Dimitri Papadopoulos Orfanos

Also, see this opinion in https://github.com/pypa/setuptools/pull/3979#pullrequestreview-1691482008 against stockpiling everything in `pyproject.toml`: > I do wish to retain the mypy settings in `mypy.ini` for two reasons: > * The skeleton for...

Removed all `RUF` rules but `RUF100`.

The linter issue seems unrelated. Perhaps an internal CI bug?

It just updates GitHub actions, not Python dependencies. Like https://github.com/adrienverge/yamllint/pull/493, but it automates the creation of the merge request.

Automation in this case should not be seen as a timer-saver, but as a reminder. You will be notified (by an automated pull request) when new versions of GitHub Actions...

[Keeping your actions up to date with Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot)

I see many projects hosted in GitHub use Dependabot to automatically notify of updates of dependencies. I guess they are happy with the functionality. The downside might be how complex...

For what it's worth, this PR would tick a box in the issues reported by the [Repo-Review](https://learn.scientific-python.org/development/guides/repo-review/?repo=adrienverge%2Fyamllint&branch=master) of [Scientific Python](https://scientific-python.org/): * [GH200](https://learn.scientific-python.org/development/guides/gha-basic#GH200): Maintained by Dependabot All projects should have a...

Perhaps change or remove this sentence from the README? > It should run correctly with either Python 2.7 or 3.x.

Same here. Here is a screen capture of the home page (http://stoken.sf.net), where [the download page](https://sourceforge.net/projects/stoken/files/) link still points to the SourceForge download page, which lacks the 0.93 tarball: ![Downloading...