Skip to content

Commit

Permalink
🔧 [dependabot] Reduce merge conflicts using the lockfile-only strategy
Browse files Browse the repository at this point in the history 
Dependabot updates version constraints in pyproject.toml even when the version
constraint already covers the new version, leading to frequent merge conflicts
because the global content hash in poetry.lock changes.

As of cjolowicz/cookiecutter-hypermodern-python-instance#744, this project
template no longer uses upper version bounds for its dependencies. As a result,
we are now able to use the "lockfile-only" versioning strategy to upgrade
dependencies, including major version bumps. This strategy prevents Dependabot
from modifying pyproject.toml, putting an end to the frequent merge conflicts.

Retrocookie-Original-Commit: cjolowicz/cookiecutter-hypermodern-python-instance@3082062
  • Loading branch information
@cjolowicz @actions-user
cjolowicz authored and actions-user committed Dec 27, 2021
1 parent 739ade1 commit 7dc6db3
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions {{cookiecutter.project_name}}/.github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,4 @@ updates:
directory: "/"
schedule:
interval: daily
versioning-strategy: lockfile-only

0 comments on commit 7dc6db3

Please sign in to comment.