dependabot automatic PRs whenever a dependency gets a new release, and specially when it is a security one, are nice and handy
I did not finish removing all the PRs that it created, there are ~50 or so left for anyway wishing to do a few clicks, I already removed +250 of them only on the
Not to bring stop energy to start using more
requirements.txt to pin dependencies, which I'm a huge fan of, but specially for add-ons, I would rather suggest to try to keep version pins at a minimal, or share it across multiple repositories (there is this plone testing repository to get configurations right? can't remember the name ).
Maybe there is a way to tell
dependabot to stop bothering to create PRs for small version bumps
Ideas on how to improve the situation, so that in half a year someone (me?) has to close again +200 PRs?