This repository is designed to test and verify GitHub Dependabot functionality for Conda environments, Pip dependencies, and GitHub Actions version updates.
- Conda (
envs/): Manages virtual environments(e.g.,development.yml). - Pip (
/): Manages Python project metadata and dependencies viapyproject.toml. - GitHub Actions (
/): Monitors and updates versions of Action libraries.
-
Enable Dependabot
- Navigate to your repository's Settings > Advanced Security
- Enable: Dependency graph, Dependabot alerts, Dependabot security updates and Dependabot version updates.
-
Configure Dependabot file
.github/dependabot.yml
- Conda Environment: Currently configured with requests 2.28.0 (intentionally outdated). Since the latest version is 2.32.x+, Dependabot is expected to create a PR for the update.
- GitHub Actions: Configured with v4 (e.g., actions/checkout@v4). Dependabot will check for newer tags and suggest updates.
- Dependency List: Go to Insights > Dependency graph > Dependencies to see the list of detected packages.
- Update Status: Go to Insights > Dependency graph > Dependabot to see the last check time and any errors.
- Automation: Check the Pull Requests tab for automatically generated update branches and PRs.