https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
Comment From: spencergibb
The boot team uses https://github.com/spring-io/bomr
Comment From: wilkinsona
Thanks for the proposal. We already have our own tooling for keeping dependencies up-to-date that is better suited to our needs. Among other things, it allows us to configure an upgrade policy for each branch. For example, we only want to pick up dependencies’ maintenance releases in our maintenance branches.