Link:
https://dependabot.comA friend and I have spent the last couple of months building Dependabot. We want to make it as useful as possible, so we'd love any feedback - does this match your ideal flow for keeping dependencies up-to-date? If not, what would you like to see us do differently?
Things we'd particularly like guidance on are:
- Is one PR per dependency update the right choice? They're easier to review/merge, but it's nosier than submitting a PR with multiple updates.
- What should we do about sub-dependencies (dependencies of your dependencies)?
- Is the "compatibility score" useful? Is there a way you'd rather see this information? (https://dependabot.com/compatibility-score)
- What additional languages would you like to see?
Any feedback very gratefully received!
