I've been trusting dependabot more and more and nore I'm using Anthony Shaw's (@tonybaloney@fosstodon.org) Dependabot-bot.

Of course I'm not suggesting that you blindly merge PRs but I'm also being honest that without maintainers, lots of folks are doing this anyway.

Also as a contingency I'm only autoapproving the updates from the main dependencies and not their dependencies.

Also not auto publishing releases and all releases are tested before a publish will go through.

on 2024-06-21 08:00:00-08:00