Reducing Alert Fatigue via AI-Assisted Negotiation: A Case for Dependabot

TL;DR

The paper argues that Dependabot-induced alert fatigue undermines maintainability and proposes AI-assisted negotiation as a mediator between alerts and maintainer actions. It outlines risk-aware, data-driven decision support that leverages ecosystem data and interactive interfaces to determine alert applicability while prioritizing transparency and trust. The work emphasizes the need for configurable governance, real-time data, and evaluation of AI-mediated dependency updates, aiming to reduce noise without compromising security. If realized, this approach could make pull requests from automated alerts feel as welcome as any other contribution in GitHub projects.

Abstract

The increasing complexity of software dependencies has led to the emergence of automated dependency management tools, such as Dependabot. However, these tools often overwhelm developers with a high volume of alerts and notifications, leading to alert fatigue. This paper presents a position on using Artificial Intelligence (AI) agents as dependency negotiators to reduce alert fatigue. We then examine specific use cases where AI agents can facilitate dependency negotiations, such as when working with external dependencies or managing complex, multi-component systems. Our findings highlight the need for more research on the design and evaluation of AI-driven dependency mediation mechanisms. With a focus on ensuring transparency, explainability, and human trustworthiness in these GitHub software projects, our goal is to reduce alert fatigue to an extent that maintainers no longer feel overwhelmed and welcome pull requests just like any other contribution into their projects.