Describe the bug
Dependabot is currently automatically updating not just 1.x.y releases but also 0.x.y releases which is defined to to be a bad time and in practice quite often includes breaking changes.
Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
Expected behavior
Notify but don't auto-update on anything but releases that are defined not to break their public interface to avoid a rude awakening when functionality changes in subtle ways.
Describe the bug Dependabot is currently automatically updating not just 1.x.y releases but also 0.x.y releases which is defined to to be a bad time and in practice quite often includes breaking changes.
(from https://semver.org)
Expected behavior Notify but don't auto-update on anything but releases that are defined not to break their public interface to avoid a rude awakening when functionality changes in subtle ways.