Bump the cargo group with 7 updates #2268
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the cargo group with 7 updates: | Package | From | To | | --- | --- | --- | | [tracing-forest](https://github.com/QnnOkabayashi/tracing-forest) | `0.1.6` | `0.2.0` | | [imara-diff](https://github.com/pascalkuthe/imara-diff) | `0.1.8` | `0.2.0` | | [expectrl](https://github.com/zhiburt/expectrl) | `0.7.1` | `0.8.0` | | [zip](https://github.com/zip-rs/zip2) | `5.1.1` | `6.0.0` | | [http](https://github.com/hyperium/http) | `1.3.1` | `1.4.0` | | [ptyprocess](https://github.com/zhiburt/ptyprocess) | `0.4.1` | `0.5.0` | | [tower-http](https://github.com/tower-rs/tower-http) | `0.6.6` | `0.6.7` | Updates `tracing-forest` from 0.1.6 to 0.2.0 - [Commits](https://github.com/QnnOkabayashi/tracing-forest/commits) Updates `imara-diff` from 0.1.8 to 0.2.0 - [Release notes](https://github.com/pascalkuthe/imara-diff/releases) - [Changelog](https://github.com/pascalkuthe/imara-diff/blob/master/CHANGELOG.md) - [Commits](pascalkuthe/imara-diff@v0.1.8...v0.2.0) Updates `expectrl` from 0.7.1 to 0.8.0 - [Commits](https://github.com/zhiburt/expectrl/commits) Updates `zip` from 5.1.1 to 6.0.0 - [Release notes](https://github.com/zip-rs/zip2/releases) - [Changelog](https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md) - [Commits](zip-rs/zip2@v5.1.1...v6.0.0) Updates `http` from 1.3.1 to 1.4.0 - [Release notes](https://github.com/hyperium/http/releases) - [Changelog](https://github.com/hyperium/http/blob/master/CHANGELOG.md) - [Commits](hyperium/http@v1.3.1...v1.4.0) Updates `ptyprocess` from 0.4.1 to 0.5.0 - [Commits](https://github.com/zhiburt/ptyprocess/commits) Updates `tower-http` from 0.6.6 to 0.6.7 - [Release notes](https://github.com/tower-rs/tower-http/releases) - [Commits](tower-rs/tower-http@tower-http-0.6.6...tower-http-0.6.7) --- updated-dependencies: - dependency-name: tracing-forest dependency-version: 0.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: cargo - dependency-name: imara-diff dependency-version: 0.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: cargo - dependency-name: expectrl dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: cargo - dependency-name: zip dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: cargo - dependency-name: http dependency-version: 1.4.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: cargo - dependency-name: ptyprocess dependency-version: 0.5.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: cargo - dependency-name: tower-http dependency-version: 0.6.7 dependency-type: indirect update-type: version-update:semver-patch dependency-group: cargo ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
EliahKagan
added a commit
to EliahKagan/gitoxide
that referenced
this pull request
Nov 24, 2025
Dependabot is working again for cargo dependencies: GitoxideLabs#2245 was due to dependabot/dependabot-core#13345, fixed in dependabot/dependabot-core#13359. However, now we get an analogous problem in here in `gitoxide` with `expectrl` and `imara-diff` to the problem previously encountered in `cargo-smart-release` with `pulldown-cmark`. That was seen in GitoxideLabs/cargo-smart-release#85, where even though it is held back in `dependabot.yml`, Dependabot proposed updates to it in `Cargo.toml`. The analogous problem here can be seen in GitoxideLabs#2268, which includes `expectrl` and `imara-diff`. In GitoxideLabs/cargo-smart-release#86, we worked around the problem in `cargo-smart-release` by explicitly excluding `pulldown-cmark` from grouped updates, so that PRs would be made without it even of Dependabot were to wrongly detect that it should attempt to upgrade it. That was even more effective than anticipated, in that Dependabot also refrained from opening extra non-grouped PRs for it (it heeded the version restrictions again). This attempts an analogous change here in `dependabot.yml` for `gitoxide`, excluding `expectrl` and `imara-diff` from grouped version updates. Hopefully this will at least allow Dependabot grouped version update PRs to be made that don't bump those crates.
EliahKagan
requested changes
Nov 24, 2025
Member
There was a problem hiding this comment.
Dependabot is working again for cargo dependencies, at least in the sense that it no longer fails with the strange error about not being able to find Cargo.toml. What happened was that #2245 was due to dependabot/dependabot-core#13345, fixed in dependabot/dependabot-core#13359.
However, this Dependabot version update PR tries to update expectrl and imara-diff even though it shouldn't. The problem is analogous to what happened in cargo-smart-release for pulldown-cmark, which was fixed there in GitoxideLabs/cargo-smart-release#86. I've opened #2269 to attempt an analogous fix there.
Once that merges, Dependabot should automatically rescan and make a new PR, which should supersede this PR. I'm leaving this PR open for now only to be able to observe that occurring, since if it doesn not then it would indicate a problem. (I also
plan to close issue #2245 at that time.)
Contributor
Author
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the cargo group with 7 updates:
0.1.60.2.00.1.80.2.00.7.10.8.05.1.16.0.01.3.11.4.00.4.10.5.00.6.60.6.7Updates
tracing-forestfrom 0.1.6 to 0.2.0Commits
Updates
imara-difffrom 0.1.8 to 0.2.0Release notes
Sourced from imara-diff's releases.
Changelog
Sourced from imara-diff's changelog.
Commits
c0b655afix test4a02738simplify API and add slider post-processing1505ee1Merge pull request #23 from Wilfred/fix_typos198d5b4Fix spelling and typos984dedeCHANGELOG: remove duplicated top header (#20)Updates
expectrlfrom 0.7.1 to 0.8.0Commits
Updates
zipfrom 5.1.1 to 6.0.0Release notes
Sourced from zip's releases.
Changelog
Sourced from zip's changelog.
Commits
abfc23dfeat: Upgrade [Extended]FileOptions::add_extra_data() data from Box<[u8]> to ...eb1b586docs: Update zip_writer documentation example (#431)26e6e08feat: Add by_index_with_options() for ignoring encryption (#439)165415dchore(deps): update nt-time requirement from 0.10.6 to 0.12.1 (#429)1d5d4edchore(deps): update lzma-rust2 requirement from 0.13 to 0.14 (#432)72cce40chore(deps): update nt-time requirement from 0.10.6 to 0.12.1 (#428)2ef4d3echore(deps): update nt-time requirement from 0.10.6 to 0.12.1 (#427)9cf28cbtest(ci): Fix:renamecan't be skipped5987cddtest(ci): Fix: need recursive rename74f8a3ctest(ci): Need to rename more files during fuzz runsUpdates
httpfrom 1.3.1 to 1.4.0Release notes
Sourced from http's releases.
Changelog
Sourced from http's changelog.
Commits
b9625d8v1.4.050b009crefactor(header): inline FNV hasher to reduce dependencies (#796)b370d36feat(uri): makeAuthority/PathAndQuery::from_staticconst (#786)0d74251chore(ci): update to actions/checkout@v5 (#800)a760767docs: remove unnecessary extern crate sentence (#799)fb1d457refactor(header): use better panic message in const HeaderName and HeaderValu...20dbd6efeat(status): Add 103 EARLY_HINTS status code (#758)e7a7337chore: bump MSRV to 1.571888e28tests: downgrade rand back to 0.8 for now918bbc3chore: minor improvement for docs (#790)Updates
ptyprocessfrom 0.4.1 to 0.5.0Commits
Updates
tower-httpfrom 0.6.6 to 0.6.7Release notes
Sourced from tower-http's releases.
Commits
3bf1ba7v0.6.7723ca9afix(decompression): Suppress EOF errors caused by decompressing empty body (#...8ab9f82chore(ci): use newer cargo-public-api-crates job (#619)7cfdf76doc: Replace doc_auto_cfg with doc_cfg (#609)50beeafAdd support for custom status code in TimeoutLayer (#599)35740dedeps: Remove unnecessary dev-dependencies (#606)a7eefaeci: Re-enable ci on default branch (#605)12a5b33tests: Update to brotli 8 (#603)0195198ci: Update to actions/checkout v5 (#604)c757491examples: Update to axum 0.8 (#602)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions