Hello, > * should we use Dependabot at all?
Personally I don't like it. We most often know when we should be updating stuff, and making semver-compatible bumps for the sake of making them doesn't seem very important to me. > * is our policy to ban duplicate versions by default still useful? Yes, definitely. > * what changes should we make to the policy to accommodate the use of > Dependabot? I would like it to make issues instead of PRs. Maybe in its own Github project or something like that. And only for semver-incompatible bumps. _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
