Dependabot spamming workflow runs

[jaraco]

Sometime recently, I've started seeing the actions page spammed by dependabot runs about pip in /.:

This noise is impeding my ability to track the history of actual changes.

I see it was enabled in #50. @KOLANICH can you investigate and advise on a workaround? If this noise can't be suppressed, I'll need to disable dependabot.

[bswck]

@jaraco We could as well change the interval to monthly, wdyt?

[bswck]

Here's the config I am using:
https://github.com/bswck/autohelper/blob/14a5ac159fcce98da99cd7a37f878ca881c7d428/.github/dependabot.yml

• It suggests updates in batches, e.g.: Bump the main group across 1 directory with 3 updates bswck/configzen#64
• It doesn't clutter workflow runs, as it only runs monthly
• You can filter to only accept production-dependency updates

I can open a PR if you're interested.

[jaraco]

Here's the config I am using: https://github.com/bswck/autohelper/blob/14a5ac159fcce98da99cd7a37f878ca881c7d428/.github/dependabot.yml

...
I can open a PR if you're interested.

That all sound suitable. Happy to accept it.

To be sure, the value I've gotten from dependabot has been net negative. I don't get a lot of PRs from dependabot, but the PRs it does make are more often incorrect than correct. That is, it breaks the build or makes assumptions that conflict with my intention. I may have merged a PR from dependabot, but I can't recall a specific instance.

I've previously accepted the PR because others seem to be deriving value from it, but I'm personally better off without it, and it's one less piece of boilerplate and debt surface to manage.

That said, this project isn't about me but about creating a healthy ecosystem, so send the PR and assuming it's minimally disruptive, we can keep it.