From 34854537acc31798572f3b52b42d3f660b942770 Mon Sep 17 00:00:00 2001
From: wcampbell <wcampbell1995@gmail.com>
Date: Sat, 4 Jan 2025 12:59:36 -0500
Subject: [PATCH] Friendship ended with Dependabot

Two things have driven me away from dependabot, and I don't think there is
any movement with fixing these issues. Maybe renovate fixes these issues but
I have yet to try it out!

* Dependabot will bump the Cargo.toml version of a dependacy, but it never needs to
  unless a non-patch version was updated! This limits the libraries a user _could_
  use downstream, for no reason. All that needs to happen is that the Cargo.lock changes
  so I can verify my library with a _set_ of libraries that _could_ end up in the users
  stream.
* Dependabot *never* will update recursive depends, Ever! This is a huge problem for my
  own testing and benchmarks, as unless I rememeber that dependabot does this I will never
  update build-dependencies of downstream projects, such as cc! This leads to wildly different
  testing of downstream projects, since they will use the most up-to-date.
---
 .github/dependabot.yml             | 16 -------------
 .github/workflows/pull_request.yml | 38 ------------------------------
 RELEASE.md                         | 12 ++++++++++
 3 files changed, 12 insertions(+), 54 deletions(-)
 delete mode 100644 .github/dependabot.yml
 delete mode 100644 .github/workflows/pull_request.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index b1d4e13d..00000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: daily
-
-  - package-ecosystem: cargo
-    directory: /
-    schedule:
-      interval: daily
-
-  - package-ecosystem: cargo
-    directory: /fuzz
-    schedule:
-      interval: daily
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
deleted file mode 100644
index a5022042..00000000
--- a/.github/workflows/pull_request.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-name: 'pull-request'
-on:
-  pull_request_target:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-      - labeled
-      - unlabeled
-
-jobs:
-  changelog:
-    runs-on: ubuntu-24.04
-
-    permissions:
-      # Give the default GITHUB_TOKEN write permission to commit and push the
-      # added or changed files to the repository.
-      contents: write
-
-    steps:
-      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
-        with:
-          ref: ${{ github.head_ref }}
-          token: ${{ secrets.PAT }}
-
-      - uses: dangoslen/dependabot-changelog-helper@392b22478d34ddd54f2c51919bf40ad5590db395 # v3.9.0
-        with:
-          version: 'Unreleased'
-          activationLabels: 'C-dependencies,dependabot-reviewed'
-          changelogPath: './CHANGELOG.md'
-
-      - name: Commit the changes
-        uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
-        with:
-          skip_checkout: true
-          commit_message: "Update changelog"
-          branch: ${{ github.head_ref }}
diff --git a/RELEASE.md b/RELEASE.md
index ed9d49d1..581b5e72 100644
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,5 +1,17 @@
 # Release
 
+## Update breaking depends
+Note these in the changelog.
+```
+$ cargo +nightly -Z unstable-options update --breaking
+```
+
+## Update recursive depends
+Some of these could end up in the changelog.
+```
+$ cargo update --recursive
+```
+
 ## Bump Versions
 ```
 $ cargo release version [LEVEL] -p backhand -p backhand-cli --execute