Dependencies.io is a product of Dropseed
  • Python
  • Javascript
  • PHP
  • Git
  • Docker
  • Ruby coming soon
  • Java coming soon
  • Go coming soon
  • Rust coming soon
  • iOS coming soon
  • Android coming soon
  • .NET coming soon

Configuration

A dependencies.yml file at the root of your repo tells us what you want to happen. You can specify the types of dependencies that you have, where they're located, and any additional settings to tweak the behavior to match your workflow and tooling.

Important: Be sure to include version: 2 at the top of your configuration

Minimal example

version: 2
dependencies:
- type: js  # looks at the root of your repo by default
- type: python
  path: requirements.txt

Full example (with all available fields)

version: 2
dependencies:

- type: python

  # where to find the dependency file(s)
  path: requirements.txt

  settings:
    github_labels:
    - dependencies

  lockfile_updates:
    enabled: true  # `true` by default

  manifest_updates:
    enabled: true  # `true` by default
    filters:
    # apply major, minor, and patch updates to manifests (this is the default behavior)
    - name: ".*"
      versions: Y.Y.Y

- type: js

  # directory with package.json, yarn.lock, etc.
  path: app

  settings:
    constraint_prefix: '^'  # always prepend ^ when updating package.json

  manifest_updates:
    # a dependency will apply updates according to the first filter that it matches
    filters:
    - name: ".*react.*"
      enabled: false
    - name: ".*"
      versions: "L.Y.Y"

You can read more about filtering updates here.