Use dependabot for Python

You can get Dependabot to help you with keeping your Python dependencies up to date, if it is based on pip.

# Basic dependabot.yml file
# REF: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot

version: 2
updates:
  # Enable version updates for pip (Python)
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
    # Only allow updates to the lockfile for pip and
    # ignore any version updates that affect the manifest
    versioning-strategy: lockfile-only

Resources and References

GitHub Documentation, supported eco-systems
GitHub Documentation: “Keeping your actions up to date with Dependabot”

til

Today I Learned: collection of notes, tips and tricks and stuff I learn from day to day working with computers and technology as an open source contributor and product manager

Use dependabot for Python

Resources and References