Skip to content

Commit 3ccdeb6

Browse files
authored
Merge pull request #3836 from plotly/dependabot/pip/pip-dependencies-327d618383
Bump the pip-dependencies group across 1 directory with 32 updates
2 parents 83375b8 + fec0d50 commit 3ccdeb6

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

.github/dependabot.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,10 @@ updates:
148148
day: "monday"
149149
cooldown:
150150
default-days: 14
151+
# Keep lower bounds (e.g. Flask>=1.0.4 in install.txt) low: only raise a
152+
# floor when the latest release is incompatible with the current range.
153+
# Exact (==) pins in ci/dev/testing still update as normal.
154+
versioning-strategy: increase-if-necessary
151155
groups:
152156
pip-dependencies:
153157
applies-to: version-updates
@@ -157,3 +161,8 @@ updates:
157161
applies-to: security-updates
158162
patterns:
159163
- "*"
164+
# jupyterlab is pinned <4.0.0: jupyterlab 4.x ships jlpm as Yarn Berry, which
165+
# cannot consume @plotly/dash-jupyterlab's Yarn 1 lockfile and breaks the build.
166+
ignore:
167+
- dependency-name: "jupyterlab"
168+
versions: [">=4.0.0"]

0 commit comments

Comments
 (0)