What's the alternative to this functionality? It serves a useful purpose. Is there a way to achieve the same goal less noisily? Perhaps we run it less often or have it bundle all changes for a period into a single PR (not sure it can), or something else?

Why do we need this functionality?

It keeps us from using dependencies that have vulnerabilities patched in later versions or that have passed their end of life maintenance status. Probably gets us bug fixes as well.

There's a trade off between bug fixes and PR noise. You may be surprised by how few bugs dependabot solves. But, the trade off is difficult to quantify. Since it primarily updates FE dependencies, I think the resolution is best left to someone on our FE team.

I haven't seen evidence that this causes problems. Maybe we can roll all the changes into a different branch:

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#target-branch

I'd want that branch to have a datestamp in its name, and I don't see a way to request merging that branch. I'm sure someone out there has scripts to do stuff like this.

I removed labels from dependabot here: #2110. This should help make it less visually spammy.

I agree with Ketan that dependabot is useful for vulnerabilities. This is a won't fix for now!