From 54365cbe3c603d838a4de5f5c76a03c1a6c85366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20V=C3=A1squez?= Date: Thu, 25 Jun 2026 13:42:56 -0600 Subject: [PATCH] Run Dependabot weekly and group minor/patch updates Switch bundler and github-actions updates from daily to weekly (Mondays), and group minor + patch bumps into a single PR per ecosystem. Major bumps still open as individual PRs for deliberate review. Lower the concurrent open-PR limit from 10 to 5. --- .github/dependabot.yml | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f0527e6..d7497c8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,26 @@ version: 2 updates: -- package-ecosystem: bundler - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 + - package-ecosystem: bundler + directory: "/" + schedule: + interval: weekly + day: monday + open-pull-requests-limit: 5 + groups: + # Bundle all minor + patch gem updates into a single weekly PR. + # Major bumps still open as individual PRs for deliberate review. + ruby-minor-and-patch: + update-types: + - minor + - patch + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + day: monday + open-pull-requests-limit: 5 + groups: + github-actions: + update-types: + - minor + - patch