Even after 041ada3969b5cb62ee70063186822a0614ad5d15 which changed the schedule from daily -> weekly it's still a fair amount of noise that dependabot creates with its PRs. Realistically though there aren't that many relevant changes in the dependencies that we should any more time than necessary to evaluate, so having a monthly scan should suffice. In case there's a vulnerability found there's a separate process path for dependabot in which it'll open a PR once a fix is available, so we'd really not miss out on anything, quite the opposite, it should give us a nice long quiet period with no potential stability issues/breakages.
Even after 041ada3969b5cb62ee70063186822a0614ad5d15 which changed the schedule from daily -> weekly it's still a fair amount of noise that dependabot creates with its PRs. Realistically though there aren't that many relevant changes in the dependencies that we should any more time than necessary to evaluate, so having a monthly scan should suffice. In case there's a vulnerability found there's a separate process path for dependabot in which it'll open a PR once a fix is available, so we'd really not miss out on anything, quite the opposite, it should give us a nice long quiet period with no potential stability issues/breakages.