From 950073d87aabd664867e032a6edce9060d618b7e Mon Sep 17 00:00:00 2001
From: serversidehannes <hangus1995@gmail.com>
Date: Fri, 29 May 2026 12:29:46 +0200
Subject: [PATCH] ci: group Dependabot security updates into one PR

Security updates ignore version-update groups and open one PR per
advisory (idna, urllib3, python-multipart). Add an applies-to:
security-updates catch-all group per ecosystem so they collapse into a
single security PR, separate from the version-update group.
---
 .github/dependabot.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index eeab889..50e541f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,6 +7,11 @@ updates:
     open-pull-requests-limit: 10
     groups:
       all-dependencies:
+        applies-to: version-updates
+        patterns:
+          - "*"
+      security:
+        applies-to: security-updates
         patterns:
           - "*"
 
@@ -17,5 +22,10 @@ updates:
     open-pull-requests-limit: 10
     groups:
       docker:
+        applies-to: version-updates
+        patterns:
+          - "*"
+      docker-security:
+        applies-to: security-updates
         patterns:
           - "*"