I’m trying to see how active a project is, but dependabot spam makes it annoying to find actual commits and to know if those commits are relevant.
There’s no need for me to know chai was updated from 5.1.1 to 5.1.2, I want to see what were the most recent actual features implemented.
BTW I hope any project won’t increase the Z version only by including Dependabot commits, it would be insane. Release must be documented, tested, with CHANGELOG updated. If some maintainers just accept Dependabot commits without checking, move away. That’s just simple crappy auto-merge.