From f9de627c836ffbbf5a41ce3c08b1b0c11bb4e618 Mon Sep 17 00:00:00 2001 From: serversidehannes Date: Fri, 29 May 2026 13:16:24 +0200 Subject: [PATCH] ci: stop Dependabot bumping boto3/botocore past aioboto3's cap aioboto3 15.5.0 (latest) pins aiobotocore==2.25.1, which requires botocore<1.40.62. Dependabot's group tried to bump botocore to 1.43.17, making resolution unsatisfiable ("can't resolve your Python dependency files"). Ignore boto3/botocore so aioboto3 governs them; remove the ignore once a newer aioboto3 supports current botocore. --- .github/dependabot.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 50e541f..6bb4e38 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,13 @@ updates: applies-to: security-updates patterns: - "*" + ignore: + # aioboto3 (latest 15.5.0) pins aiobotocore==2.25.1, which caps + # botocore <1.40.62. boto3/botocore release far ahead of that, so + # bumping them independently makes resolution unsatisfiable. Let + # aioboto3 drive their versions; revisit when a newer aioboto3 ships. + - dependency-name: "boto3" + - dependency-name: "botocore" - package-ecosystem: "docker" directory: "/"