Conversation
- Configure it to be executed weekly only
- Check GitHub Actions too
| labels: | ||
| - Dependencies | ||
| versioning-strategy: increase | ||
| - package-ecosystem: "composer" |
There was a problem hiding this comment.
Some settings are removed. Could you add them back?Or explain why they should be removed.
Such as open-pull-requests-limit, reviewers , assignees and labels.
There was a problem hiding this comment.
open-pull-requests-limit
I don't think it's necessary: there won't be that many and in my experience, with a similar config, dependabot will close and re-open MRs so there will not be many in parallel.
Do note that a difference here is that it does one big PR with upgrades. In my experience it can get pretty spammy so having a default big PR that pops up once a week at most is easier to manage IMO. If there was a problematic dependency to update, at least for me, I just took care of it manually separately and asked dependabot to rebase its PR afterwards.
So it's not the most rigorous, but I think it's a pretty good compromise especially on projects with lower bandwith availability.
reviewers, assignees
I don't think it's up to date, and is there really a point? However has access can check it out anytime instead.
labels
The PRs already get build(deps): as a name prefix, if you still want the label we can add it, I just saw no value in it.