Closed CuriousMagpie closed 3 weeks ago
DanielLipowicz
commented
1 month ago Why you would like to remove dependabot? It seems like it try to keep repository up to date. Even if most of his suggestion seems to be annoying it helps to keep dependencies in safe versions.
SabreCat
commented
3 weeks ago @DanielLipowicz It's only useful insofar as we're able to act on its recommendations, and we don't really have the bandwidth in code maintainer hours to handle it all right now. We do need to audit and update our packages, but Dependabot isn't the right tool for the job at this juncture.
DanielLipowicz
commented
3 weeks ago @SabreCat what is requierd to do to confirm changes from bot? I'm wondering if unit an integration test is not enough. I'm just started to explore this repository, thats why I'm not sure.
Remove
dependabout.ymlfrom./github.