dependabot only understand {dev-,test-,}requirements.txt.
We need to rename the tox-requirements into dev-requirements,
so that dependabot can maintain it.
We can then freeze the dependencies in test, and use dependabot
to automatically bump the deps.
This will increase stability for maintainers (no PR will fail due
to test env), while at the same time we will have dependabot to
still show us the issues originated from upstream changes
on a more frequent basis.
dependabot only understand {dev-,test-,}requirements.txt. We need to rename the tox-requirements into dev-requirements, so that dependabot can maintain it.
We can then freeze the dependencies in test, and use dependabot to automatically bump the deps.
This will increase stability for maintainers (no PR will fail due to test env), while at the same time we will have dependabot to still show us the issues originated from upstream changes on a more frequent basis.