Note
Automated dependency updates
Keep dependency updates automated so they stay small, safe, and manageable.
Dependabot is the kind of default that keeps dependency work manageable. Manual updates do not stay pleasant for long, and once they pile up they are easier to ignore, harder to review, and more likely to turn into security issues or painful migrations.
The practical rule is to keep dependency updates routine instead of episodic. Automation handles the churn before it turns into a backlog, which keeps the work small enough to review and ship without making it a project of its own.
Automation keeps dependency churn routine instead of episodic, which is the point of Minimal process: use the lightest system that still keeps the work moving.