Today is the day I murder Dependabot

Dear Github, please stop showing unrelated Dependabot alerts :|

Please share your thoughts on Dependabot security alerts on Github, more specifically for NPM packages in package-lock.json.

In 99% of cases I've found them useless as:
- package-lock.json is in the repo, but not in the NPM package (=no value to users)
- most of the updates relate to devDependencies (=no value to users)
- it clutters the git history (and changelog if it is auto-generated) with a batch of patch updates (updated depx to .1, .2, .3) while the only important thing in the next release notes is the delta (updated depx from .1 to .3) (=no value to users)

dependabot keeps trying to destroy my working code

GitHub, your Copilot sucks, and so does Dependabot!

Dependabot opened 3 pull requests;
merging the first one caused conflicts in package.json and package-lock.json that must be resolved;
while trying to investigate further, the second pull request got closed as it suddenly seemed obsolete.
Dependabot: "Looks like these dependencies are no longer updatable, so this is no longer needed."

This kind of service generates so much noise and irrelevant alerts, it comes out of nowhere and there is no way to get rid of those bots once they invaded a repository. And they are so useless. A simple `npm outdated && npm upgrade` would have done better in 99% of the cases.

GitHub, your Copilot sucks, and so does Dependabot!

Ah, dependabot, you annoying little gimp.

dependabot must have been created with the best intentions

GitHub: "This branch has conflicts that must be resolved" stop bugging me with your @dependabot bullshit!