Should I just auto merge every pull request and automate everything?

No. Your dependencies are written by people like you. They may change an API, introduce new bugs and pull in new dependencies. You should at least read the changelog carefully and test your code against the new release.

What a terrible idea.

That's not a question, but glad you said it anyway. Indeed, it's absolutely terrible if you use it wrong. Pyup is not about latest is the greatest or automate everything. It is a tool that aims to give you every information you need for an dependency update right where your code lives. What you do with that information is up to you, but updating frequently has a lot of benefits especially in larger projects with a lot of dependencies.

Why should I update frequently?

When you are using very old releases once you update you'll have a hard time tracking down what the problem is when things break. The problem gets really bad when your very old dependency pulls in other dependencies you rely on and expects them to be newer of what you are currently using. This other dependency may break your code somewhere else, so you'll need to track that down too. This can lead to an untangible mess real quick, so it's generally a good idea to update frequently.

I don't pin my requirement files. Should I?

Absolutely yes, if you are building a project as an end product. Absolutely no, if you are building a third party library others rely on.

So I did an upgrade and my tests ran fine. Once I deployed to production everything blew up. WTF?

Okay, but this really has nothing to do with Pyup. Anyway. Some things are very hard to test automatically, maybe you've been bitten by that. Or you just mocked every call to that library during your tests. Or you rely on external libraries your CI server has but your production environment hasn't. There are a lot of things that can go wrong during an update, so you should be prepared for that.

So you say old releases are bad, but why?

No, we don't say that. Using very old releases and skipping multiple releases can be a bad thing, see Why should I update frequently.

I have a question about payments/subscriptions.

Take a look at our pricing page, or contact support at support@pyup.io.