Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Close all the dependabot "Bump" PR's? #313

Closed
emiliom opened this issue Apr 24, 2024 · 2 comments
Closed

Close all the dependabot "Bump" PR's? #313

emiliom opened this issue Apr 24, 2024 · 2 comments

Comments

@emiliom
Copy link
Member

emiliom commented Apr 24, 2024

There are six open PR's created by Dependabot in 2023, all involving bumping a dependency version in requirements.txt. Since our requirements.txt is created via pip freeze (more or less), I think we can close all those PR's. @abkfenris , any objections?

The Dependabot updates were automatically paused in late August '23: "We noticed you haven't used Dependabot in a while, so we've paused automated Dependabot updates for this repository."
@abkfenris
Copy link
Contributor

Ya I think we can close those and disable Dependabot on them since requirements.txt is a derived file.

@emiliom
Copy link
Member Author

emiliom commented Apr 25, 2024

Thanks. I've closed those PR's and disabled Dependabot alerts and security updates.

@emiliom emiliom closed this as completed Apr 25, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emiliom @abkfenris