1 min read

A pull-request to stay secure

Requires.io is all about being notified of outdated dependencies on PyPI packages.

However manually bumping your requirements can be tedious and error-prone.

Starting from now, GitHub users can opt-in to receive pull-requests and manage their dependencies this way.

Added benefit if your Continuous Integration provider supports checking pull-requests: you'll know if the update breaks your code without having to do anything...


Enable this feature in 4 steps:

  1. Sign-in via GitHub (sorry Bitbucket, we're still working on it)
  2. Enable your repository
  3. Step in the Pull Requests section of your administration dashboard and input the desired notification frequency for outdated and insecure releases: there may be no need to update only because a new version is available, but a security release is another thing altogether.
  4. Wait for it, then merge:


And now you're one click away from staying secure and up-to-date!