Most of the PRs are just closed PRs to dependabot. The default config is annoying and doesn't really work. But we can change that.
Introduce a config file (https://dependabot.com/docs/config-file/) to:
- Limit the rate to 2 weeks (or monthly otherwise). Every 1 week feels like too much.
- Only do it for security update or minor/major. Patches also feel like too much.
- Update
package.json as well, not only the lockfile.
If any other interesting features can be configured, please mention them so we can make better use of the tool.
Most of the PRs are just closed PRs to dependabot. The default config is annoying and doesn't really work. But we can change that.
Introduce a config file (https://dependabot.com/docs/config-file/) to:
package.jsonas well, not only the lockfile.If any other interesting features can be configured, please mention them so we can make better use of the tool.