Hi Mike,
I can speak to the daffodil-vscode repo. I think once we clear this initial
backlog of dependency updates, we'll get much less bot PR spam (theoretically).
There is certainly value in dependabot and Scala steward and they are
currently set to run on Sundays, so we can start to clear
Anybody else think the bot-based updates are far too frequent?
What if we restricted this to monthly?
I'd like to find out earlier about security-related issues, but otherwise,
I'd really like to see these things less often.
But I'm curious of others' view.
Message ID:
