Description

We currently have Dependabot scheduled to run every Sunday. This results in numerous PRs that we frequently ignore, either because we don't have time to inspect them and don't trust the CI tests enough to merge them blindly, or that we don't want to litter the commit log with insignificant updates (we rarely make "real" changes so they would drown in all the Dependabot commits if we merge all of them).

We can reduce the frequency to e.g. every month or two. We'll still get patches for any security problems right away, and we always have the option of bumping dependencies by hand if there's anything in particular we want.

Additional Context

No response

Further links

No response