2 comments

[ 0.21 ms ] story [ 14.7 ms ] thread
Dependabot can be configured to e.g. update dependencies with security vulnerabilities every day and all other version updates weekly, and group them in a single pull request. That should fix the main complaint in this blog post.
> Libyear is a simple measure of dependency freshness

Ooo, that's new to me. I like the idea of quantifying this.