Conversation
| ignore: | ||
| # Ignore dependencies listed in the depcheck tool | ||
| # | ||
| # We do this to ensure that the versions are stable or manually updated for |
There was a problem hiding this comment.
FWIW I don't need this for V8: if a temporal_rs update needs an ICU4X udpate that's totally fine.
There was a problem hiding this comment.
Is there a more specific lists of which dependencies would be fine to push through one dependabot?
I thought I recalled that we'd talked at one point about not doing the updates. But the dependabot updates started stacking over the last month or so. I'd like to have a specific set that can be auto updated via dependabot and the rest that are set aside to be manually updated (hence the ignore section)
There was a problem hiding this comment.
Oh, in that way. Yeah I'd prefer if we supported as expansive a version of most deps as possible.
We are a library, dependabot does not actually serve a very strong purpose by updating versions in Cargo.toml. Users of this library can then pick the best versions.
I don't think we should use dependabot for automatic Cargo.toml bumps at all, unless it catches CVEs/etc.
What is it that dependabot gets us here?
There was a problem hiding this comment.
It mainly gets us good version bumps for our tools, which is why I'd sort of like to keep them is to bump the tools to current while leaving the primary crates alone.
There was a problem hiding this comment.
I'm fine with going to more expansive versions for this release if you're okay with it. I can adjust the Cargo.toml accordingly. I was debating doing just that, but thought I'd first start with the ignore list.
There was a problem hiding this comment.
Sure, updating tools seems fine.
2 participants
This preps for a new release of the temporal_rs et al.
It makes the following version bumps:
ZeroCompiledTzdbProviderimplementedZeroCompiledTzdbProviderI did also add in an update to the dependabot.yml to hopefully make it much less annoying to deal with.