Group Python Dependabot PRs too

edmorley · edmorley · commit 8a793a0f414e · 2026-05-07T15:52:36.000+01:00
To reduce the amount of PR rebasing that has to occur each month when we update the Python package manager versions, given that they need CHANGELOG.md entries each, which otherwise cause conflicts. See: https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#groups-- GUS-W-22400243.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -33,3 +33,7 @@ updates:
     labels:
       - "dependencies"
       - "python"
+    groups:
+      # We don't limit grouping for Python to just minor/patch versions, since pip doesn't follow
+      # semver, plus having to update CHANGELOG.md means it's easier to just have a single PR.
+      python-dependencies:
