A dependencies.yml file at the root of your repo tells us what you want to happen. For each dependency file you have, you’ll add a collector. To each collector you then add actors to decide what you want to happen when new versions are found.


- type: python-pip  # name of an official collector
  path: requirements.txt  # which file the collector should read
  - type: python-pip  # name of an official actor
    dependencies: ".*"  # regular expression for filtering dependencies by name
    versions: "L.Y.Y"  # versions that this actor should act on
    settings:  # settings for this specific actor
      - dependencies

- type: js-npm
  path: app  # the js-npm collector is given directories (which could have package.json, yarn.lock, etc.)
  - type: js-npm
    dependencies: "react-.*"
    versions: "L.Y.Y"
  - type: repo-issue
    dependencies: "react-.*"
    versions: "Y.0.0"