-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot suggestion #10352
Comments
This request is somehow related to |
We do use groups for bumping packages that need to be upgraded in step e.g: shields/.github/dependabot.yml Lines 19 to 32 in 848e409
Conceptually, I prefer not to lump them together arbitrarily. What is your motivation for raising this issue? As someone who does not review PRs on this repo, what difference does it make how we manage this? |
I'm watching the repository, and I'm getting so much notification about dependabot updates that wants to bump things |
My issue finds some replies in what posted there While reducing the frequency could help, I think that some dependency could get bumped together |
OK. Personally I find a PR like this If you like this feature and want to use it on your own repos, enjoy. If you want to watch the repo anyway, maybe GitHub's watch settings can help you focus on the stuff you are interested in: |
I understand. Thanks for replying |
May I suggest you to use the groups feature in dependabot?
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
This could reduce the number of PRs
You can have a look at what was done in this repository when I suggested it
Zxilly/go-size-analyzer@ec9c028
It would drastically reduce the number of PRs opened by dependabot because they will be grouped.
The text was updated successfully, but these errors were encountered: