Dependabot-friendly workflow

[macie]

Hi,
I am using dependabot to minimize chances of being a victim of supply-chain attack. It works like this: when a new version appears (e.g. GitHub Action used by my project), dependabot creates PR with links to history of changes since the currently used version of dependency.

In case of vmactions/openbsd-vm, PR looks like:

Bumps vmactions/openbsd-vm from 1.0.2 to 1.0.4.

Release notes

Sourced from vmactions/openbsd-vm's releases.

minor fix

Add waitForVMReady

Commits

• c69c6aa Generated from https://github.com/vmactions/base-vm
• 230c2d8 Update version to v1.0.3
• 1d192d5 minor
• 38b25e6 Generated from https://github.com/vmactions/base-vm
• b512e5e Generated from https://github.com/vmactions/base-vm
• a036405 Update version to v1.0.3
• dd07fb5 Generated from https://github.com/vmactions/base-vm
• dbb9890 update
• 21292af Generated from https://github.com/vmactions/base-vm
• 2860a6f Update version to v1.0.3
• Additional commits viewable in compare view

Due to automatic commits, it's labor-intensive to check them one-by-one. As a workaround, I'm using Files changed tab in compare view (the last link above), but this way I see only one diff with all commits combined.

Could you consider changes to your workflow, to make easier life for users interesting in history changes? I have few ideas:

• use conventional commits - message prefixes draws the reader attention to most important commits
• manually edit release notes with info about major changes - users will be less prone to overlook changes in usage instructions (like in process bash failed #13)
• work inside branches and move changes to default branch as a one squashed commit - but this will probably significantly change your current workflow.

[neilpang]

fixed. please check in the next release then.

Thanks