diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..5602ef3057 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,41 @@ +version: 2 +updates: + +# We do not set open-pull-requests-limit, as sometimes +# dependabot thinks the limit is hit without actually having +# any PRs open. In reality, the configs below can only result +# in at most one PR per package ecosystem anyway. +# A weekly update of the rust-vmm-ci submodule +- package-ecosystem: gitsubmodule + directory: "/" + schedule: + interval: weekly + day: friday + +# A weekly update to rust dependencies. +# Using smaller groups to avoid BadObjectState errors with large grouped updates. +# See: https://github.com/dependabot/dependabot-core/issues/10280 +- package-ecosystem: cargo + directory: "/" + schedule: + interval: weekly + day: friday + groups: + # Minor and patch updates for production dependencies + rust-minor-patch: + dependency-type: "production" + update-types: + - "minor" + - "patch" + + # Development dependencies (build, dev, test) + rust-dev-dependencies: + dependency-type: "development" + update-types: + - "minor" + - "patch" + + # Major version updates (potentially breaking changes) + rust-major-updates: + update-types: + - "major" diff --git a/libtcgtpm/deps/openssl b/libtcgtpm/deps/openssl index 636dfadc70..c8b4a397d0 160000 --- a/libtcgtpm/deps/openssl +++ b/libtcgtpm/deps/openssl @@ -1 +1 @@ -Subproject commit 636dfadc70ce26f2473870570bfd9ec352806b1d +Subproject commit c8b4a397d066857492c714735d7658cd1e545e81