Enable Dependabot to keep dependencies up to date
brycx opened this issue · comments
Dependabot can be set up to check for outdated dependencies, or dependencies with reported security issues (I think I was wrong on this on. For Dependabot with Rust, we'd still need #18 for security issues), on a daily basis. It'll then create PRs if any such are detected.
Dependabot is added quite easily to the CI with a dependabot.yml
file in the .github
folder.
The file should include something like this:
version: 2
updates:
- package-ecosystem: "cargo"
directory: "/" # Location of package manifests
schedule:
interval: "daily"
@return I tried myself, but it seems only a repository owner is able to set this up.