1 min read

A new notification system

As you may know, requires.io is all about being notified of outdated dependencies on PyPI packages.

We just released a new event-driven notification system, rewritten from scratch to bring more flexibility to all requires.io users.

Email and pull-request policies are now configured at the organization level within the Hooks section of your dashboard.


Email and Pull Request (for GitHub) are available, and Web Hook should be available very soon.

Hook targets

You can of course specify some hook specific information like a comma separated list of email addresses.

But you can also fine-tune the targets: repositories, branches, tags or sites. For these fields, use a comma separated list of glob patterns.

Note the special case of the @default branch: this will target master, default or whatever default branch you defined on GitHub or Bitbucket.

This new system is very much event-driven. For each dependency status (up-to-date, outdated, insecure), you can select when to be notified or not.

Hook triggers

In the above example, if your project's status:

  • is up-to-date: you will never be notified
  • becomes outdated: you will be notified
  • stays outdated: you will not be notified
  • is insecure: you will always be notified (on new package version, on commits modifying requirements.txt etc...)

Periodic digests are also available: by opting in you will get a daily, weekly or monthly digest regardless of the project's status.

A question? Drop us an email!