Close all the dependabot "Bump" PR's?

oceanhackweek / oceanhackweek.github.io

GitHub repo for the OceanHackweek website

https://oceanhackweek.org/

12 stars 39 forks source link

Close all the dependabot "Bump" PR's? #313

Closed emiliom closed 4 months ago

emiliom commented 4 months ago

There are six open PR's created by Dependabot in 2023, all involving bumping a dependency version in requirements.txt. Since our requirements.txt is created via pip freeze (more or less), I think we can close all those PR's. @abkfenris , any objections?

The Dependabot updates were automatically paused in late August '23: "We noticed you haven't used Dependabot in a while, so we've paused automated Dependabot updates for this repository."

abkfenris commented 4 months ago

Ya I think we can close those and disable Dependabot on them since requirements.txt is a derived file.

emiliom commented 4 months ago

Thanks. I've closed those PR's and disabled Dependabot alerts and security updates.