vhost-device

mirror of https://github.com/rust-vmm/vhost-device.git synced 2025-12-25 14:15:10 +00:00

History

Ruoqing He 60a29e2403 dependabot: Group updates to reduce noise We have missused `exclude-patterns` and `applies-to` in previous setup, they are documented in [1]: - `exclude-patterns`: Use to exclude certain dependencies from the group. If a dependency is excluded from a group, Dependabot will continue to raise single pull requests to update the dependency to its latest version. - `applies-to`: Use to specify whether the rules in the group apply to version updates or security updates. applies-to can be version-updates or security-updates. Options in `groups` section is a matter of grouping strategy of these detected udpates. All in all, to effectively "group" these updates, we need to use `allow` and `ignore` to specify update "candidates" for dependabot, if the "candidates" were duplicated in the first place, no matter the grouping strategy, the PRs raised are bound to be overlaped/duplicated. [1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>	2024-11-18 13:50:34 +05:30
..
dependabot.yml	dependabot: Group updates to reduce noise	2024-11-18 13:50:34 +05:30

Ruoqing He 60a29e2403 dependabot: Group updates to reduce noise

We have missused `exclude-patterns` and `applies-to` in previous setup,
they are documented in [1]:

- `exclude-patterns`: Use to exclude certain dependencies from the
  group. If a dependency is excluded from a group, Dependabot will
  continue to **raise single pull requests** to update the dependency to
  its latest version.
- `applies-to`: Use to specify whether the rules in the group apply to
  version updates or security updates. applies-to can be version-updates
  or security-updates.

Options in `groups` section is a matter of grouping strategy of these
detected udpates.

All in all, to effectively "group" these updates, we need to use `allow`
and `ignore` to specify update "candidates" for dependabot, if the
"candidates" were duplicated in the first place, no matter the grouping
strategy, the PRs raised are bound to be overlaped/duplicated.

[1] https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

Signed-off-by: Ruoqing He <heruoqing@iscas.ac.cn>

2024-11-18 13:50:34 +05:30

dependabot.yml

dependabot: Group updates to reduce noise

2024-11-18 13:50:34 +05:30