Bot attempts to update pre-1.0 minor version number #9647
Labels
L: git:submodules
Git submodules
L: go:modules
Golang modules
L: rust:cargo
Rust crates via cargo
T: bug 🐞
Something isn't working
Is there an existing issue for this?
Package ecosystem
Rust crates,
cargo
package managerPackage manager version
No response
Language version
Rust
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
Dependabot is raising PRs to update the minor version number of Rust crates (example linked below). IIUC semver treats pre-1.0 releases differently from post 1.0 - specifically minor version update is treated as a major release i.e., breaking changes are allowed in a minor version number upgrade. Therefore dependabot should not be attempting, again IIUC, to do minor version upgrades for pre-1.0 releases.
romanz/electrs#1032
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: