pyup icon indicating copy to clipboard operation
pyup copied to clipboard
verified publisher icon pyupio

Global 'update' var isn't necessarily global

Open pjenvey opened this issue 8 years ago • 1 comments

Restricting the global update setting to e.g. "update: insecure" doesn't seem to apply to manually specified requirements files (when they don't explicitly configure their own update setting)

E.g.

update: insecure
schedule: "every day"
search: False
requirements:
  - requirements.txt
branch_prefix: chore/pyup/

requirements.txt here seems to default to update: all, whereas I would expect update: insecure

It's not exactly "global", is it only for search: True? Either this is a bug in pyup or the documentation should better reflect this.

pjenvey avatar Jul 20 '17 17:07 pjenvey

That's right. The global update setting applies only to files found by the bot.

That makes no sense and is both confusing and unexpected.

jayfk avatar Jul 25 '17 09:07 jayfk