This guy calls it out here, but I will say that the notifications page on github could do with a redesign. If you're in a busy org for your job, it's not easy to see everything in the org (they limit showing number of notifications per repo), and the volume of notifications from your job org will cover up anything in your personal/following repos.<p>Sure you could unfollow work repos you aren't interested in, but you're automatically following any new ones.
An alternative is to automatically merge dependency changes which pass the tests. Then there's no need for any intervention unless something needs your attention, just dismiss the notification.<p>We do this at PRQL, with: <a href="https://github.com/PRQL/prql/blob/12b1bb65afd5b67f34b98d0ac140c6cd0d5c4f8b/.github/workflows/pull-request-target.yaml#L71-L102">https://github.com/PRQL/prql/blob/12b1bb65afd5b67f34b98d0ac1...</a>
You get to choose either the mind-numbing churn of constant updates, the risk of updates piling up and becoming unmanageable, or shipping software with vulnerabilities. None of these options sounds fun.
I really wish there was a step before opening a PR, like a page with a list of what's out of date that let's you click a button to open a PR for one or more dependency updates.