Don't open PR's for security sub-dependencies if there is an update for the parent #2082
Labels
F: noise
related to Dependabot being noisy, or initiatives to make Dependabot quieter
F: version-updates ⬆️
Issues specific to version updates
T: feature-request
Requests for new features
So we're running Drupal 8, and using Composer to manage our dependencies. Yesterday
symfony
put out a security update, which is a sub-dependency ofdrupal/core
. Drupal also put out a security update that updates thesymfony/*
dependencies.Today, Dependabot is opening PR's for each
symfony/*
sub-dependency instead of just updatingdrupal/core
which would update all of them at once.It would be ideal for Dependabot to be able to resolve the fact that updating the single parent dependency would also update all the sub-dependencies security updates.
The text was updated successfully, but these errors were encountered: