Agreeing with the dependabot's PR notification noise. Though I am not sure if addressing this at the infrastructure is the right thing to do. So far I am having a pleasant ride by extending my existing filtering with an extra `dependabot[bot]` predicate on the subject.
Even though I am not inclined to, we can add `github.dependabot_updates: false` to `.asf.yml` <https://cwiki.apache.org/confluence/display/INFRA/Git+-+.asf.yaml+features#Git.asf.yamlfeatures-DependabotAlertsandUpdates>, if that is what the rest wants. Let me also state that I don't have this problem in projects where dependabot PRs are merged automatically, e.g., `log4j-tools`. PR comes in, `verify` succeeds, PR gets merged, and I see this beautiful interaction in my inbox. This simply puts a smile on my face, or when `verify` fails, a frowning look to check what went wrong. On Wed, Feb 1, 2023 at 10:21 PM Matt Sicker <m...@musigma.org> wrote: > I like to follow the notifications lists because that’s where I can see > code changes committed, PRs opened, issues opened, etc. However, Dependabot > spam makes it nearly impossible to find. There was a recent update to the > .asf.yaml config features that allow customizing where Dependabot shit > goes. I propose we create another list (which I won’t subscribe to) for > Dependabot-related notifications.
