How does dependabot determine updates to a Pipfile.lock
file?
#41119
Replies: 1 comment
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
I recently enabled dependabot for a project using pipenv for managing dependencies, and the first PR from dependabot (an update for
certifi
) is failing to successfully runpipenv install --dev
in the test. After comparing dependabot's PR to a manual run ofpipenv update --dev
, I see that dependabot is also adding several new requirements includingcffi
,cryptography
,pycparser
, andsix
. What process is dependabot using to determine what updates to apply toPipfile.lock
, and does dependabot verify that the resulting packages can be co-installed before proposing the PR?Beta Was this translation helpful? Give feedback.
All reactions