dependencies.yml file at the root of your repo tells us what you want
to happen. For each dependency file you have, you’ll add a collector. To each collector you then add actors to decide what you want to happen when
collectors: - type: python-pip # name of an official collector path: requirements.txt # which file the collector should read actors: - type: python-pip # name of an official actor dependencies: ".*" # regular expression for filtering dependencies by name versions: "L.Y.Y" # versions that this actor should act on settings: # settings for this specific actor pr_labels: - dependencies - type: js-npm path: app # the js-npm collector is given directories (which could have package.json, yarn.lock, etc.) actors: - type: js-npm dependencies: "react-.*" versions: "L.Y.Y" - type: repo-issue dependencies: "react-.*" versions: "Y.0.0"