I can’t find any way to restrict who’s comments DependaBot listens to in PR - am I missing something or is that not configurable?
It feels a bit wonky if anybody may trigger a merge in a public repo just by commenting?
I’d consider posting in one of three places:
GitHub/feedback w/ the dependabot label:
Specifically noting that there’s a
reviewers field but no indication as to whether using it would block non reviewers from talking to the bot: