Allison announces that Dependabot now supports version updates for Conda’s environment.yml files, helping teams automate the management of Conda dependencies on GitHub.

Dependabot Adds Conda Ecosystem Support for Automated Version Updates

Dependabot, GitHub’s automated dependency updater, now supports parsing and updating environment.yml files used in Conda-based projects. This means teams using Conda for dependency and environment management can take advantage of Dependabot to automatically track and update the versions of Python dependencies listed in their Conda manifest files.

Why it Matters

Broader Ecosystem Coverage: Many projects depend on Conda for managing complex dependencies. By supporting Conda, Dependabot helps ensure that these projects remain up-to-date with the latest dependency versions.
Security and Maintenance: Automated dependency updates reduce the risk of vulnerabilities by keeping libraries current, improving overall project security.
Efficiency: Teams benefit from reduced manual effort in tracking and updating version changes.

How It Works

Dependabot detects environment.yml files in repositories.
It parses the listed packages and their versions.
When an update is needed, Dependabot creates a pull request to update dependencies directly in the file.

Refer to the Dependabot documentation for further details, examples, and guidance on enabling this feature.

Availability

On GitHub.com: This capability is available today.
On GitHub Enterprise Server (GHES): Planned availability with version 3.21.

You can join the discussion or ask questions in the Dependabot Community.

Stay up to date on improvements to dependency management workflows and supply chain security by following the latest announcements from GitHub.

This post appeared first on “The GitHub Blog”. Read the entire article here