search

johanhelsing / matchbox

Painless peer-to-peer WebRTC networking for rust wasm (and native!)
Apache License 2.0
864 stars 70 forks source link

Dependabots PRs are too noisy #370

Closed johanhelsing closed 9 months ago

johanhelsing commented 9 months ago

I'm starting to think that the dependabot PRs are not necessarily that helpful. They add quite a bit of noise to the list of PRs.

I think it's good to have separate PRs for the ones that update Cargo.toml files, like #363

But for the ones that update Cargo.lock, I'd much rather have a single chore: cargo update commit taking all in one go. There are also crates that are updated that we don't get PRs for, so it seems a bit arbitrary.

Not sure if this is possible to configure with dependabot or not, just airing my thoughs.

simbleau commented 9 months ago

You could change the dependabot PR cadence from weekly to monthly or longer.

johanhelsing commented 9 months ago

Seems it's possible to group patch level updates into one PR, which i think is what i want: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups