From 816f1a685515d0d690f039fa5b71efcca070ff8d Mon Sep 17 00:00:00 2001
From: Will Norris <will@willnorris.com>
Date: Mon, 30 Jun 2025 02:34:15 -0400
Subject: [PATCH] dependabot: security updates only, grouped in a single PR

---
 .github/dependabot.yml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1263ded..95b6f70 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,19 +1,31 @@
+# Open a single PR each for go modules and GitHub actions
+# for security related updates only on a weekly basis.
 version: 2
 updates:
   - package-ecosystem: gomod
     directory: "/"
     schedule:
-      interval: monthly
-    open-pull-requests-limit: 10
+      interval: weekly
+    open-pull-requests-limit: 0
     commit-message:
       prefix: "go.mod:"
     assignees:
       - willnorris
+    groups:
+      all:
+        patterns:
+          - "*"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: weekly
+    open-pull-requests-limit: 0
     commit-message:
       prefix: ".github:"
     assignees:
       - willnorris
+    groups:
+      all:
+        patterns:
+          - "*"