Configure Dependabot to only update Python dependencies in the lockfile. (#19743)

See: - https://github.com/element-hq/synapse/pull/19742 - https://github.com/element-hq/synapse/pull/19686 (etc) Documentation https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#versioning-strategy-- We were considering `lockfile-only` but it sounds like `increase-if-necessary` would increase the upper bound for us, if we had one. Let's try it. --------- Signed-off-by: Olivier 'reivilibre <oliverw@matrix.org>
2026-05-11 01:57:06 +00:00 · 2026-04-29 17:17:53 +00:00
parent ed3cafdb73
commit c376cdd2ee
2 changed files with 2 additions and 0 deletions
@@ -7,6 +7,7 @@ updates:
    package-ecosystem: "pip"
    directory: "/"
    open-pull-requests-limit: 10
+    versioning-strategy: "increase-if-necessary"
    schedule:
      interval: "weekly"
    # Group patch updates to packages together into a single PR, as they rarely