Dependency Bot Behavior Update
Overview
We use dependency bot for updates, but recently it has exhibited some strange behaviors.
The primary cause for concern is that it updates merge requests constantly after it opens them, which it did not use to do, and this is causing failing pipelines and disrupting reviews.
Definition of Done
- Identify the behavior we want from one of the following paths
- open merge request and leave it alone
- open issue and assign to milestone
- open merge request and add comments when updates come in that can be addressed by the reviewer
Additionally, we had talked once about changing the dependency bot behavior to assign items into the general queue versus direct assignment to maintainers for better throughput.