Versioning Strategy Addition for Dependabot?

[one2code]

I've been thinking about making an update to add a versioning strategy for the Dependabot. It would be "widen", which would be the equivalent of using ~ to prefix a version for a dependency in a package.json file. Thoughts?

[one2code]

@DaleOrders What do you think about this strategy? Might make it easier to maintain things during the initial build-out phase, since Dependabot will be pulling a lot of PR's if left on auto. And the challenge with that, is avoiding merge conflicts. I suppose we should also discuss a merge strategy with Dependabot too. Rebase Dependabot PR's to main? That is the current recommend practice at the moment. What is your experience with Dependabot PR's? I can discuss with my civic tech brigade what their current practice is with Dependabot PR's, since they have to manage a lot of merge's into the code base from Dependabot.

[0916dhkim]

It looks like there is an option to limit the number of PRs by dependabot. How about using that?
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
I think increase versioning strategy makes sense.