A smarter, quieter Dependabot

Dependabot, a tool used for keeping repositories' dependencies up-to-date and addressing vulnerabilities, generated over 75 million pull requests in 2022 and is now being improved to reduce noise by becoming more selective in its activity based on user interaction. The new updates include halting pull request creation on inactive repositories where Dependabot pull requests have been untouched for 90 days, although alerts and manually requested pull requests remain unaffected. This change, which also stops automatic rebasing after 30 days of inactivity, will be gradually rolled out through January 2023 across individual and organization-owned repositories, extending to GitHub Enterprise Cloud and Server customers. The updates aim to enhance efficiency, particularly for self-hosted GitHub Actions runners, and continue to evolve based on user feedback to make alerts and requests more relevant. Dependabot will notify users of its status via banners and offers a simple reactivation process through various actions, including merging or closing a pull request or updating configuration files.