From d78917a323f0248f3578fffaff66a90fc81ba7df Mon Sep 17 00:00:00 2001
From: kekkon <jonas@vdaa.website>
Date: Thu, 5 Sep 2024 16:53:45 +0200
Subject: [PATCH] Group dependabot version bump prs if they are minor or patch
 bumps (#1049)

Based on [the
docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups).

Unfortunately I can't test this, but according to the documentation
examples, this should make dependabot group all version bump PRs into a
single PR per package manager. Only major version bumps and security
issues are still raised as separate PRs.

I also removed the PR limit, since this setting probably makes more
sense than simply limiting the dependabot PRs.
---
 .github/dependabot.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8e51841..f8ad07d 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,12 +6,24 @@ updates:
   - package-ecosystem: "cargo"
     directory: "/"
     labels: ["type/deps"]
-    open-pull-requests-limit: 25
+    #open-pull-requests-limit: 25
     schedule:
       interval: "daily"
+    groups:
+      version-bumps:
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
   - package-ecosystem: "npm"
     directory: "/warpgate-web"
     labels: ["type/deps"]
-    open-pull-requests-limit: 25
+    #open-pull-requests-limit: 25
+    groups:
+      version-bumps:
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
     schedule:
       interval: "daily"