Updating `uv.lock` with `dependabot`

thierry-martinez · May 11, 2026, 3:29pm

We recently switched a project to using uv for managing dependencies(see GitHub - TeamGraphix/graphix: measurement-based quantum computing (MBQC) library · GitHub).

Since making the switch, we’ve noticed that Dependabot no longer updates the packages listed in the uv.lock file, even though we added the configuration recommended in the uv documentation to dependabot.yml:

updates:
  - package-ecosystem: "uv"
    directory: "/"
    schedule:
      interval: weekly
    groups:
      python-packages:
        patterns:
          - "*"

For instance, ruff remains locked at 0.15.5 in uv.lock while the latest release is 0.15.12.

mdickinson · May 12, 2026, 3:59pm

Looking at Dependabot Updates · Workflow runs · TeamGraphix/graphix · GitHub, the uv-related dependabot runs are failing. The logs might contain useful information indicating the cause of failure. (I can’t see those logs, but you should be able to.)

thierry-martinez · May 13, 2026, 1:56pm

Thank you: indeed, dependabot was blocked due to a loop in the dependency graph.