New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.github/dependabot.yml: prevent updates that require manifest change #405

Merged

mpeters merged 1 commit into keylime:master from ueno:wip/dueno/dependabot-ignore

Jun 15, 2022

Contributor

ueno commented Jun 15, 2022

By default dependabot creates PRs that update each dependency to the
latest possible version. That would be problematic if we use crates
packaged in distributions such as Fedora. This forces the
"lockfile-only" strategy to only allow minor updates:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy

Signed-off-by: Daiki Ueno [email protected]


          .github/dependabot.yml: prevent updates that require manifest change

9311ef1

By default dependabot creates PRs that update each dependency to the
latest possible version.  That would be problematic if we use crates
packaged in distributions such as Fedora.  This forces the
"lockfile-only" strategy to only allow minor updates:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy

Signed-off-by: Daiki Ueno <[email protected]>

keylime-bot requested review from lkatalin, ansasaki and puiterwijk

June 15, 2022 01:45

keylime-bot assigned lkatalin, puiterwijk and ansasaki

mpeters approved these changes

View reviewed changes

mpeters merged commit 25a5ddd into keylime:master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet