Is it possible to ask dependabot to bump dependencies in the lock file but not the dependencies in pyproject.toml?
This is more generally related to maintaining a library, where having narrow tolerance for requirements is more prone to causing dependency hell. We would however prefer to continue to test against the latest dependencies, and be prompted when they ar