I’ve been using the newly included GitHub Actions in an app and loving it; having an out-of-the-box config saved me from having to copy and paste something together. Thanks!!
The default dependabot.yml config uses a “daily” interview to suggest changes.
Is “weekly” a better default interval?
Over the past ~2 weeks my bare-bones rails app has had 5 dependabot updates from turbo-rails and selenium-webdriver. It looks like these packages tend to ship point releases/version updates quickly, with x.x.1 coming out and quickly patching a critical bug the following day in x.x.2.
This daily frequency starts to make me nose blind to updates, I’m much more likely to review them in a timely fashion if I know I’m unlikely to get another one tomorrow (unless it’s a security update).
~Brian M
