Today I Learned: collection of notes, tips and tricks and stuff I learn from day to day working with computers and technology as an open source contributor and product manager

View project on GitHub

Use dependabot for Python

You can get Dependabot to help you with keeping your Python dependencies up to date, if it is based on pip.

# Basic dependabot.yml file
# REF: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot

version: 2
  # Enable version updates for pip (Python)
  - package-ecosystem: "pip"
    directory: "/"
      interval: "weekly"
    # Only allow updates to the lockfile for pip and
    # ignore any version updates that affect the manifest
    versioning-strategy: lockfile-only

Resources and References