Group Renovatebot or Dependabot Updates

One of the things that has bugged me for a long time is that dependabot would make updated recomendations and create PRs but often when it ran, it created several. While I appreciate what it is trying to accomplish, I feel that it could have better coordination.
That is, until I sought out the answer, only to find it was in the docs all along.

Dependabot

GitHub Dependabot is a feature that automatically creates pull requests to update dependencies in your projects. It supports a wide range of package managers and languages, analyzing your project's configuration files to identify outdated libraries, security vulnerabilities, and new versions with potential improvements. By automating this process, Dependabot significantly reduces the risk of using vulnerable software and frees up developers to focus on other tasks. It offers customizable settings to control the frequency of updates and the types of updates it suggests, allowing for tailored security and maintenance practices depending on project needs and risk tolerance. Ultimately, Dependabot improves software security and maintainability through efficient and automated dependency management.

Your typical dependabot.yml would have something like this:

updates: 
  - package-ecosystem: "npm" 
    directory: "/" 
    schedule: 
      interval: "daily"

To group those together, we create, you guessed it, a group defining a pattern.

updates: 
  - package-ecosystem: "npm" 
    directory: "/" 
    schedule: 
      interval: "daily"
    groups:
      dev-dependencies:
        patterns:
          - "*"

Now, when the daily check runs, Dependabot will group them into a single PR and then run it's verifications.

Renovatebot

RenovateBot is an automated tool that helps maintain software projects by automatically updating dependencies. It analyzes a project's configuration files (like package.json, requirements.txt, or composer.json) to identify outdated dependencies and then creates pull requests with the necessary updates. This significantly reduces the manual effort required for keeping projects up-to-date, minimizing security vulnerabilities and leveraging the latest features and bug fixes. RenovateBot supports a wide range of package managers and version control systems, making it a versatile solution for various projects and workflows. Its customizable settings allow for fine-grained control over update frequency, branch naming conventions, and other aspects of the process.

The process for Renovate is similar, but utilizing json configuration files.

In our configuration file for renovate bot,

{
  "packageRules": [
    {
      "matchPackagePatterns": ["*"],
      "matchUpdateTypes": ["minor", "patch"],
      "groupName": "all non-major dependencies",
      "groupSlug": "all-minor-patch"
    }
  ]
}

This configuration tells Renovate to group all minor and patch updates into a single PR under the group name "all non-major dependencies" and the group slug "all-minor-patch".