Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add dependabot config #30

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ci: add dependabot config #30

wants to merge 2 commits into from

Conversation

joshka
Copy link
Contributor

@joshka joshka commented Mar 28, 2024

No description provided.

Byron
Byron requested changes Mar 30, 2024
View reviewed changes
Copy link
Owner

@Byron Byron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

Could you set this up to only trigger when there are major (or minor, in case of pre-production) updates? Otherwise this bot creates a lot of noise for patch and minor updates that Cargo resolves automatically to when it matters.

@joshka
Copy link
Contributor Author

joshka commented Apr 1, 2024

Could you set this up to only trigger when there are major (or minor, in case of pre-production) updates? Otherwise this bot creates a lot of noise for patch and minor updates that Cargo resolves automatically to when it matters.

I'm not 100% sure whether github does the right thing for cargo semver (x.y.z = major.minor.patch, 0.x.y = 0.major.minor). I suspect that github will see this as (x.y.z = major.minor.patch and 0.minor.patch). So I'd suggest patching using the minor version. Does that make sense to you?

@Byron
Copy link
Owner

Byron commented Apr 2, 2024

I see what you mean, and I was surprised that the docs didn't mention such a thing at all beyond ignoring updates. But then it would have to be configured for each dependency, apparently. There is also grouping with additional rules, but it all seems rather complicated.

Since I am sure you had a particular reason for this, maybe to automate updates of ratatui, maybe we can keep this a manual process? I don't really want to update every time there is a new release, but am happy to accept PRs or update myself if there is demand for seeing a particular version here. From my point of view, it's churn, as nothing here uses advanced features.

Thanks for your understanding.

@joshka
Copy link
Contributor Author

joshka commented Apr 2, 2024

Yeah the motivation was that ratatui 0.26.0 has a few bugs. I often hit the top dependents in the reverse dependencies list of ratatui and take a look at what needs to be done to upgrade (to get a real world feel for any breaking changes). The list is sorted by downloads, so this crate is right up there. For this I figured perhaps Dependabot might be more useful in getting the various crates in order. We turned on grouping updates in the ratatui website and that does help a lot with the quantity of notifications.

@Byron
Copy link
Owner

Byron commented Apr 2, 2024

I see, thank you.

I think the statistics there are somewhat misleading as the feature powered by ratatui is very rarely used, while the download count is inflated by gitoxide. So in practice, this crate probably isn't very important.

But since it's about ratatui, maybe you can adjust the ignore rules to only trigger on minor updates of this crate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Byron Byron Byron requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joshka @Byron