How to have Dependabot ignore a requirement file? (Python / Pip)

I have a Python project on Github and I installed a pre-commit git hook to fun black. In doing so, I had to create a pyproject.toml file for black

The problem is Dependabot stopped working - it errors out that it can’t read my pyproject.toml file. I believe it’s because Dependabot now thinks I’m using Poetry for dependency management, when I’m not. I’m just using the standard requirements.txt.

How can I tell Dependabot to ignore pyproject.toml? The ignore command looks to be for a specific version or a specific dependency.

Thanks in advance for any help or pointers.

Hi @prcutler :wave:

It would be most helpful to list the error/s you are seeing.
What error do you see when looking at the alert in your vulnerability information under Dependabot Alerts in Security of your repository?

Hi,

Thanks for getting back to me and I apologize for the delay replying.

Here’s what I see in my Dependency graph:


Update check processed with errors

Finished 7 hours ago

### Dependabot can't parse your pyproject.toml

Dependabot couldn't parse the pyproject.toml found at `/pyproject.toml` .

The error Dependabot encountered was:

Dependabot::DependencyFileNotParseable

That’s because my pyproject.toml at silversaucer/pyproject.toml at a337435db54dd7430f086a64cbd10761df1edbae · prcutler/silversaucer · GitHub is only setup for a pre-commit hook to use the Python module black. I am not using Poetry.

Is there a way to tell Dependabot to ignore pyproject.toml and treat my repo like it normally would?

Thanks!

Paul

Hi :wave:

Apologies for the even longer delay in responding.
It looks like this was brought up in the dependabot repository.

It doesn’t look like it is yet possible and the developers do not plan to implement this functionality.