This is an automated email from the ASF dual-hosted git repository.
xuanwo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/opendal.git
The following commit(s) were added to refs/heads/main by this push:
new e9a91750c chore(dependabot): update OpenDAL dependencies less
frequently (#6384)
e9a91750c is described below
commit e9a91750c1023ea217266d33ac94a279c9c000a1
Author: Erick Guan <297343+erickg...@users.noreply.github.com>
AuthorDate: Fri Jul 11 20:05:12 2025 +0200
chore(dependabot): update OpenDAL dependencies less frequently (#6384)
---
.github/dependabot.yml | 118 +++++++++++++++++++++++++++++++++++++++++++++----
core/Cargo.toml | 3 +-
2 files changed, 111 insertions(+), 10 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e109a9414..20b9a3f7d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -17,73 +17,173 @@
version: 2
updates:
+ # GitHub Actions - yearly updates with groups
- package-ecosystem: "github-actions"
directory: "/"
- open-pull-requests-limit: 1
+ open-pull-requests-limit: 2
+ # GitHub Actions have a steady update interval. Update yearly to reduce
update PRs.
schedule:
- interval: "monthly"
+ interval: "yearly"
+ groups:
+ github-actions:
+ patterns:
+ - "actions/*"
+ third-party-actions:
+ patterns:
+ - "*"
+ # Core dependencies - semiannual updates with groups
- package-ecosystem: "cargo"
directory: "/core"
- open-pull-requests-limit: 1
+ open-pull-requests-limit: 4
+ # Update core dependencies semiannually because core dependencies are
somewhat stable.
+ #
+ # Developers can update dependencies via dependabot manually by:
+ # 1. Go to Dependabot page
https://github.com/apache/opendal/network/updates
+ # 2. Choose a project by "Recent update jobs"
+ # 3. Click "Check for updates"
schedule:
- interval: "monthly"
+ interval: "semiannually"
+ groups:
+ # HTTP, TLS, serialization and utilities
+ http-serialization-utils:
+ patterns:
+ - "backon"
+ - "base64"
+ - "bytes"
+ - "chrono"
+ - "rand"
+ - "getrandom"
+ - "http*"
+ - "percent-encoding"
+ - "prometheus*"
+ - "quick-xml"
+ - "reqwest"
+ - "reqsign"
+ - "rustls*"
+ - "serde*"
+ - "uuid"
+ # Async runtime and runtime tools
+ async-runtime:
+ patterns:
+ - "tokio*"
+ - "async-*"
+ - "futures*"
+ - "sqlx"
+ # Logs, errors and checksums
+ logs-errors-checksums:
+ patterns:
+ - "anyhow"
+ - "*error*"
+ - "log"
+ - "crc32c"
+ - "sha*"
+ - "md-5"
+ - "metrics"
+ - "tracing"
+ others:
+ patterns:
+ - "*"
- package-ecosystem: "cargo"
directory: "/bin/oay"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90 # maximum 90 days
+ include:
+ - "*"
- package-ecosystem: "cargo"
directory: "/bin/ofs"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
- package-ecosystem: "cargo"
directory: "/bin/oli"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
- package-ecosystem: "cargo"
directory: "/integrations/dav-server"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
- package-ecosystem: "cargo"
directory: "/integrations/object_store"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
- package-ecosystem: "cargo"
directory: "/bindings/java"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
- package-ecosystem: "cargo"
directory: "/bindings/nodejs"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
+ # Python bindings
- package-ecosystem: "cargo"
directory: "/bindings/python"
- open-pull-requests-limit: 1
+ open-pull-requests-limit: 3
schedule:
- interval: "monthly"
+ interval: "semiannually"
groups:
- pyo3-dependencies:
+ # Update to keep sync with core dependency
+ core-sync:
+ patterns:
+ - "anyhow"
+ - "bytes"
+ - "chrono"
+ - "tokio*"
+ - "futures*"
+ pyo3:
+ patterns:
+ - "pyo3*"
+ others:
patterns:
- - "pyo3"
- - "pyo3-*"
+ - "*"
+ # Website npm dependencies
- package-ecosystem: "npm"
directory: "/website"
open-pull-requests-limit: 1
schedule:
interval: "monthly"
+ cooldown:
+ semver-patch-days: 90
+ include:
+ - "*"
diff --git a/core/Cargo.toml b/core/Cargo.toml
index 4e720106c..207af0814 100644
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@@ -250,7 +250,6 @@ futures = { version = "0.3", default-features = false,
features = [
"std",
"async-await",
] }
-ghac = { version = "0.2.0", optional = true }
http = "1.1"
http-body = "1"
log = "0.4"
@@ -301,6 +300,8 @@ foundationdb = { version = "0.9.0", features = [
"embedded-fdb-include",
"fdb-7_3",
], optional = true }
+# for services-ghac
+ghac = { version = "0.2.0", optional = true }
# for services-hdfs
hdrs = { version = "0.3.2", optional = true, features = ["async_file"] }
# for services-upyun
