update project files (#5457)

* update pre-commit hook * upgrade pip with venv * update description and version * show url in publish environment * update versions * update versions, separate typing job * use dependabot grouped updates ignore upload/download-artifact until slsa updates * use sphinx.ext.extlinks instead of sphinx-issues * update dev dependencies * update editorconfig * update gitignore * update .readthedocs.yaml * license is txt, readme is md * update pyproject.toml add typed classifier add pyright config simplify urls * tox builds docs in place * update min test py version * add tox env to update all dev dependencies * update issue and pr templates * rename security docs page to not conflict with org policy file * simplify matrix
2024-04-07 10:24:40 -07:00 · 2024-04-07 10:24:40 -07:00 · 87d5f5b9a9
commit 87d5f5b9a9
parent d5e321b792
35 changed files with 382 additions and 322 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -1,9 +1,24 @@
 version: 2
 updates:
- package-ecosystem: "github-actions"
-  directory: "/"
-  schedule:
-    interval: "monthly"
-    day: "monday"
-    time: "16:00"
-    timezone: "UTC"
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    ignore:
+      # slsa depends on upload/download v3
+      - dependency-name: actions/upload-artifact
+        versions: '>= 4'
+      - dependency-name: actions/download-artifact
+        versions: '>= 4'
+    groups:
+      github-actions:
+        patterns:
+          - '*'
+  - package-ecosystem: pip
+    directory: /requirements/
+    schedule:
+      interval: monthly
+    groups:
+      python-requirements:
+        patterns:
+          - '*'