Friendship Ended With Dependabot

[wcampbell0x2a]

Two things have driven me away from dependabot, and I don't think there is
any movement with fixing these issues. Maybe renovate fixes these issues but
I have yet to try it out!

• Dependabot will bump the Cargo.toml version of a dependacy, but it never needs to
  unless a non-patch version was updated! This limits the libraries a user could
  use downstream, for no reason. All that needs to happen is that the Cargo.lock changes
  so I can verify my library with a set of libraries that could end up in the users
  stream.
• Dependabot never will update recursive depends, Ever! This is a huge problem for my
  own testing and benchmarks, as unless I rememeber that dependabot does this I will never
  update build-dependencies of downstream projects, such as cc! This leads to wildly different
  testing of downstream projects, since they will use the most up-to-date.

[github-actions]

Benchmark for 36f7cfd

Click to view benchmark

Test	Base	PR	%
only_read/netgear_ax6100v2	2.5±0.00ms	2.5±0.00ms	0.00%
only_read/tplink_ax1800	6.6±0.04ms	6.6±0.00ms	0.00%
unsquashfs/full	10.5±0.10ms	10.5±0.12ms	0.00%
unsquashfs/full-path-filter	7.2±0.22ms	7.3±0.16ms	+1.39%
unsquashfs/list	7.3±0.06ms	7.3±0.19ms	0.00%
unsquashfs/list-path-filter	6.5±0.03ms	6.5±0.06ms	0.00%
write_read/netgear_ax6100v2	1416.5±1.98ms	1421.8±2.78ms	+0.37%
write_read/tplink_ax1800	8.0±0.01s	8.0±0.02s	0.00%