Add dependabot.yml to keep dependencies up to date #1613
Conversation
shenxianpeng
changed the title
|
This will probably not work for workflows embedded in the guides. Plus, it's best to verify those manually every time since there's no automation doing that. |
|
I don't like the frequency setting in the config. Dependabot can be very noisy. Quarterly would be fine, I suppose, but daily is crazy. |
|
Indeed. If it works, that would be great, as it would let the maintainer know some areas that need attention and possible updates. The longest scheduled interval for Dependabot is monthly, so I changed it to monthly. |
|
Monthly still feel like a lot. It might seem that it's not, but that's only when you get notifications from a single repository. The more repos, the more notifications. So for me personally, it'd just add to a lot of noise that's already present… Not sure if anybody else here would want this in. |
|
On that note, it'd be nice to make |
Add dependabot.yml to update GitHub action and Python package dependencies to date automatically.
(maybe it also can help with pull requests like #1614 )
📚 Documentation preview 📚: https://python-packaging-user-guide--1613.org.readthedocs.build/en/1613/