Skip to content

Commit

Permalink
🔧 [dependabot] Reduce merge conflicts using the lockfile-only strategy
Browse files Browse the repository at this point in the history 
Dependabot updates version constraints in pyproject.toml even when the version
constraint already covers the new version, leading to frequent merge conflicts
because the global content hash in poetry.lock changes.

As of #744, this project
template no longer uses upper version bounds for its dependencies. As a result,
we are now able to use the "lockfile-only" versioning strategy to upgrade
dependencies, including major version bumps. This strategy prevents Dependabot
from modifying pyproject.toml, putting an end to the frequent merge conflicts.
  • Loading branch information
@cjolowicz
cjolowicz committed Dec 27, 2021
1 parent fc3633d commit 6e614ab
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ updates:
directory: "/"
schedule:
interval: daily
versioning-strategy: lockfile-only

0 comments on commit 6e614ab

Please sign in to comment.