fix: Updated the dependabot.yml file #4762
Conversation
mayankansys
requested review from
hpohekar,
mkundu1,
prmukherj and
seanpearsonuk
as code owners
There was a problem hiding this comment.
Pull request overview
This PR updates dependency management configuration to reduce noise from Dependabot and adds flexibility to optional dependency version constraints. The changes prevent automatic PRs for core dependencies while allowing more flexible version ranges for optional packages.
Key changes:
- Configured Dependabot to ignore 15 main and optional dependencies
- Relaxed version constraints for
h5py,ipywidgets, andpanelfrom exact pins to minimum version requirements
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
.github/dependabot.yml |
Added ignore list for 15 dependencies to prevent automatic update PRs |
pyproject.toml |
Changed optional dependency versions from exact pins (==) to minimum requirements (>=) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
github-actions
bot
added
maintenance
| - "Dependencies" | ||
| ignore: | ||
| # Exclude main project dependencies and optional dependencies (like reader) | ||
| - dependency-name: "ansys-api-fluent" |
There was a problem hiding this comment.
I am just curious that why these were not part of dependabot PRs earlier even though it was not part of ignore list. Specifically the ansys-* ones.
@mkundu1, any thoughts on this?
There was a problem hiding this comment.
I don't think the ignore list is necessary. It used to work before without the ignore list.
|
Looks Good 👍 |
| reader = ["h5py==3.15.1"] | ||
| ui-jupyter = ["ipywidgets"] | ||
| ui = ["panel"] | ||
| reader = ["h5py>=3.15.1"] |
There was a problem hiding this comment.
Should we relax this to something >=3.13.0? I feel 3.15.1, which has been released in Oct 2025, is unnecessarily strict.
This pull request focuses on dependency management improvements and minor documentation updates. The main changes include refining how dependencies are handled by Dependabot, updating the version constraint for an optional dependency.
Dependency management improvements:
Updated
.github/dependabot.ymlto ignore updates for several main and optional dependencies, preventing Dependabot from creating PRs for these packages. This helps control which dependencies are automatically updated.Relaxed the version constraint for the
h5pypackage in thereaderoptional dependency, allowing any version greater than or equal to 3.15.1 instead of requiring exactly 3.15.1 inpyproject.toml.Context
Dependabot was creating update PRs for dependencies that do not need automatic updates, adding unnecessary noise. Some optional dependencies were also pinned to exact versions, which limited flexibility and caused avoidable constraints.
Change Summary
Updated the Dependabot configuration to ignore selected dependencies and reduce unwanted PRs. Relaxed version constraints for optional dependencies by allowing minimum versions instead of exact pins, and updated documentation to reflect these changes.
Impact
What parts of the system or workflows are affected?
This pull request primarily updates dependency management and documentation. The most significant changes include refining the dependencies handled by Dependabot, relaxing version constraints for optional dependencies, and updating documentation.
Dependency management improvements:
.github/dependabot.ymlto ignore updates for a list of specified dependencies, preventing Dependabot from creating PRs for these packages.pyproject.toml, changing pinned versions to minimum version requirements forh5py,ipywidgets, andpanel.