Just another reason not to use dependabot - it's default configuration appears t...

Micrococonut · 2023-09-27T22:12:34

Just one more reason to actually read the article instead of just assuming its contents say whatever you want.

viraptor · 2023-09-27T20:54:01

That's a silly conclusion. This is not dependabot specific - you can achieve the same with any system automatically suggesting merges.

elischleifer · 2023-09-27T21:09:46

fair point. I think I've just been burned too many times by dependabot looking to update single ts packages with single line changes. it's default configuration is overly aggresive

viraptor · 2023-09-27T22:10:32

Dependabot doesn't try to guess what's in the changes. It can't really tell anyway. A trivial 1 line change may be either "this box is now 1px further to the right", or "a critical bug which will delete all your data tomorrow is fixed". It's up to dependabot to report any change available.

hinkley · 2023-09-27T20:55:02

Looks like several of the core contributors work for github.

    It is difficult to get a man to understand something, when his salary depends on his not understanding it.

Qerub · 2023-09-27T21:29:44

May 23, 2019: "Dependabot has been acquired by GitHub and we couldn't be more excited!" https://web.archive.org/web/20190601064131/https://dependabo...