I've tried doing this for some of my JS projects to avoid having to deal with constant dependabot alerts and outdated dependencies. However I quickly stopped doing this and just went back to occasional manual updates whenever I need a specific new version of a dependency due to:
- Some dependencies introduce breaking changes in minor version bumps
- Some dependencies are not well tested and are just too buggy on almost every version bump
- My changelog/git history quickly filled up with automated commits making log traversal a pain
- Some dependencies introduce breaking changes in minor version bumps
- Some dependencies are not well tested and are just too buggy on almost every version bump
- My changelog/git history quickly filled up with automated commits making log traversal a pain