html_url,issue_url,id,node_id,user,created_at,updated_at,author_association,body,reactions,performed_via_github_app,issue
https://github.com/pydata/xarray/issues/4313#issuecomment-669666848,https://api.github.com/repos/pydata/xarray/issues/4313,669666848,MDEyOklzc3VlQ29tbWVudDY2OTY2Njg0OA==,221526,2020-08-06T03:49:34Z,2020-08-06T03:49:34Z,CONTRIBUTOR,"So to be clear, `conda` can use the `--file` argument to read those files and treat them as if they were dependency requirements passed on the command line. Not *quite* the same as an `environment.yml`, but I haven't had any problems so far. It's been really nice since dependabot doesn't understand the environment files.

So you can point dependabot to a directory, where for pypi it looks for files ending in `.txt`. You can make a subset by using a directory, or on MetPy we've remove the `.txt` from files we don't want dependabot to update. It feels like a bit of a hack, but it works.","{""total_count"": 1, ""+1"": 1, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,673682661
https://github.com/pydata/xarray/issues/4313#issuecomment-669545482,https://api.github.com/repos/pydata/xarray/issues/4313,669545482,MDEyOklzc3VlQ29tbWVudDY2OTU0NTQ4Mg==,1217238,2020-08-05T22:06:42Z,2020-08-05T22:06:42Z,MEMBER,The other question is if dependabot can be configured to update a subset of specific requirements.txt files?,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,673682661
https://github.com/pydata/xarray/issues/4313#issuecomment-669544335,https://api.github.com/repos/pydata/xarray/issues/4313,669544335,MDEyOklzc3VlQ29tbWVudDY2OTU0NDMzNQ==,1217238,2020-08-05T22:03:40Z,2020-08-05T22:03:40Z,MEMBER,"This does seem like it would be really nice for us!

The main limitation compared to our current setup is that we currently ping dependencies using Conda's `yml` files, e.g., https://github.com/pydata/xarray/blob/master/ci/requirements/py36.yml

But it sounds like conda can use requirements.txt files, too, these days? In which case this is just a matter of migration.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,673682661
https://github.com/pydata/xarray/issues/4313#issuecomment-669502001,https://api.github.com/repos/pydata/xarray/issues/4313,669502001,MDEyOklzc3VlQ29tbWVudDY2OTUwMjAwMQ==,221526,2020-08-05T20:52:33Z,2020-08-05T20:52:33Z,CONTRIBUTOR,"So on MetPy we moved to treating our CI system as an application and pinning every direct dependency in a requirements.txt (which can be used by conda as well). We then let dependabot handle the updates. This let's us manage the updates on a package-by-package basis, where we have a single PR that lets us see what the ramifications are with regards to tests, CI, even linting.

We've been running for a limited time, but so far it has done a good job of insulating general development (coming in on PRs) from changes in the environment, which now shouldn't change on CI from run to run (yeah, yeah 2nd-order dependencies, just pin problematic ones too). For instance, for the pandas 1.1.0 breakage, we just haven't merged the PR that moves the pin there, and that has kept our doc builds green on MetPy.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",,673682661