“Dependabot is a noise machine. It makes you feel like you’re doing work, but you’re actually discouraging more useful work.”
Security theater is worse than no security. Drowning developers in false positives trains them to ignore all alerts. Filippo is right and this is worth reading before you turn it back on.