PR for both version and security updates.

@kaczmarczyck kaczmarczyck merged commit bff9f03 into google:2.1 Jul 23, 2024
9 checks passed
@kaczmarczyck kaczmarczyck deleted the no-version-config branch July 23, 2024 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants