Dependabot does not update `uv` lockfile

[intgr]

What's wrong

Several Dependabot dep version bump PRs have failed because it's not updating uv.lock

• Bump types-pytz from 2025.2.0.20250809 to 2025.2.0.20251108 #860
• Bump pytest from 8.4.2 to 9.0.0 #861
• Bump pre-commit from 4.3.0 to 4.4.0 #862

When migrating to uv, I was not aware of this issue.

Upstream Dependabot issue has been closed, but didn't yet figure out what their stance is:

• Support updating uv.lock dependabot/dependabot-core#10478

[sobolevn]

Yeap, we also have many problems with uv in django-stubs. dependabot does not even create PRs there :(

[intgr]

We could switch to Renovate for dependency updates then. It handles uv.lock correctly.

[intgr]

Speaking of Renovate: when I navigate to https://developer.mend.io/ and click on "TypedDjango", it tells me some onboarding is required. It seems I don't have permissions to do it -- does it work for you?

Choose "Renovate Only". And at the next step, the documentation is unclear, but I think "Scan Only" is what we want -- I hope it will enable only in repos that have explicit renovate.json configuration.

[sobolevn]

I've set it up :)

[intgr]

I hope I can find time this week (maybe today) to update Renovate configuration to enable dependency updates.

But anyone else is also welcome to open a PR for that.

[intgr]

It worked! 🥳

• Update dependency types-pytz to v2025.2.0.20251108 #866
• Update dependency pre-commit to v4.4.0 #867
• Update dependency pytest to v9 #869