Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-enable lockfile only mode of dependabot #912

Merged
merged 1 commit into from
Oct 7, 2024
Merged

Re-enable lockfile only mode of dependabot #912

merged 1 commit into from
Oct 7, 2024

Conversation

ml-evs
Copy link
Member

@ml-evs ml-evs commented Oct 7, 2024

Dependabot simply can't cope with our repo and fails to even attempt to obey any versioning constraints. This PR re-enables lockfile only mode, which should at least explicitly ignore versions not allowed by pyproject.toml rules.

Probably once we have fully migrated we should roll our own scheduled uv lock -U action for our Python deps, and leave dependabot for security updates in npm only, or wait for better explicit uv support in dependabot (dependabot/dependabot-core#10478)

@ml-evs ml-evs added build For issues/PRs pertaining to the build or deployment of the package dependency_updates For issues/PRs that update the dependencies of the package labels Oct 7, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 7, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.34%. Comparing base (1fa4e6b) to head (fce7405).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #912   +/-   ##
=======================================
  Coverage   68.34%   68.34%           
=======================================
  Files          62       62           
  Lines        3921     3921           
=======================================
  Hits         2680     2680           
  Misses       1241     1241

@cypress Cypress
Copy link

cypress bot commented Oct 7, 2024

datalab    Run #2508

Run Properties:  status check passed Passed #2508  •  git commit 2dd78fbb95 ℹ️: Merge fce740598acf26a0e3a7b74569c3f2bc360b5c2d into 1fa4e6b39406a6f970f5ad5c0554...
Project datalab
Branch Review ml-evs/dependabot-config
Run status status check passed Passed #2508
Run duration 06m 10s
Commit git commit 2dd78fbb95 ℹ️: Merge fce740598acf26a0e3a7b74569c3f2bc360b5c2d into 1fa4e6b39406a6f970f5ad5c0554...
Committer Matthew Evans
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 396
View all changes introduced in this branch ↗︎

@ml-evs ml-evs merged commit 65a2660 into main Oct 7, 2024
20 checks passed
@ml-evs ml-evs deleted the ml-evs/dependabot-config branch October 7, 2024 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdbocarsly jdbocarsly Awaiting requested review from jdbocarsly jdbocarsly is a code owner

Assignees
No one assigned
Labels
build For issues/PRs pertaining to the build or deployment of the package dependency_updates For issues/PRs that update the dependencies of the package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ml-evs