Add content for "dependency updates" section

Signed-off-by: Matthias Beyer <matthias.beyer@ifm.com>
author: Matthias Beyer <matthias.beyer@ifm.com> 2022-06-23 08:54:42 +0200
committer: Didier Wenzek <didier.wenzek@free.fr> 2022-08-30 15:49:33 +0200
commit: d320740f5f33330ce5382be9092d6680747c2dc6 (patch)
tree: 33f9132bf138b58d82350659b97c8f5bfa2354dc
parent: f1c27bf0fee78fd67a3ef90f646ac86e5c64c841 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index 3c83a2d2..f09fdc69 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -225,6 +225,15 @@ core contributors = [SAG, IFM]
   bors-ng is used to prevent "merge skew" or "semantic merge conflicts"
   (read more [here](https://bors.tech/essay/2017/02/02/pitch/)).
 - Dependency updates
+  Dependencies should be kept in sync over all crates in the project. That means
+  that different crates of the project should try to use dependencies in the
+  same versions, but also that dependencies should be harmonized in a way that a
+  specific problem should not be solved with more than one external library at a
+  time.
+  Updates of dependencies is automated via a github bot
+  ([dependabot](https://github.com/dependabot)).
+  To ensure harmonization of dependencies, a dedicated team (see "Team
+  Structure") is responsible for keeping an eye on the list of dependencies.
 - License linting
 
 ## Related
author	Matthias Beyer <matthias.beyer@ifm.com>	2022-06-23 08:54:42 +0200
committer	Didier Wenzek <didier.wenzek@free.fr>	2022-08-30 15:49:33 +0200
commit	d320740f5f33330ce5382be9092d6680747c2dc6 (patch)
tree	33f9132bf138b58d82350659b97c8f5bfa2354dc
parent	f1c27bf0fee78fd67a3ef90f646ac86e5c64c841 (diff)