rules_rust icon indicating copy to clipboard operation
rules_rust copied to clipboard

Published 20 hours ago verified publisher icon bazelbuild

Disable dependabot

Open UebelAndre opened this issue 2 years ago • 4 comments

Seems dependabot is back? Can it be disabled again (https://github.com/bazelbuild/rules_rust/issues/1390)?

UebelAndre avatar Aug 25 '23 14:08 UebelAndre

cc @krasimirgg @scentini

UebelAndre avatar Aug 25 '23 14:08 UebelAndre

ping @scentini I think there's some checkbox in the repo settings you can use to disable this.

UebelAndre avatar Oct 31 '23 05:10 UebelAndre

Sorry for the delay @UebelAndre . It seems that we have disabled dependabot apart from security vulnerability updates, and I'd rather not disable those. Is getting rid of the recent PRs a matter of repinning the dependencies?

scentini avatar Oct 31 '23 10:10 scentini

Sorry for the delay @UebelAndre . It seems that we have disabled dependabot apart from security vulnerability updates, and I'd rather not disable those. Is getting rid of the recent PRs a matter of repinning the dependencies?

Yeah, re-pinning would probably address these. But the issue with Dependabot is that the PR it's suggesting is not sufficient for bumping dependencies. In either the case of crates_repository or crates_vendor Bazel will need to be re-run. It would be awesome if Dependabot could be configured to do the right thing. But it's otherwise just noise to me.

UebelAndre avatar Feb 17 '24 18:02 UebelAndre