Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabots PRs are too noisy #370

Closed
johanhelsing opened this issue Nov 14, 2023 · 2 comments · Fixed by #378
Closed

Dependabots PRs are too noisy #370

johanhelsing opened this issue Nov 14, 2023 · 2 comments · Fixed by #378
Labels
ci Only relevant for CI dependencies Pull requests that update a dependency file

Comments

@johanhelsing
Copy link
Owner

I'm starting to think that the dependabot PRs are not necessarily that helpful. They add quite a bit of noise to the list of PRs.

I think it's good to have separate PRs for the ones that update Cargo.toml files, like #363

But for the ones that update Cargo.lock, I'd much rather have a single chore: cargo update commit taking all in one go. There are also crates that are updated that we don't get PRs for, so it seems a bit arbitrary.

Not sure if this is possible to configure with dependabot or not, just airing my thoughs.
@johanhelsing johanhelsing added ci Only relevant for CI dependencies Pull requests that update a dependency file labels Nov 14, 2023
@simbleau
Copy link
Collaborator

You could change the dependabot PR cadence from weekly to monthly or longer.

@johanhelsing
Copy link
Owner Author

Seems it's possible to group patch level updates into one PR, which i think is what i want: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

@johanhelsing johanhelsing mentioned this issue Nov 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ci Only relevant for CI dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dependabot: Group minor and patch level PRs johanhelsing/matchbox
2 participants
@johanhelsing @simbleau