Group dependabot PRs (#52)

See [group docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) This PR groups all minor and patch dependency updates into a single PR. All other dependencies will be opened as separate PRs, e.g.,: security updates: >Note: If a grouped pull request for Dependabot version updates contains a vulnerable package, Dependabot security updates will still attempt to create a separate pull request to update the vulnerable package to a secure version. Creating a separate pull request for security updates ensures you have visibility into package vulnerabilities. major updates: >If a dependency doesn't belong to any group, Dependabot will continue to raise single pull requests to update the dependency to its latest version as normal. Signed-off-by: James Noss <[email protected]>
ssec-jhu · May 1, 2024 · 2243ae4 · 2243ae4
1 parent df3c2f4
commit 2243ae4
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,3 +4,11 @@ updates:
     directory: "/"
     schedule:
       interval: "monthly"
+    groups:
+      all-minor-and-patch-dependency-updates:
+        applies-to: version-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"