| ▲ | tracker1 8 hours ago | |
I kind of wish Dependabot was just another tab you can see when you have contributor access for a repository. The emails are annoying and I mostly filter, but I also don't want a bunch of stale PRs sitting around either... I mean it's useful, but would prefer if it was limited to just the instances where I want to work on these kinds of issues for a couple hours across a few repositories. | ||
| ▲ | curtisf 10 minutes ago | parent | next [-] | |
Isn't it? You can have Dependabot enabled, but turn off automatic PRs. You can then manually generate a PR for an auto-fixable issue if you want, or just do the fixes yourself and watch the issue number shrink. | ||
| ▲ | BHSPitMonkey 8 hours ago | parent | prev | next [-] | |
You can add a dependabot.yml config to regulate when Dependabot runs and how many PRs it will open at a time: https://docs.github.com/en/code-security/reference/supply-ch... | ||
| ▲ | operator-name 7 hours ago | parent | prev [-] | |
The refined github extension[0] has some defaults that make the default view a little more tolerable. Past that I can personally recommend Renovate, which supports far more ecosystems and customisation options (like auto merging). | ||