Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set dependabot group and versioning-strategy (#10)
Group dependency updates to reduce noise from pull requests. Major and security updates are left grouped so that they can be given careful and, in the case of security updates, expedited consideration. Set the versioning strategy to "lockfile-only" because the default value, presumably "auto", would bump the required version of dependencies in the manifest(s) and in turn force these requirements onto our users. One downside of this is that dependabot will not attempt to "widen" the versions specified in the manifest(s), which means we may forget to add support for new major versions. But as of writing the "cargo" package-ecosystem supports only "auto" and "lockfile-only".
- Loading branch information