I think we should keep poetry.lock up-to-date. Currently, we only update poetry.lock when editing dependencies in pyproject.toml, and this leads to upgrading locked dependencies when making an unrelated change. For example, @WayneDroid added TDMS examples in #594, and this required new dependencies, so he updated poetry.lock. This upgraded to NumPy 2.0, which would have caused test failures if they hadn't already been addressed.
Also, I think we should keep GitHub actions up-to-date. As mentioned in #464 , older versions of upload-artifact and download-artifact will be deprecated this year. This repo's GitHub workflows may be using outdated versions of other GitHub actions as well.
This repo has Dependabot enabled, but it only upgrades dependencies when there is a security vulnerability. Also, it has a bug that causes it to promote optional dependencies to required.
I think we should keep poetry.lock up-to-date. Currently, we only update poetry.lock when editing dependencies in pyproject.toml, and this leads to upgrading locked dependencies when making an unrelated change. For example, @WayneDroid added TDMS examples in #594, and this required new dependencies, so he updated poetry.lock. This upgraded to NumPy 2.0, which would have caused test failures if they hadn't already been addressed.
Also, I think we should keep GitHub actions up-to-date. As mentioned in #464 , older versions of upload-artifact and download-artifact will be deprecated this year. This repo's GitHub workflows may be using outdated versions of other GitHub actions as well.
This repo has Dependabot enabled, but it only upgrades dependencies when there is a security vulnerability. Also, it has a bug that causes it to promote optional dependencies to required.
We have been using Renovate for the measurement-plugin-python, measurement-plugin-labview, and ni-apis repos. I think https://github.com/ni/measurement-plugin-python/blob/main/.github/renovate.json would be a good starting point.