mirrors/jj
1
0
Fork 1
mirror of https://github.com/martinvonz/jj.git synced 2025-01-16 09:11:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
4911 commits 101 branches 30 tags 55 MiB
Commit graph

4 commits

Author SHA1 Message Date
Yuya Nishihara
58744d9573 github: try without grouped cargo updates 
I noticed some cargo dependencies aren't caught by the dependabot. For example,
there are gix updates, but the dependabot somehow thinks it's not possible to
update.

```
updater | 2023/12/14 15:57:52 INFO <job_762380319> Checking if gix 0.55.2 needs updating
  proxy | 2023/12/14 15:57:52 [063] GET https://crates.io:443/api/v1/crates/gix
  proxy | 2023/12/14 15:57:52 [063] 200 https://crates.io:443/api/v1/crates/gix
updater | 2023/12/14 15:57:53 INFO <job_762380319> Latest version is 0.56.0
...
updater | 2023/12/14 15:58:00 INFO <job_762380319> Requirements to unlock update_not_possible
updater | 2023/12/14 15:58:00 INFO <job_762380319> Requirements update strategy bump_versions
updater | 2023/12/14 15:58:00 INFO <job_762380319> No update possible for gix 0.55.2
```

I don't know what's wrong, but let's try without the grouped updates as it was
working before.

FWIW, this issue looks similar:
https://github.com/dependabot/dependabot-core/issues/7896
 2023-12-15 14:20:36 +09:00
Martin von Zweigbergk
e28ce91d41 dependabot: also group cargo updates 
It looks like I accidentally applied the grouping only to GitHub
actions updates.
 2023-07-07 17:36:45 +02:00
Martin von Zweigbergk
fa25c3bd40 github: tell Dependabot to group all deps when possible 
This should reduce the number of PRs to review, and the number of
uninteresting commits in the repo history.
 2023-07-05 21:37:22 +02:00
Martin von Zweigbergk
8b6932f837 github: add a dependabot config 
This was another security recommendation for projects by Google
employees.
 2022-03-16 21:09:01 -07:00