From 6816300588b004e2819f6f285eef70a4f0da35d8 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Mon, 14 Nov 2022 14:45:17 +0000
Subject: [PATCH] Make Dependabot only bump Rust deps in the lock file (#14434)

This is to help downstream packagers.
---
 .github/dependabot.yml |  1 +
 changelog.d/14434.misc |  1 +
 rust/Cargo.toml        | 12 ++++++------
 3 files changed, 8 insertions(+), 6 deletions(-)
 create mode 100644 changelog.d/14434.misc

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9ee62bf539..7ce353ed64 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -18,5 +18,6 @@ updates:
 
   - package-ecosystem: "cargo"
     directory: "/"
+    versioning-strategy: "lockfile-only"
     schedule:
       interval: "weekly"
diff --git a/changelog.d/14434.misc b/changelog.d/14434.misc
new file mode 100644
index 0000000000..75d24cd73d
--- /dev/null
+++ b/changelog.d/14434.misc
@@ -0,0 +1 @@
+Make Dependabot only bump Rust deps in the lock file.
diff --git a/rust/Cargo.toml b/rust/Cargo.toml
index 48f6144b29..cffaa5b51b 100644
--- a/rust/Cargo.toml
+++ b/rust/Cargo.toml
@@ -20,16 +20,16 @@ crate-type = ["lib", "cdylib"]
 name = "synapse.synapse_rust"
 
 [dependencies]
-anyhow = "1.0.66"
+anyhow = "1.0.63"
 lazy_static = "1.4.0"
 log = "0.4.17"
-pyo3 = { version = "0.17.3", features = ["extension-module", "macros", "anyhow", "abi3", "abi3-py37"] }
+pyo3 = { version = "0.17.1", features = ["extension-module", "macros", "anyhow", "abi3", "abi3-py37"] }
 pyo3-log = "0.7.0"
 pythonize = "0.17.0"
-regex = "1.7.0"
-serde = { version = "1.0.147", features = ["derive"] }
-serde_json = "1.0.87"
+regex = "1.6.0"
+serde = { version = "1.0.144", features = ["derive"] }
+serde_json = "1.0.85"
 
 [build-dependencies]
-blake2 = "0.10.5"
+blake2 = "0.10.4"
 hex = "0.4.3"
-- 
GitLab