Closed EliahKagan closed 10 months ago
Thank you, Depandabot sounds like it could be helpful.
I may mention that gitdb
and smmap
are only useful for the pure-python ODB backend and I'd hope nobody is using it. Yet we have to maintain these packages.
So if there would be a breaking change I'd love to do then it's to remove gitdb
as dependency from GitPython. Doing so would mean faster installations and reduced complexity, a big win.
This enables Dependabot version updates for GitHub Actions only (not Python dependencies), using the exact same configuration as in GitPython.
Since this repository is less active than the GitPython repository, I considered changing the
dependabot.yml
file to check for updatesmonthly
rather thanweekly
. But I did not do so, because the GitHub Actions used in this repository's workflow are requested using major versions, and automatically use the latest minor (and, where applicable, patch) version in that major version automatically. As a result, Dependabot only needs to offer updates when a new major version comes out, which is a fairly infrequent event. So it is unlikely that this would ever generate an excessive number of automated pull requests.Because actions versions were recently updated as part of #88 (in 32d12aa), if this pull request is merged then it should not be expected to cause Dependabot to generate any pull requests in the immediate future.