Closed CuriousMagpie closed 3 weeks ago
Why you would like to remove dependabot? It seems like it try to keep repository up to date. Even if most of his suggestion seems to be annoying it helps to keep dependencies in safe versions.
@DanielLipowicz It's only useful insofar as we're able to act on its recommendations, and we don't really have the bandwidth in code maintainer hours to handle it all right now. We do need to audit and update our packages, but Dependabot isn't the right tool for the job at this juncture.
@SabreCat what is requierd to do to confirm changes from bot? I'm wondering if unit an integration test is not enough. I'm just started to explore this repository, thats why I'm not sure.
Remove
dependabout.yml
from./github
.