I agree. I think our only real dependency is slf4j-api and all the dependabot noise isn't worth it. It clutters up the commit history, the PR dashboard, *and* the mailing list. I suggest we configure dependabot to batch updates into a monthly digest; I'll send out PRs for that.
On Sat, Jan 17, 2026 at 3:19 AM Oleg Kalnichevski <[email protected]> wrote: > Folks > > Could we please refrain from merging each and every damn dependabot PR > for each and every minor version bump unless that version actually > fixes something in the code we depend upon? We have now tons of > optional dependencies and dependabot has become more of an annoyance to > me than of help. > > Oleg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
