Add dependabot to update GHA and Python deps #18834
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #18833.
This PR sets up dependabot to update the GitHub Actions used in workflows and the pinned Python dependencies in the requirements files.
Dependabot is set up to send a single monthly PR updating all the dependencies in each ecosystem at once. As a preview, here are the PRs I received on my fork:
For the Python dependencies, it:
torch
andtorchvision
inrequirements-torch-cuda.txt
tf-nightly
andtf-nightly-cpu
to the latest nightly build. If you'd rather not have this update automatically (due to potential breakages), let me know and I'll modify the config to skip these dependencies.If you prefer, let me know and I can incorporate the version bumps to this PR so you don't get dependabot PRs immediately after merging this one.