This morning I found to my surprise a number of emails from dependabot in my inbox.
I have made two observations based on these emails:
- Dependabot (non-preview) suddenly started working based on the already existing configuration in
.github/dependabot.yml, which contains:
version: 2 updates: - package-ecosystem: github-actions directory: "/" schedule: interval: daily open-pull-requests-limit: 10
- Suggested upgrades change from generic (rolling version) v2 to more specific v2.x.x - adding specificity.
Is the observed behaviour intended?