Add lockfile for Dependabot

esrg-knights / Squire

A re-introduction of the WebApp for ESRG Knights of the Kitchen Table.

https://www.kotkt.nl/

GNU General Public License v3.0

11 stars 8 forks source link

Add lockfile for Dependabot #259

Open EricTRL opened 2 years ago

EricTRL commented 2 years ago

Dependabot needs a lockfile in order to auto-create PRs that fix security vulnerabilities in our dependencies. Right now we need update libraries manually.

Dependabot can't update vulnerable dependencies without a lockfile The currently installed version can't be determined.

To resolve the issue add a supported lockfile (Pipfile.lock, pyproject.lock or poetry.lock).

helaan commented 2 years ago

I recommend Poetry: I've used it in the past and I find it a joy to use compared to venv+pip. If you want I can create a drive-by PR to migrate to poetry

EricTRL commented 2 years ago

That'd be awesome! 👍