Dependabot seems to only update direct dependencies and will only update transitive dependencies when it has to (i.e. because a direct dependency requires a newer version), which can lead to problems like this.
Aside from bugs, it would be good to keep transitive dependencies up to date anyway. For example, the version of highs-sys (which bundles the HiGHS C++ code) that we are using is out of date and it would be good to have any upstream bug fixes and performance improvements for that.
Example workflow: https://github.com/dora-rs/dora/blob/main/.github/workflows/cargo-update.yml
Dependabot seems to only update direct dependencies and will only update transitive dependencies when it has to (i.e. because a direct dependency requires a newer version), which can lead to problems like this.
Aside from bugs, it would be good to keep transitive dependencies up to date anyway. For example, the version of
highs-sys(which bundles the HiGHS C++ code) that we are using is out of date and it would be good to have any upstream bug fixes and performance improvements for that.Example workflow: https://github.com/dora-rs/dora/blob/main/.github/workflows/cargo-update.yml