Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bot attempts to update pre-1.0 minor version number #9647

Open
1 task done
tcharding opened this issue Apr 30, 2024 · 0 comments
Open
1 task done

Bot attempts to update pre-1.0 minor version number #9647

tcharding opened this issue Apr 30, 2024 · 0 comments
Labels
L: rust:cargo Rust crates via cargo T: bug 🐞 Something isn't working

Comments

@tcharding
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

Rust crates, cargo package manager

Package manager version

No response

Language version

Rust

Manifest location and content before the Dependabot update

No response

dependabot.yml content

No response

Updated dependency

No response

What you expected to see, versus what you actually saw

Dependabot is raising PRs to update the minor version number of Rust crates (example linked below). IIUC semver treats pre-1.0 releases differently from post 1.0 - specifically minor version update is treated as a major release i.e., breaking changes are allowed in a minor version number upgrade. Therefore dependabot should not be attempting, again IIUC, to do minor version upgrades for pre-1.0 releases.

romanz/electrs#1032

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@tcharding tcharding added the T: bug 🐞 Something isn't working label Apr 30, 2024
@github-actions github-actions bot added L: git:submodules Git submodules L: go:modules Golang modules L: rust:cargo Rust crates via cargo labels Apr 30, 2024
@jakecoffman jakecoffman removed L: go:modules Golang modules L: git:submodules Git submodules labels Jun 28, 2024
jszwedko added a commit to vectordotdev/vector that referenced this issue Oct 23, 2024
@jszwedko
chore(ci): Group together patch updates with dependabot
2d10636 
Patch updates, per semvar, have a low risk of incompatibility and so I think they can all be grouped
together.

I was going to add `minor` here too, but for dependencies pre-1.0, minor updates can be breaking.
There is a dependabot issue asking for this behavior to change:
dependabot/dependabot-core#9647. Also some discussion about this on:
dependabot/dependabot-core#7795

Signed-off-by: Jesse Szwedko <[email protected]>
@jszwedko jszwedko mentioned this issue Oct 23, 2024
Merged
github-merge-queue bot pushed a commit to vectordotdev/vector that referenced this issue Oct 23, 2024
@jszwedko
chore(ci): Group together patch updates with dependabot (#21595)
776f4c6 
Patch updates, per semvar, have a low risk of incompatibility and so I think they can all be grouped
together.

I was going to add `minor` here too, but for dependencies pre-1.0, minor updates can be breaking.
There is a dependabot issue asking for this behavior to change:
dependabot/dependabot-core#9647. Also some discussion about this on:
dependabot/dependabot-core#7795

Signed-off-by: Jesse Szwedko <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: rust:cargo Rust crates via cargo T: bug 🐞 Something isn't working
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jakecoffman @tcharding