rust/lancedb
1
0
Fork 0
mirror of https://github.com/lancedb/lancedb.git synced 2026-05-22 06:20:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
55ae6197c130ade24401481aadb8a8b0110c3563
lancedb/.github/dependabot.yml
dependabot[bot] 2d5298b6ee chore(deps): bump the rust-minor-patch group across 1 directory with 23 updates (#3382) 
Weekly dependabot refresh of `Cargo.lock`.

Dependabot's original PR also raised the lower-bound version
requirements
in `Cargo.toml` (arrow, tokio, aws-sdk-*, etc.) to match the new
lockfile
versions. That forces our library's consumers onto newer minimum
versions and broke the MSRV check, which downgrades aws-sdk-* crates to
verify they still build on Rust 1.91.

Changes from the original:

- Reverted all `Cargo.toml` requirement changes; `Cargo.lock`
regenerated
  with `cargo update` within the existing ranges. The lockfile (and the
  binaries we ship) stays current on security fixes without bumping our
  public minimum versions.
- Set `versioning-strategy: lockfile-only` in `.github/dependabot.yml`
so
  future cargo dependabot PRs only touch `Cargo.lock`.

Note: `aws-lc-rs` stays at 1.16.3 — `nodejs/Cargo.toml` pins it with
`=`,
which `lockfile-only` cannot move; bumping it needs a manual change.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Jones <will.jones127@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Will Jones <willjones127@gmail.com>
2026-05-20 09:09:39 -07:00

24 lines
843 B
YAML
Raw Blame History

version: 2
# Scope: the root Cargo workspace, which produces the Rust binaries we
# ship to users (the Node.js and Python native extensions). The
# `rust/lancedb` library crate shares the same lockfile; its consumers
# pick their own dependency versions, but bumping transitive deps here
# keeps the binaries we ship current.
updates:
- package-ecosystem: cargo
directory: /
schedule:
interval: weekly
open-pull-requests-limit: 10
# Only update Cargo.lock, never widen/raise the version requirements in
# Cargo.toml. The goal is keeping the lockfile (and the binaries we ship)
# current on security fixes, not forcing our library's consumers onto
# newer minimum versions.
versioning-strategy: lockfile-only
groups:
rust-minor-patch:
update-types:
- minor
- patch
Reference in New Issue View Git Blame Copy Permalink