Improve dependency management (#706)

* fix: remove unused dev dependency * ci: group dependabot updates - dev dependency updates are low risk and easy to review, so we can group these - django-* packages are likely to be updated in lockstep with django so allow these to be grouped
ministryofjustice · Aug 22, 2024 · 604d0bb · 604d0bb
1 parent 0598671
commit 604d0bb
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 16 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -13,6 +13,20 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    groups: # see https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
+      dev-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "black"
+          - "flake8"
+          - "pytest*"
+          - "faker"
+          - "isort"
+      django-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "django*"
+
   - package-ecosystem: "npm"
     directory: "/"
     schedule:

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -32,7 +32,6 @@ pytest-django = "^4.8.0"
 pytest-cov = "^5.0.0"
 faker = "^27.0.0"
 isort = "^5.13.2"
-djhtml = "^3.0.6"
 
 [build-system]
 requires = ["poetry-core"]