Replies: 1 comment
-
|
It is quite noisy, yeah. Because Actions is quite slow, sometimes it's all I can manage to look through (I timebox some regular notifications reviews, so I do it frequently). I think I'd like to try dropping bundle audit from regular runs. Maybe keep it running on Then there's some grouped updates that are worth doing: Rails dependencies and Sentry are the first that come to mind. Feel free to do either of them if you feel like it. Otherwise I'll take a look when I've got some time. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Does anyone else feel that Dependabot is a bit noisy in this repo?
Since this is a library, I don’t think we always need to update every dependency to the latest version right away. It also feels a bit off that PRs get a red ❌ just because the Dependabot security audit isn’t passing yet — that doesn’t seem very meaningful for most contributions.
I’d like to propose the following changes to the setup:
What do you think about this?
Beta Was this translation helpful? Give feedback.
All reactions