Added a config for dependabot.#42
Added a config for dependabot.#42KOLANICH wants to merge 1 commit intojaraco:mainfrom KOLANICH:dependabot
Conversation
|
Thanks for this. In my whole experience with dependabot, it's only ever been a nuisance for me, but I'm willing to try it. Can you tell me more about why you selected the settings here? What is |
For me too. In some repos I send PRs to when I push dependabot gives me a warning. Getting notified about vulnerable dependencies is useful, but when I am working on a fork, it's not the decision that is done by me, but by the repo maintainer (and he already knows aboht the issue, since it is his repo, so he should get more notifications than me). Also IMHO it is not very correct to upgrade
There are no defaults. One must explicitly set it.
|
|
Let's give it a try and see how it works. If it creates more than a modicum of toil, I may dial it down or remove it. |
|
Well, I tried updating the pull request to include a note in the docs, but it seems I don't have permission. I guess I'll have to push to a new PR. |
|
Superseded by #50. |
No description provided.