On 31/10/2025 18:19, Matt Benson wrote:
I also find the level of noise astounding here, and see no reason to pull
in weekly updates when the release cadence of components is on the order of
months or more likely years. Why not upgrade dependencies only when a
component is nearing a release?
+1
And I suggest disabling dependabot on components last released more than
2 years ago. For example Digester last released 14 years ago doesn't
need weekly dependency updates.
Emmmanuel Bourg
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
