From 76f852b71e8ccc390100ccf80b4cf9197da0a1f1 Mon Sep 17 00:00:00 2001 From: Stefano Garzarella Date: Thu, 16 Oct 2025 16:02:06 +0200 Subject: [PATCH 1/4] github: add dependabot configuration This is copied from rust-vmm project [1]. [1] https://github.com/rust-vmm/rust-vmm-ci/blob/main/dependabot-weekly.yml Signed-off-by: Stefano Garzarella --- .github/dependabot.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..01ac07c6c2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,29 @@ +version: 2 +updates: + +# We do not set open-pull-requests-limit, as sometimes +# dependabot thinks the limit is hit without actually having +# any PRs open. In reality, the configs below can only result +# in at most one PR per package ecosystem anyway. +# A weekly update of the rust-vmm-ci submodule +- package-ecosystem: gitsubmodule + directory: "/" + schedule: + interval: weekly + day: friday + +# A weekly update to rust dependencies. These will be grouped, +# e.g. one PR will contains updates for all dependencies. +- package-ecosystem: cargo + directory: "/" + schedule: + interval: weekly + day: friday + # Make it also update transitive dependencies in Cargo.lock + allow: + - dependency-type: "all" + # Group all available updates into a group called "rust-dependencies" + groups: + rust-dependencies: + patterns: + - "*" From 94331fd2a78aa82f79641530a321edcccc799380 Mon Sep 17 00:00:00 2001 From: Stefano Garzarella Date: Thu, 30 Oct 2025 15:06:11 +0100 Subject: [PATCH 2/4] dependabot: disable groups See - https://github.com/dependabot/dependabot-core/pull/13272 - https://github.com/dependabot/dependabot-core/issues/10280 - https://github.com/dependabot/dependabot-core/pull/13201 Signed-off-by: Stefano Garzarella --- .github/dependabot.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 01ac07c6c2..d709a058c2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,8 +22,3 @@ updates: # Make it also update transitive dependencies in Cargo.lock allow: - dependency-type: "all" - # Group all available updates into a group called "rust-dependencies" - groups: - rust-dependencies: - patterns: - - "*" From c7b1945e209f2f80676274ec5db926d50a649f88 Mon Sep 17 00:00:00 2001 From: Stefano Garzarella Date: Thu, 30 Oct 2025 15:38:51 +0100 Subject: [PATCH 3/4] dependabot: use groups without patterns Signed-off-by: Stefano Garzarella --- .github/dependabot.yml | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d709a058c2..5602ef3057 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,13 +12,30 @@ updates: interval: weekly day: friday -# A weekly update to rust dependencies. These will be grouped, -# e.g. one PR will contains updates for all dependencies. +# A weekly update to rust dependencies. +# Using smaller groups to avoid BadObjectState errors with large grouped updates. +# See: https://github.com/dependabot/dependabot-core/issues/10280 - package-ecosystem: cargo directory: "/" schedule: interval: weekly day: friday - # Make it also update transitive dependencies in Cargo.lock - allow: - - dependency-type: "all" + groups: + # Minor and patch updates for production dependencies + rust-minor-patch: + dependency-type: "production" + update-types: + - "minor" + - "patch" + + # Development dependencies (build, dev, test) + rust-dev-dependencies: + dependency-type: "development" + update-types: + - "minor" + - "patch" + + # Major version updates (potentially breaking changes) + rust-major-updates: + update-types: + - "major" From fb6ed83bdee7b6dc9919e05343f4ee14d9ced947 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 Oct 2025 08:08:52 +0000 Subject: [PATCH 4/4] build(deps): bump libtcgtpm/deps/openssl from `636dfad` to `c8b4a39` Bumps [libtcgtpm/deps/openssl](https://github.com/openssl/openssl) from `636dfad` to `c8b4a39`. - [Release notes](https://github.com/openssl/openssl/releases) - [Commits](https://github.com/openssl/openssl/compare/636dfadc70ce26f2473870570bfd9ec352806b1d...c8b4a397d066857492c714735d7658cd1e545e81) --- updated-dependencies: - dependency-name: libtcgtpm/deps/openssl dependency-version: c8b4a397d066857492c714735d7658cd1e545e81 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- libtcgtpm/deps/openssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libtcgtpm/deps/openssl b/libtcgtpm/deps/openssl index 636dfadc70..c8b4a397d0 160000 --- a/libtcgtpm/deps/openssl +++ b/libtcgtpm/deps/openssl @@ -1 +1 @@ -Subproject commit 636dfadc70ce26f2473870570bfd9ec352806b1d +Subproject commit c8b4a397d066857492c714735d7658cd1e545e81