Skip to content

Add dependabot.yml for automated dependency updates#303

Closed
dongjiang1989 wants to merge 1 commit into
connectrpc:mainfrom
dongjiang1989:add-dependabot
Closed

Add dependabot.yml for automated dependency updates#303
dongjiang1989 wants to merge 1 commit into
connectrpc:mainfrom
dongjiang1989:add-dependabot

Conversation

@dongjiang1989

Copy link
Copy Markdown
Contributor

Summary

  • Add .github/dependabot.yml to enable automated dependency updates via Dependabot
  • Configure weekly updates for GitHub Actions and Python dev dependencies
  • Production dependencies (protobuf-py, pyqwest, opentelemetry-*, connectrpc, etc.) remain manually managed, consistent with the existing renovate.json policy
  • Only the root directory is configured for pip ecosystem since all uv workspace members share a single uv.lock

Configure Dependabot to weekly update GitHub Actions and Python dev
dependencies. Production dependencies remain manually managed,
consistent with the existing renovate.json policy.

Signed-off-by: dongjiang <dongjiang1989@126.com>
@anuraaga

Copy link
Copy Markdown
Collaborator

Hi @dongjiang1989 - we use renovate instead of dependabot for dependencies for various reasons. While bug fixes and similar are appreciated, for high level changes it is probably worth filing an issue. Please take care in causing too much review churn. Thanks.

@anuraaga anuraaga closed this Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants