chore(ci): make dependabot tell us of breaking changes we could upgrade to

[seanmonstar]

I don't need dependabot telling me about very single point release. We purposefully keep the minimum range down, to allow people to use older versions of dependencies if they need it. There's a minimal-versions check for that even.

But this change should make it so we get notified when a dependency has a breaking change. That won't be automatically pulled in, but we probably want to upgrade to it. It's likely dependabot can't fix the breakage, but at least we'll be alerted that we should upgrade. And who knows, sometimes major release don't cause us any breakage at all!

[Xuanwo]

I have seen a warning message:

The property '#/updates/1/versioning-strategy' value "increase-if-necessary" did not match one of the following values: lockfile-only, auto

[seanmonstar]

Huh, I may have misread the docs about which ecosystems supported which strategies. Oh well, I can revert in the morning. It just sounded like a nice idea.

[seanmonstar]

Where did you see that warning? The source code suggests it is supported: https://github.com/dependabot/dependabot-core/blob/261436243d0fa5dc56e5010484ad6ba481dae098/cargo/lib/dependabot/cargo/update_checker/requirements_updater.rb#L30

[Xuanwo]

Where did you see that warning? The source code suggests it is supported: https://github.com/dependabot/dependabot-core/blob/261436243d0fa5dc56e5010484ad6ba481dae098/cargo/lib/dependabot/cargo/update_checker/requirements_updater.rb#L30

There is a CI failure about this change: https://github.com/seanmonstar/reqwest/runs/43144541585

(And yes, I review every CI failure for reqwest! 😄)

[Xuanwo]

The issue appears to remain unresolved since 2021: dependabot/dependabot-core#4009

[seanmonstar]

Yea I just found that issue too. Weird, I must not understand what that code that I linked to does, then.

[seanmonstar]

Ok, well I just reverted it in master, with a link to that issue. 🤷