Skip to content

Add dependabot #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
insani7y opened this issue Oct 28, 2024 · 2 comments
Closed

Add dependabot #4

insani7y opened this issue Oct 28, 2024 · 2 comments

Comments

@insani7y
Copy link
Member

Add dependabot, so it can scan against outdated packages
@lesnik512
Copy link
Contributor

@vrslev I think, we don't need this because we don't store lock files in packages. What do you think?

@vrslev
Copy link

vrslev commented Feb 6, 2025

Fare. Also, dependabot doesn't have support for dependency-groups—which we extensively use with uv. Another point is that dependabot can only be configured per-repository.

@vrslev vrslev closed this as not planned Won't fix, can't repro, duplicate, stale Feb 6, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lesnik512 @insani7y @vrslev