Open edgarrmondragon opened 2 months ago
Hell ye 🙌
We're stuck with Dependabot due to corporate reasons and we'd love Dependabot support for uv.lock files as soon as possible.
This has also blocked us, so +1 for prioritising this.
As a stopgap in the meantime, I've hacked together a small GitHub Actions workflow which provides fairly similar functionality to unblock our project whilst we wait. A small demo is available here https://github.com/EdmundGoodman/update-bot if it is helpful to anyone else.
It slightly differs from dependabot in that it makes a PR on a cron schedule if any dependency can be updated rather than whenever a security vulnerability is found, but is good enough for us for now. It differs from other workflows I've seen in this thread, as it PRs rather than just directly committing to main which could break things.
Is there an existing issue for this?
Feature description
Now that uv has a lockfile, it would be nice if dependabot supported making updates to
pyproject.toml
and/oruv.lock
using uv.Related: