fair point. I think I've just been burned too many times by dependabot looking to update single ts packages with single line changes. it's default configuration is overly aggresive
Dependabot doesn't try to guess what's in the changes. It can't really tell anyway. A trivial 1 line change may be either "this box is now 1px further to the right", or "a critical bug which will delete all your data tomorrow is fixed". It's up to dependabot to report any change available.
