mirror of
https://github.com/lancedb/lancedb.git
synced 2026-05-16 11:30:41 +00:00
a12b28cae6
Dependabot raised the lower-bound version requirements in Cargo.toml (arrow, tokio, aws-sdk-*, etc.) to match the new lockfile versions. That forces our library's consumers onto newer minimum versions and broke the MSRV check, which downgrades aws-sdk-* crates to verify they still build on Rust 1.91 — the downgrades could no longer satisfy the bumped constraints. Revert all Cargo.toml changes and regenerate Cargo.lock within the existing requirement ranges. The point of this dependabot job is to keep the lockfile (and the binaries we ship) current on security fixes, not to bump our public minimum versions. Also set `versioning-strategy: lockfile-only` so future dependabot PRs only touch Cargo.lock. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
24 lines
843 B
YAML
24 lines
843 B
YAML
version: 2
|
|
|
|
# Scope: the root Cargo workspace, which produces the Rust binaries we
|
|
# ship to users (the Node.js and Python native extensions). The
|
|
# `rust/lancedb` library crate shares the same lockfile; its consumers
|
|
# pick their own dependency versions, but bumping transitive deps here
|
|
# keeps the binaries we ship current.
|
|
updates:
|
|
- package-ecosystem: cargo
|
|
directory: /
|
|
schedule:
|
|
interval: weekly
|
|
open-pull-requests-limit: 10
|
|
# Only update Cargo.lock, never widen/raise the version requirements in
|
|
# Cargo.toml. The goal is keeping the lockfile (and the binaries we ship)
|
|
# current on security fixes, not forcing our library's consumers onto
|
|
# newer minimum versions.
|
|
versioning-strategy: lockfile-only
|
|
groups:
|
|
rust-minor-patch:
|
|
update-types:
|
|
- minor
|
|
- patch
|