0.x dependencies are never updated

[kylewillmon]

We have a weekly cargo update for minor version updates and weekly Dependabot run for major version updates. However, it turns out that neither of these handles bumping dependencies from 0.x to 0.x+1

Originally posted by @kylewillmon in #707 (comment)

[kylewillmon]

Thanks to #889, we now know that Dependabot will update these minor versions if there is a security alert on the package.

This issue remains relevant, but that is at least a little bit of comfort.

[kylewillmon]

A bit of a workaround here is to periodically use cargo's unstable update-breaking feature to make sure we're using the latest version possible:

cargo +nightly -Zunstable-options update --breaking