Bot attempts to update pre-1.0 minor version number #9647
Description
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
Rust crates, cargo package manager
Package manager version
No response
Language version
Rust
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
Dependabot is raising PRs to update the minor version number of Rust crates (example linked below). IIUC semver treats pre-1.0 releases differently from post 1.0 - specifically minor version update is treated as a major release i.e., breaking changes are allowed in a minor version number upgrade. Therefore dependabot should not be attempting, again IIUC, to do minor version upgrades for pre-1.0 releases.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
No response
Smallest manifest that reproduces the issue
No response