Skip to content

Enable github's Dependabot#25

Open
matthiasgoergens wants to merge 1 commit intoaj-bagwell:masterfrom
matthiasgoergens:matthias/dependabot
Open

Enable github's Dependabot#25
matthiasgoergens wants to merge 1 commit intoaj-bagwell:masterfrom
matthiasgoergens:matthias/dependabot

Conversation

@matthiasgoergens
Copy link
Contributor

@matthiasgoergens matthiasgoergens commented Jul 19, 2023

This PR enables automated dependency updates built into GitHub. That's useful for keeping up-to-date on security updates for example.

@matthiasgoergens
Enable github's Dependabot
eef40a8 
This PR enables automated dependency updates built into GitHub.  That's
useful for keeping up-to-date on security updates for example.
@epage
Copy link
Collaborator

epage commented Jul 19, 2023

I personally found Dependabot too noisy and taking up too much of my time. While RenovateBot was more work to get configured right, it has streamlined my process a lot.

e.g. the config I use with clap: https://github.com/clap-rs/clap/blob/master/.github/renovate.json5

@zackw
Copy link

zackw commented Sep 17, 2025

As a user I urge you not to bump minimum version requirements without a compelling reason. "We are directly affected by a bug that was fixed in version N" is a compelling reason. "We can get rid of so much code if we require version N" might also be (depending on how big the pile is).

"A newer version happens to exist", however, is not a compelling reason.

@zackw zackw mentioned this pull request Sep 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@matthiasgoergens @epage @zackw

Comments