A friend and I have spent the last month of so building https://dependabot.com. We want to make it as useful as possible, so we'd love any feedback - does this match your ideal flow for keeping your dependencies up-to-date? If not, what would you like to see us do differently?
Things we'd particularly like guidance on are:
- Is one PR per dependency update the right choice? They're easier to review/merge, but it's nosier than submitting a PR with multiple updates. Perhaps all SemVer patch/minor updates grouped together?
- What should we do about sub-dependencies (dependencies of your dependencies)?
Thanks!
